How can we protect the vulnerable online?

Recently the company I work for was asked to pitch for creation of a forum targetted at children as part of a website solution.

I think that at least we should reccommend

  • Human moderation by a trained individual to protect these kids
  • Code alarm / suspicious analysis into the forum

How has anyone else tackled this and what Ideas do other people have on this?

-------------Problems Reply------------

It's not an online forum, but they do discuss some of the things they had to deal with to provide a safe environment for children. Check out the post-mortem of the game team that developed Disney's toontown: http://www.gamasutra.com/view/feature/2027/postmortem_disney_onlines_.php

Think of "online" as being "a crowded place, that contains strangers". Some of the solutions will be the same, others won't work.

For instance, at a child care business at a mall you can require parents to check children in, and the same parents to check them out. This type of thinking will sometimes lead to realization that part of security has to be in the parents hands: you can't "confine" children in an online system, so protecting them from going to the rest of the internet has to be their parents job.

But the idea that every child has a responsible adult is probably a very good one.

Live moderators are probably your best bet. Disney's Toontown actually ran into quite a few privacy/security problems when they missed that kids are often rather clever.

Although I don't know if it's still in there, there used to be a function where you had an "apartment" you could fill with "furniture," SIMS-style, and then display to other players.

So, players intent on subverting the controlled communication would spell out letters in furniture one at a time until a screen name for an uncontrolled chat was communicated. Allegedly, even after that was discovered there was still a system of displaying pictures that worked just as well.

To summarize, you can't cover all the bases. The best you can do is cover the careless and inept, and try to stay heads-up on strange behavior that could indicate somethings up. So if you have to do a "kids forum," I would definitely go with moderators.

Category:security Views:0 Time:2008-12-13
Tags: security

Related post

  • MySQL injection protection and vulnerability signs using PHP 2009-02-13

    What are the best ways to protect from MySQL injection? What are weaknesses I should look out for? I know what it is, but I really have no idea how vulnerable I might be. Though I have taken (what I think to be) steps toward protecting myself and my

  • Help with SSL Vulnerability (Mixed Content)? 2010-07-19

    Hey guys I have my own webserver that is hosting a website that I recently installed/setup a self-signed SSL cert. Securing the website seemed to go fine, but in firefox and IE I sometimes get pop up boxes that say something along the lines of "There

  • Which are the best php functions to protect the input from sql Injection and how to use them? 2011-09-07

    Possible Duplicate: Best way to stop SQL Injection in PHP MySQL injection protection and vulnerability signs using PHP Hey i asked a question about my code if its vulnerable to sql injection The code was this : $searchData = $_POST['searchData']; $se

  • security essentials says it runs rarely, I know it runs weekly, it also says I am vulnerable to virusus! 2013-07-08

    Today, 8-18-2013 my Microsoft security essentials said my virus protection was vulnerable and I should run a scan. Well I did ,first a quick scan then I I installed the latest version of Microsoft essentials. It still continued to stay orange, not gr

  • Is it safe to put database file in htdocs? 2009-05-30

    Gudeve, Can you recommend me a directory in my web server where I should put sensitive files? My htdocs is arranged like this: XAMPP/htdocs/NewsFeed The NewsFeed directory have index.php. The index.php file's function is to connect to a database. Now

  • Will a 302 redirect maintain the referer string? 2010-01-28

    I need to redirect the user from one page to another, but I need to maintain the original referer string. So, for example, if they start out on http://www.othersite.com/pageA.jsp, click a link that takes them to http://www.mysite.com/pageB.jsp, which

  • How do I secure an Android app to a device? 2012-03-06

    For an industrial application which is installed and shipped on Android devices, I want to secure the app against unauthorized copying to other devices. My understanding is that there are numerous applications (some running on Android devices and som

  • IE 10 Manage Add On 2012-08-30

    I have Norton's: Toolbar, Identity Protection and Vulnerability Protection. The last 2 stay Enabled but the Toolbar will not stay enabled for more than a few minutes. I have to enable it again when I need it. How do I get Norton Toolbar to stay enabl

  • norton or microsoft security? 2012-12-29

    I've installed norton360. But I don't know which is more secure for me? Norton or microsoft security? I usually spend 4-5 hours/day online and need to strong internet security? Mohammad --------------Solutions------------- Look at this report: http:/

  • I am infected with adware or malware and my pages are being redirected 2013-05-28

    Original Title: Malware and adware I am infected with adware or malware and my pages are being redirected --------------Solutions------------- You may also try to run full scan with: http://onecare.live.com/site/en-us/default.htm I am infected with a

  • IE 10 not closing Tab after a program finishes. 2013-08-27

    I first noticed/paid attention to this problem yesterday. Used IE 10 to navigate to reputable website and ran a program. After the program terminated, the window was still there with the spinning circle displayed. I couldn't close the ghost tab, but

  • Forgotten Password, how do I log in? 2013-11-06

    I cannot possibly be the only idiot in the world who has pass-worded his computer only to have forgotten it too soon thereafter. What I cannot understand, with my few remaining functioning brain cells, is how I go about getting to my data so safely p

  • Protection from Format String Vulnerability 2008-12-30

    What exactly is a "Format String Vulnerability" in a Windows System, how does it work, and how can I protect against it? --------------Solutions------------- In this pseudo code the user enters some characters to be printed, like "hello" string s=get

  • bing disables Norton vulnerability protection 2012-12-07

    bing constantly reconfigures my Norton security settings Every. <Removed for TOU/COC Violation>. Time! happening ever since you launched IE11 for W7 last three months bing displays SPOOFED search results!!! two attacks were blocked by Norton an

  • norton vulnerability protection & internet explorer 9 2014-03-30

    should i enable norton vulnerability protection in internet explorer --------------Solutions------------- To be perfectly honest you should replace norton with this freebie from microsoft, http://windows.microsoft.com/en-US/windows/products/security-

  • Nvidia Information Disclosure / Memory Vulnerability on Linux and General OS Memory Protection 2011-01-20

    I thought this was expected behavior? From: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm Paraphrased summary: "Working on the Linux port we found that cudaHostAlloc/cuMemHostAlloc CUDA API calls ret

  • Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service 2012-12-27

    https://technet.microsoft.com/library/security/2974294 The vulnerabilty (CVE-2014-2779) affects all Microsoft consumer security products (Microsoft Security Essentials, Windows Defender and Malicious Software Removal Tool) with antimalware engine ver

  • Is exposing a session's CSRF-protection token safe? 2008-09-27

    Django comes with CSRF protection middleware, which generates a unique per-session token for use in forms. It scans all incoming POST requests for the correct token, and rejects the request if the token is missing or invalid. I'd like to use AJAX for

  • Classic ASP SQL Injection Protection 2008-09-29

    What is a strong way to protect against sql injection for a classic asp app? FYI I am using it with an access DB. (I didnt write the app) --------------Solutions------------- Stored Procedures and/or prepared statements: http://stackoverflow.com/ques

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.199 (s). 11 q(s)