ernest staats edmodo -- cs3392 technology director ms information assurance, cissp, ceh, cwna,...
TRANSCRIPT
Ernest Staats EDMODO -- CS3392Technology DirectorMS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ [email protected]
MOBILE: BRING YOUR OWN
DEVICE (BYOD) NETWORK AND
SECURITY ISSUES
Resources available @www.es-es.net/2.html
WHY THE BUZZ? MOBILE AND BYODThe rise of mobility and the marginalization of the PC
Sales of smartphones and tablets skyrocket
Mobile devices are faster, Cheaper can possibly be provided by students thus reducing the IT cost…. what is the impact on the network
Always with you, always on, convenience
Less to break or fix
1. USA Today, “Moves by HP, Google further marginalize the traditional PC.” Jon Swartz. 9/6/2011.
CONSUMERIZATION IMPACT
Blurring of professional/School and private life
One device that serves both needs
How do you address the multitude of devices?
iPhone, Androids, Blackberry, Windows, etc.
Now multiple tablets
Netbook/Ultrabooks
Cloud Security implications
What are consumers expectations of network speed and access
HOW WILL MOBILE/BYOD BE USED?
50% of the mobile internet traffic in the UK is for Facebook…
Facebook tops Google for weekly traffic in the U.S.
Generation Y and Z consider email passé…
some universities have stopped distributing email accounts
1 in 5 couples meet online
1 in 5 divorces are blamed on Facebook
Kindergartners are learning on iPads, not chalkboards
SOCIAL NETWORKING STATISTICS
• Facebook: 600 billion page views/month
• MySpace: 24 billion page views/month
• Twitter: 4.4 billion page views/month
• 86% of students ages 12 to 17 who have access to the Internet use social networking sites
• 62% use it on a daily basis (© 2011 Cable News Network7)
WHERE TO START -- MOBILE/BYOD
•Device consistency--It is usually impossible to issue each user exactly the same type of mobile device
•Make sure that users are aware of mobile device policies--There is a lot of potential for abuse when it comes to mobile devices
•Take security seriously— Anti
•Decide whether to allow personal devices
•Plan to deal with lost devices—and breakage issues
•Periodically measure the impact of mobile devices on your network—bandwidth and network resources
•Make sure that the IT staff is trained for mobile device support
WHAT DOES YOUR MOBILE PHONE KNOW?
Text messages, even deleted ones
Words in your personal dictionary
Facebook contacts
Tens of thousands of location pings
Every website ever visited
What locations you have mapped
Emails going back a month
Your photos with geolocation data attached – even if deleted
How many times you have checked your email
Any application ever installed on your device
http://www.theatlantic.com/technology/archive/2011/04/what-does-your-phone-know-about-you-more-than-you-think/237786/
GEO TAGGING GEO TAGGING August of 2010, Adam Savage, of “MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work.”
The image contained metadata reveling the exact geographical location the photo. Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work.
Read the full story here: http://nyti.ms/917hRh
META DATA IMAGES DEMO
•Go to
•Jeffrey's Exif Viewer http://regex.info/exif.cgi
•Photo 1photo.JPG
•Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo
TURN OFF GPS FUNCTION ON TURN OFF GPS FUNCTION ON PHONESPHONES
ISSUES IN BYOD AND MOBILE ENVIRONMENTS • Does your AUP include Mobile devices
• Wireless Capacity vs. Coverage
• Where to start when securing mobile devices
• Who is responsible for device security the student, parent, or school?
• What security do mobile devices need?
• What are the policy issues to be considered?
• How can safe and protected internet access be ensured?
• How network loads can be predicted and what can be done to control the network demand / load?
• What security tools are available for smart phones, tablet devices and so on?
• What can be or should be installed on student owned devices?
• What are other risks to be considered?
