Safe and Secure

TrendMicro last year introduced its cloud computing strategy to deliver security to desktop PCs. Now the security software vendor, according to CEO Eva Chen, is taking cloud security a step further by protecting the cloud itself.

An update to its Deep Security product, introduced Monday, offers protection for the "entire server," including the operating system, network, and applications layers, according to the company.

So is why there a need for yet another layer of server protection. Don't servers already have an enormous amount of protection?

She acknowledged that servers are typically protected by a firewall, an intrusion detection system (IDS), and an intrusion prevention system (IPS). "But now people are doing virtualization," Chen said. "And once you do virtualization, the server can move from one network center to another network center or move from your own data center to a public data center, and therefore the server is not just behind the firewall all the time. It needs to protect itself."

Another issue is the changing nature of servers. In the past, they mostly were used to serve up data. But with cloud computing, applications run on the server and that makes them vulnerable to hackers. "In last two years an enormous amount of Web servers were attacked by cybercriminals. They just insert SQL injections or a malicious link in your site or serve up malicious content from your site," Chen said.

Initially, TrendMicro's product is aimed at the enterprise but, long term the company plans to develop services to support small Web sites and blogs.

As a small site owner, I understand the need. SafeKids.com, which is a WordPress blog I maintain, was attacked a couple of years ago due to a security flaw in a template I was using. The attacker embedded hidden links to sites that offered male enhancement products. I discovered the problem when I was embarrassed by Google Viagra ads appearing on my site. I don't have anything against Viagra, but the ads weren't appropriate for a site that focuses on Internet safety for children. Google, which places ads that are related to the site's content, was fooled into thinking that my site covered male enhancement rather than children's safety. Chen said that TrendMicro is exploring technology that could protect sites like mine by alerting owners to potential problems as soon as they occur.

In a partnership with RSA, the company is also working to protect financial sites against phishing attacks. It has software that looks for phishing sites that mimic legitimate ones and warn the legitimate site owners who can then take action against the impostors.

Listen to Larry's interview with TrendMicro CEO Eva Chen.

Listen now: Download today's podcast

A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.

Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.

When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay's PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.

In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.

BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which "appear to be old, unused or fake," but "many--including Gmail and Hotmail addresses--are genuine." To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.

Here's some advice that can help you avoid becoming a phishing victim.

Change passwords regularly
Even if this particular breach hadn't occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It's also a good idea to avoid using the same password on multiple sites, but if you're one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.

As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.

Click cautiously
If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It's safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you're absolutely sure that you're dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.

Look for secure sites
If you're asked to provide sensitive information such as a credit card number, be sure that the URL begins with "https" (the "s" stands for "security") and that there is a padlock icon, typically in the lower-right corner of the browser.

Use a phishing filter and good antimalware software
The most recent versions of most browsers, including Microsoft's Internet Explorer and Mozilla's Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.

Think critically
If something seems too good to be true, it's almost invariably too good to be true. Think about what you're about to do on any site you visit, especially if it's a site you don't already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.

The U.S. Department of Homeland Security's National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.

With Obama in the White House, it's no longer unusual for government agencies to communicate via social media services, but today's announcement that the Justice Department is now on MySpace is something of a milestone. For years, MySpace was under intense pressure from law enforcement officials from all levels of government to clean up what some considered to be a breeding ground for dangerous and criminal activity.

The Justice Department's new MySpace profile mostly serves to redirect visitors to the Department's new Justice.gov Web site but also includes an unmoderated forum where users can comment and "interact with the Department in entirely new ways." The Justice Department is also on Twitter, YouTube, and Facebook.

For years, MySpace was perceived as the bad boy of social media, enduring frequent and harsh criticism from law enforcement and policymakers from just about every branch of government. The service was the subject of multiple investigations and accusations that it had become a predators' playground, making it far too easy for would-be sex offenders to prey on teens.

Much of those predator fears weren't grounded in fact, but MySpace's parent company, News Corp., did take action in 2006 by hiring Hemanshu Nigam, who in his earlier career as a federal prosecutor helped send child predators to prison. This week, Nigam was promoted to Senior Vice President of Safety, Security, and Privacy of News Corp.'s Digital Media Group, which oversees all of the company's interactive services. MySpace has also just created a position of public affairs director specifically to improve its reputation in the areas of safety, security, and privacy.