ACCEPTABLE USE POLICY IS KEY
• When using a mobile devices to access the Internet students are required to connect using the K-12 Public network
• Mobile devices need to be on vibrate
• Set standards of security: Pin or Password to access device
• Mobile devices need to be in pockets or backpacks until it is time to use them
• Mobile devices can only be used in class for academic/learning purposes
• Any activity conducted on mobile devices in class cannot be published without permission of teacher and/or students who are involved in the text/image/video/audio file
• Students will use appropriate mobile device etiquette by respecting the privacy of other's device numbers and using appropriate language with their mobile communication.
https://schoolweb.dysart.org/EdTech/Content.aspx?conID=479
On Edmodo Acceptable Use Policies Web 20 Mobile Era.pdf
WIFI COVERAGE VS. CAPACITY
Client Type # of Clients per /AP Examples
Data 20-30 Laptops, tablet PC’s, Mobile Carts,
Voice 10-15 Wireless VoIP Phones, Nurse Badges
Coverage or Capacity— Making the best use of 802.11 N Deploying High Capacity WIFI PDFs On Edmodo
Coverage does not grantee access especially with mobile devices Drop your Radios strength & add more AP’sDirectional vs. Omni antennas
HACKING IS NOW SO EASY A CHIMP CAN DO IT
Software demonstrated -- Use entirely at your own risk and get Permission first
Ernest is not responsible for any subsequent loss or damage whatsoever!
This knowledge is intended to be used responsibly so we can
provide academic environments that are secure, safe and accessible
HACKING FOR THE MASSES Anti app-- Finds open networks and shows all potential target devices. The app offers up a simple menu with commands like "Man-In-The-Middle" to eavesdrop on local devices, or even "Attack";
Put student mobile devices on a separate VLAN with strict policy's in place (ACL’s
WIFI BEST PRACTICES •Use a WIDS solution to monitor for rogue APs in both the 2.4 GHz and 5 GHz spectrum bands.
•Periodically monitor for rogue APs in both the 2.4 GHz and 5 GHz spectrum bands by using a handheld monitor in areas where there is little or no wireless coverage.
•Use auditing techniques on the wired network to discover intruders on the wireless network. For example, accept Dynamic Host Control Protocol (DHCP) requests only from authorized network devices.
•This technique will block rogue APs from receiving an IP address and alert the network manager to potential intruders.
•Train employees not to connect to any ad hoc WLANs.v
WIFI BEST PRACTICES II
•If 802.1X is deployed for the wired network, use 802.1X with EAP to provide mutual authentication of users and authentication servers.
•School’s should use one of the following EAP types: TLS, TTLS, PEAP or FAST. Note that EAP-TLS requires certificates on both the supplicant and the authentication server.
•If 802.1X is not deployed for the wired network, use IPsec or SSL (if supported by school applications) to provide mutual authentication of users and authentication servers.
•Authenticate guests through a captive portal webpage and monitor usage.
NETWORK MANAGEMENT •Modify the default SSID to an enterprise-specific name.
•Use a controller-based WLAN system instead of autonomous APs. A WLAN system provides a management focal point and reduces the number of attack points in the network.
•Improve access to WLAN hardware using strong passwords. Change passwords periodically.
•Disable wireless-side management access to wireless APs and controllers.
•Frequently monitor vendor software updates and promptly apply patches that improve network security.
•Use (SNMP) v3, Secure Shell (SSH), and SSL
•Restrict wired-side AP/controller access to certain IP addresses, subnets or VLANs.
TABLET BEST PRACTICES •· Device lock: enable native device authentication (PIN, password, pattern)
•· Anti-theft measures: Many tablets support remote lock or data wipe … use of tablet "find me" services can also raise privacy concerns.
•· Over-the-air encryption: All tablets can secure Web and email with SSL/TLS, Wi-Fi with WPA2, and corporate data with mobile VPN clients.
•· Stored data protection: Hardware and mobile OS support for stored data encryption varies.
•· Mobile application controls: Many downloaded apps require access to sensitive data and features, understand what apps have control to what data (Block iTunes on VPN)
•· Anti-malware: Tablets are not shipped with on-board anti-virus, anti-spam, intrusion detection, or firewall apps.
•· Device management: For visibility, policy configuration, app provisioning, schools can centrally manage tablets, no matter who owns them.
BEST PRACTICE FOR SCHOOL OWNED DEVICES •Enforce strong passwords for mobile device access and network access. Automatically lock out access to the mobile device after a predetermined number of incorrect passwords (typically five or more).
•Perform a remote wipe (e.g., reset the device back to factory defaults) when a mobile device is lost, stolen, sold, or sent to a third party for repair.
•Perform a periodic audit of security configuration and policy adherence. Ensure that mobile device settings have not been accidentally or deliberately modified.
•Encrypt local storage, including internal and external memory (e.g., secure digital cards).
•Enforce the use of virtual private network (VPN) connections between the mobile device and enterprise servers.
•Enforce the same wireless security policies for laptops and smartphones.
•Perform regular backup and recovery of confidential data stored on mobile devices.
•Perform centralized configuration and software upgrades "over the air" rather than relying on the user to connect the device to a laptop/PC for local synchronization.
MOBILE SECURITY MANAGEMENT•User authentication: How will you authenticate users before granting access to mobile devices? Some MDMs can be integrated with enterprise directories while addressing mobile needs like network-disconnected authentication.•Password policy enforcement: How many login attempts will you allow before requiring reset? Can emergency calls bypass authentication? Many MDM agents can enforce these and other password policies that go beyond OS-provided PINs.•Remote device wipe: Do you need the ability to wipe clean a remote mobile device? For example, an MDM can often delete data or hard-reset a lost smartphone on next server connect or upon receipt of an SMS "kill pill."•White/black lists: An MDM involved in software management may require certain business applications and ban other applications. Similarly, an MDM that controls device settings can help you disable risky interfaces and wireless options.•Secure communication: How will sensitive MDM traffic (e.g., configuration changes, software packages) be protected? Some MDMs provide their own secure channels rather than relying on OS or third-party protocols.
MOBILE SOFTWARE DISTRIBUTION•Software packages: How will you bundle related applications for purposes of configuration and delivery? MDMs can help you define and deploy those packages, helping to resolve platform, memory, and application dependencies.
•Package distribution: Do you want software to be pushed to devices (on schedule) or pulled by periodic device polls? Push can propagate updates faster but requires more frequent communication that drains handheld battery life.
•Mobile optimizations: Must your strategy accommodate unreliable or limited WANs? Some MDMs offer compression, incremental updates, and bandwidth management (attempting or resuming installation only over fast, low-cost links).
•Change control: How often will your mobile applications need patching or update? Define how deployed packages will be maintained so that changes are applied without resulting in user pain or weeks of effort to fix failed updates.
SECURITY ISSUES• Inherent trust. “It’s MY PHONE.”• Portability is a benefit and a risk
• Controls if lost
• Lock/Erase? Implications of erasing personal data
• PIN security – secure or easy to do 1 handed
• What is resident in memory?
• Malware – whole new breed of malware and products• Malicious apps
• Increasing
• How do you write secure apps?
• Social engineering providers – value of OOB communication• Where did my app come from ? What is a trusted source?
DECISIONS• Issued device (simplicity, consistency & cost) vs. What Do Users Want
• Multiple device protection costs more
• What is needed for work?
• Impact of Innovation and Agility on what “need”
• Look at what OS’s need to support (OSX, Android, RIM, Windows Mobile, Symbian, WebOS)
• Asset Management issues
• Tracking
• Assuring consistency of controls
• Policy – issue X. If you want to use something else then these rules apply…
OTHER CONSIDERATIONS
• Enrollment Experience
• User self-enrollment – ease of use is critical.
• Password/PIN policy decisions
• Push capabilities turned on
• Location services always on – battery impact
• Jailbreak enforcement
• Application blacklisting?
• Encryption requirements
EDUCATION IMPLICATIONS• What is the planned education use?
• Internal apps?
• Who develops?
• Security issues
• Use of external apps?
• Same issues
• Build apps for parents?
• All above
• How to assure Quality & Security?
• Anticipate high demand
• Ease of use and convenience will create rapid adoption
• eBay example
BOTTOM LINE
Educate users
• Don’t divulge personal information.
• Only friend “real” friends.
• Stay away from the games and surveys.
• If it is too good to be true, it probably is.
• Use common sense!
Wall off apps that are unacceptable to your organization.
Use software to help secure devices.
It’s all about how this links to that links to some other thing…ANTI-SOCIAL NETWORKS
The Pentagon is asking scientists to figure out how to detectand counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook
http://tinyurl.com/3j6xuvx
FACEBOOK CONTENT & SPYING •Recently Facebook had both hardcore and gory images due to a hack…
•http://www.neowin.net/news/massive-hardcore-porn-outbreak-hits-facebook
•Facebook Visualizer --•Police can make profiles about a person such as where they would most likely go if they were in trouble, where they might hide, what friends they would turn to etc... http://www.lococitato.com/facebookvisualizer/
•Generates animated, clickable maps of the relationships between Facebook users.