After numerous complaints, press releases, and threatened lawsuits, MySpace in 2007 began using the Sentinel Safe database of registered sex offenders to identify and remove sex offenders from its site and provide their information to law enforcement.

That year the company also reached a settlement with 49 state attorneys general to form the Internet Safety Technical Task Force. That task force's report, which was written under the direction of Harvard law professor John Palfrey, was criticized by some state attorneys general for downplaying predator danger. (Disclosure: I served as a member of that task force as a representative of ConnectSafely.org)

Of course all of this is dwarfed by MySpace's larger problem of dwindling membership as it struggles to compete with Facebook and other social media sites. Today MySpace's problem is less about convincing officials and parents that the site is safe and more about convincing young people and adults to continue to use it.

Disclosure: MySpace and Facebook are two of several companies that provide financial support to the nonprofit Internet safety organization ConnectSafely.org, which I help operate.

WASHINGTON--When the Online Safety and Technology Working Group, established via the Protecting Children in the 21st Century Act, last week held a meeting at the U.S. Department of Commerce to discuss how to best protect kids online, members may not have been expecting to talk so much about offline behavior.

The 29-person panel, which includes representatives of Internet companies, academia, nonprofit organizations, and government agencies appointed in April by U.S. Department of Commerce's National Telecommunications and Information Administration, offered recommendations ranging from self-protection to cyberbullying prevention. The common themes: exhibiting the same self-awareness and outward sensitivity online as you would offline, and proactively counseling youth exhibiting risky offline behavior.

As an appointed representative of SafeKids.com and ConnectSafely.org, and head of the group's Net safety education subcommittee, which ran the meeting, I got a front-row seat. Below is an overview of the discussion.

The first set of presenters was a group of public-school students here who gave a frank appraisal on the state of Internet safety education from the front lines. Although members of this student panel were quite familiar with incidences of cyberbullying and sexting (students sharing naked pictures of themselves), none had any horror stories to report, and all seemed to understand the basics for staying safe and maintaining their privacy on social-networking sites.

My favorite comment came from a middle-school student who said, "The only person who can protect you on the Internet is you." Based on what the adult presenters later said, she was quite right.

The next presenter, Stephen Balkam of the Family Online Safety Institute, outlined some of the safety messages social-media and Internet companies are offering, including site-specific advice and tools, as well as and supporting nonprofits that provide safety advice. "Millions (of dollars) are being spent," Balkam said, "but more can be done."

Nancy Willard of the Center for Safe and Responsible Internet Use talked about the current state of Internet safety education, telling the group that much of today's school-based messages continue to reinforce the discredited notion that kids are in serious danger from adult predators.

Willard pointed out that sexual exploitation resulting from contact by someone a young person knows only through the Internet is extremely rare, especially compared to the far more likely peer-to-peer problems such as cyberbullying. She hopes to see federal funding for Department of Education-administered prevention programs that include educators, health professionals, and risk prevention experts, along with law enforcement.

Much of school-based Internet safety education to date has been funded by the Justice Department, which tends to view the world in terms of preventing and solving crimes rather than dealing with risky (yet not necessarily criminal) behavior. Willard said law enforcement needs to continue to be involved, but not as the sole voice in the discussion.

Jessica Gonzalez of the National Hispanic Media Coalition talked about the online component of hate speech, especially as it pertains to Latinos caught in an immigration debate. While Gonzalez welcomes a spirited debate on immigration issues, she warned about hate crimes against Latinos--including citizens and legal residents--as well as Web sites that may encourage such crimes.

Gonzalez's comments were followed by a discussion that included contributions from Steven Sheinberg of the Anti-Defamation League (a leader in advocacy against hate speech), Whitney Meagher of the National PTA, and Judi Westberg Warren of Web Wise Kids. All agreed that Internet safety must include teaching respect for oneself, one's peers, and the broader community. Whether dealing with ethnicity, sexual preference or anything else, they concluded that there is a real connection between hate speech and cyberbullying.