•Features include profile summaries, export of networks to csv files, fast search utility and storage of complete html code and download time
•They also have products for Myspace and YouTube.
CYBERSTALKING SITES
LullarSearch for a person using email name or user name http://com.lullar.com/
Spokeo Searches lots of public Records to find information about someone http://www.spokeo.com
KnowEmClaims to check over 500 sites to see if a given user name is takenhttp://knowem.com
•Peek You old but still full of good info about someone http://www.peekyou.com
http://www.googleguide.com/advanced_operators.html
SOCIAL MEDIA SEARCH ENGINES
•Kurrently offers the ability to search both Facebook and Twitter in real time
•Who’s Talkin It searches 60 social media gateways
•Socialmention Social Media Alerts : Like Google Alerts but for social media
•Your Open Book Looks at profile status updates
GEOLOCATION TOOLS
• http://www.bing.com/maps
• http://twittermap.appspot.com
• http://www.fourwhere.com/
• http://icanstalku.com
• http://ip2geolocation.com
Cree.pyGreat tool for geolocating/tracking Twitter/Foursquare users. Not only pulls coordinates from the posts directly, but can grab them from the EXIF data in pictures they link to.http://ilektrojohn.github.com/creepy/
SCRUBBING META DATA
Software• Jpg and PNG metadata striper http://www.steelbytes.com/?mid=30 • BatchPurifier LITE
• http://www.digitalconfidence.com/downloads.html • Doc Scrubber• http://www.javacoolsoftware.com/dsdownload.html
Websites• http://regex.info/exif.cgi • http://trial.3bview.com/3BTrial/pages/clean.jsp
MOBILE PHONES PARENTAL CONTROLS
Product Comparison 2010
Risky Online Behaviors
Sending or posting provocative images
Sharing passwords with friends
Embarrassing or harassing people
Posting personal information
Clicking on pop-ups
If it is on the Internet
IT IS NOT PRIVATE
FACEBOOK SECURITY
FACEBOOK IMAGES
•275469_100001925656445_30740_n.jpg
•inurl:100001925656445
- My status, photos, and posts
- Family and relationships
- Photos and videos I’m tagged in
- Birthday
- Permission to comment on your posts
- Contact information
Share a tagged post with friends of the friend I tag
Friends Only
Anti-virus softwareFiltering programsMonitoring softwareParental supervisionParental supervision
Establish rules for your child’s online life
Let’s play your favorite online game.
What’s your favorite thing to do online?
Show me the funniest
YouTube video.
GOLDEN RULES TO TEACH
1. Rules from “real” life apply: courtesy, kindness, modesty, dignity, respect for law and others, etc.
2. Don’t talk/txt / MMS strangers
3. Keep personal information private (No cell # on FB)
4. Anything posted on the internet is not private and lasts forever (including photos, videos, etc.)
5. Communicate if you encounter something uncomfortable
5 GOOD PRIVACY DOWNLOADSGhostery is a browser extension that is available for Internet Explorer, Firefox, Chrome and Safari
Web Browsers Traces Eraser provides an easy way to clear your internet history, cookies, cached files and more.
Adblock Plus for Chrome a Chrome add-on that makes ads disappear and offers more than 40 filters
CyberGhost VPN 2011, all web traffic is routed through an anonymised web server –
iPhone Tracker is a simple Mac OS X application that maps the information that your iPhone is recording about your movements.
PROTECT YOUR PERSONAL INFO
Avoid using discount cards to pay for anything that you want to keep private
Don’t send messages on an unsecured Wi-Fi network
Mask your identity when you search• Use search tools that can disconnect your computer’s identifying machine number from the
search http://www.scroogle.org/cgi-bin/scraper.htm Virual Machines
Pick passwords carefully
Chose different usernames
Read more: http://webupon.com/web-talk/digital-exposure-you-may-not-be-as-safe-as-you-think-you-are/#ixzz1GisN2LZY
REACH PEOPLE WHERE THEY ARE
• “Let every worker in the Master's vineyard, study, plan, devise methods, to reach the people where they are.
We must do something out of the common course of things. We must arrest the attention. We must be deadly in earnest. We are on the very verge of times of trouble and perplexities that are scarcely dreamed of.” --Ev 122, 123
GOOGLE YOURSELF / YOUR KIDS
What personal information is your child placing on blogs and personal WebPages?
http://www.pipl.com
http://www.peekyou.com
http://yoname.com
www.google.com www.myfamily.com
www.zoominfo.com www.alltheweb.com www.zabasearch.com
FIND WHAT GOOGLE KNOWS ABOUT YOU
Google search strings• site:myspace.com “SSN”• site:myspace.com “birthday”• site:myspace.com “Hate my parents” 31,100 hits• site:facebook.com "phone number“• Place name in quotation marks (use variations)
• “First (Jon) Last”• Legal First (Jonathan) Last”• “First MI Last”• Use groups.google.com and google.com/alerts to look for• your child's name in newsgroups (address, phone number
and other personal information)Go to my website for a Google search tutorial
• http://www.es-es.net/2.html
PROTECTOR™ BY TASER
Cell-phone lockingSerious collision detectionReal-time GPS trackingUnsafe driving alertsGeo-fences are boundaries on a map that generate alerts when crossed.any inbound call, text, or e-mail. Anything that comes into the child's phone would actually be routed to the parent's phone."
Read more: http://news.cnet.com/8301-19518_3-10433539-238.html#ixzz1Mn6tKT00
FLEXISPY
Top of the range spyphoneMobile Call Tapping, listen to actual phone callsRemote Listening (Room bugging)Read all incoming and outgoing SMSRead all Call logsKnow the location, Location trackingSIM Change SMS Notification
MOBILE SPYFeatures
• SMS Recording• Call details
• Not voice recording• GPS Location• Log summaries• Works on practically all smart phones
Cost• $49.97 for 3 months• $69.97 for 6 months• $99.97 for 12 months
OPTIONS FOR IPHONE K9 Web Protection Browser
• Free• Trusted company
• Blue Coat Systems, Inc.• Rated 3.5 Stars on first release
• Updates follow quickly
Safe Eyes Mobile• $20.00• Trusted company
• InternetSafety.com• Rated 3 stars• Rarely Updated
MOBISTEALTHFeatures
• Works on multiple phones• The features vary by make of phone
• SMS Logging• Call recording• GPS tracking• Web Browser logging
Pricing• 12 months- Up to $200• 6 months- Up to $150• 3 months- Up to $100
http://www.mobistealth.com/products.php
GOOD RESOURCESwww.netfamilynews.org Quality and current “nonprofit news service for “kid-tech news.” Based on the premise that informal, engaged parenting is essential to kids’ constructive use of technology and the Net.”
www.pbs.org/parents/growingwithmediaProvides information on how media “can shape your child’s
development and what you can do to create a media-literate household.”
www.safekids.comProvides a “guide to making the Internet and Technology fun,
safe, and productive.”
www.besafeonline.org Advice and information about Internet safety for parents and teachers, plus opportunities to discuss problems and share solutions.
GOOD RESOURCESwww.getnetwise.org GetNetWise is a public service created by Internet industry corporations and public interest groups with the goal of having “Internet users be only one click away from the resources they need to make informed decisions about their and their family's use of the Internet.”
www.netsmartz.org Created by the National Center for Missing & Exploited Children and Boys & Girls Clubs of America, “the NetSmartz Workshop is an interactive, educational safety resource to teach kids and teens how to stay safer on the Internet.”
www.kids.us Kids.us is an Internet domain where “affiliated sites are regularly screened and monitored” so that “parents and children can trust the sites to provide educational and appropriate online fun.”
GOOD RESOURCESwww.commonsensemedia.org Provides family-friendly reviews of media (TV, film, music, Web sites, games, and books) and parent tips on “healthy media diets” for families.
www.netmom.org Run by the author of Net-mom's Internet Kids & Family Yellow Pages, a family-friendly directory to 3,500 of the best children's resources the Internet has to offer, this site highlights good sites for kids and provides safety tips for parents
COMMON CHAT TERMSPOS --Parents are looking over my shoulderPOTS -- Parents over the shoulder (my parents are watching; I can't really talk)P911 -- My parents are in the room. P = Parents, and 911 = emergency; in other words, either drop the subject or watch the languageWTGP-- Want to go private? (move to a private chat room)a/s/l or asl - - Age/Sex/Location -- (used to ask a chatter their personal information)GGOH --Gotta get outta hereOLL --Online loveGTR --Got to runTNT --'Til next timeLMIRL-- Let's meet in real life
SOFTWARE RECOMMENDATION SITESThe Safe Side – Stranger Safety Video
• http://www.thesafeside.com/ Darkness to Light – 7 Steps to Protecting Our Children
• http://www.darkness2light.org/ Cyberbully Resources
• http://www.teenangels.org/ • http://www.stopcyberbullying.org/index2.html
Google Alerts• http://www.google.com/alerts
National Center for Missing and Exploited Children• http://www.ncmec.org/
Son, Call Me Big Brother• http://wired.com/wired/archive/14.07/start.html?pg=8
Download your fav apps all at once• http://ninite.com/
Family Watchdog – National Sex Offender Search• http://www.familywatchdog.us
SOFTWARE RECOMMENDATION SITESSearch for your local FBI field office
• http://www.fbi.gov/contact/fo/fo.htm A Parent's Guide to Internet Safety
• http://www.fbi.gov/publications/pguide/pguidee.htm Kidz Privacy
• http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/adults.htm CyberTip Line, National Center for Missing and Exploited Children
• http://www.missingkids.com/cybertip/ Safe Surfing with your Family, Safe Surfing Checklist
• http://www.yahooligans.com/parents/checklist.html Safeguards, Computer safety tips for your home and child
• http://www.enough.org/safeguards.htm Tips for Parents to Protect Children from Internet Predators, Guidelines for Parents
• http://www.safekids.com/parent_guidelines.htm Kids Rules for Online Safety
• http://www.safekids.com/myrules.htm Rules in Cyberspace
• http://www.cybercrime.gov/rules/kidinternet.htm Cyberbullying
• http://cyberbully.org/ Chat Slang
• http://www.web-friend.com/help/lingo/chatslang.html NetLingo
• http://www.netlingo.com/
RESOURCESAll resources and more at my website (bottom of page) http://www.es-es.net/2.html
• Chat Abbreviation -PDF-Download
• Cleaning Your Windows Computer -PDF-Download
• Free Software for Home Users -PDF-Download
• How to Check Your Computers History -PDF-Download
• I-Educator -PDF-Download
• Internet Safety for Kids -PDF-Download
• Internet terms -PDF-Download
• Internet Safety Plan -PDF-Download
• Internet Safety Tips for Parents -PDF-Download
• Secure Mac step by Step -PDF-Download
• Tracking People around town -PDF-Download
Internet Safety for Kids link list• www.packet-level.com/Kids is very graphic • www.webwisekids.com has excellent resources for parents
BIBLIOGRAPHY1. Tapscott, The N’ Generation, 1998: 1-2.
http://www.amazon.com/gp/product/0071347984/103-7584413-9423004?v=glance&n=283155
2. World Youth Report 2005http://www.un.org/esa/socdev/unyin/wyr05.htm
3. The Henry J. Kaiser Family Foundation Study, 3/05 4. Kaiser Family Foundation
http://www.kff.org/
5. Numsum Myspace Statswww.numsum.com
6. Media Central “The Buzz”7. http://www.pewinternet.org/pdfs/PIP_Teens_Report.pdf
8. The National Youth Agencywww.nya.org.uk
9. The Search Agencyhttp://www.thesearchagency.com/ResourceLibrary/search_engine_stat.aspx?sCatId=2
10. Internet Addiction by Wendi Kannenberg http://gien.adventist.org/forum2006/presentations/kannenberg-online-addictions.pdf11. Internet Safety for Kids
www.packet-level.com/kids 12. US News and World Report – Special Report- September 18,2006
www.usnes.com 13. 'Predator's Playground‘?
http://www.msnbc.msn.com/id/11065951/site/newsweek/
14. Decoding MySpace http://www.usnews.com/usnews/news/articles/060910/18myspace_5.htm