Mike Donlin of Seattle Public Schools described his district's cyberbullying program, which trains students on techniques to protect themselves and their fellow students from bullying and harassment. Consistent with other experts, Donlin said online bullying is typically associated with offline bullying. Problems that start in school often migrate online, and it's not uncommon for the bullies and victims to know each other in the real world.

Patti Agatston, a risk prevention expert from Georgia's Cobb County schools, talked about the need for safety messages tailored to a young person's specific risk profile. Drawing on health care messaging, she pointed out that all kids need what she called "primary prevention": general messages about how they can stay safe, treat each other respectfully, and protect their reputations.

Kids with somewhat higher-risk profiles, who may have less parental involvement or exhibit early problem behaviors, need "secondary prevention," Agatston said, such as adolescent therapists and other professionals to help them deal with addictive behaviors involving Internet use, pornography, sexual risk taking, or offline high-risk activities, including substance abuse, self mutilation, eating disorders, or gang activity.

These higher-risk youth, Agatston said, can benefit from "prevention programs that often involve mentoring, decision-making skills, goal setting, and peer education." As she pointed out, kids who take risks online typically also take risks in their offline lives; the problem is less about technology and more about youth behavior.

Another speaker, Alan Simpson of Common Sense Media, told the group that digital citizenship and media literacy are essential components to online safety. How kids treat themselves and others, as well as their ability to critically evaluate what they see and do online and offline, can have an enormous impact on their personal safety and the safety of those with whom they interact.

Finally, University of Southern California media professor Henry Jenkins wrapped up the day with a look at how young people use social media and how, over time, online communities can have self-regulating and protective effects on their members.

Jenkins, who has studied online gaming, fan sites, and other areas where young people interact, noted that while cyberbullying is a serious problem, people in these communities will often self-regulate by isolating and criticizing those who exhibit antisocial behavior.

This post is an adaptation of one that first appeared on Larry Magid's SafeKids.com.

In some ways RealNetwork's Rhapsody service competes with Apple's iTunes, but Apple has approved the music streaming app for use on the iPhone and iPod Touch.

The app is free, but users will pay $14.99 a month for the service after a free seven day trial.

Real Vice President Bill Hankes described the service and said that, even though it competes with Apple to some extent, the two companies were able to reach what he considers to be a mutually beneficial agreement.

Listen now: Download today's podcast

A software product sold to protect children from predators, cyberbullying, and visiting inappropriate Web sites is also collecting information about what the kids are saying, and its publisher is selling that data--in aggregate form--to other companies for marketing purposes.

In an interview, Echometrix CEO Jeffrey Greene said that the company doesn't collect or report the names or any identifying information about the children. "We never, ever, ever can identify who the kid is who is saying it. In fact, we don't have any information about the individual child," he said.

The company's Sentry Parental Control Software, according to Greene, is designed to warn parents if a child is engaged in inappropriate online behavior by analyzing a database of 29,000 words including what he calls "Weblish," slang terms like POS (parent over shoulder) that kids use as short cuts in instant messaging and chat rooms. To do this, said Greene, it's necessary for the company to capture this information so "we can monitor these kids and the conversations they are having and the things they are seeing and all the words that are coming to them and all the words they're sending out, so we can make decisions and identify questionable activities and let mom and dad know about it right now--in real time."

In addition to notifying parents if their kids are doing something questionable, the company also sells summary data based on this information--in the aggregate--to other companies. A press release on its Web site describes a product called Pulse "that reads digital content from multiple sources across the Web, including: instant messages, blogs, social environment communities, forums, and chat rooms." The company says that it delivers the unsolicited raw conversations in real time. It gives marketers immediate, unique information about what teens are saying in their own words."

Greene says that the service can let companies "in real time, find out what the kids are saying about your product and all your competitors' products...I can't tell you who said it, I can only just tell you that a lot of kids said it."

Greene said that the company does provide a disclosure to parents as well as a way for parents to opt out, but the information in its end-user license agreement is written in the typical legalese and is a bit contradictory. In one section, it says "SearchHelp (recently renamed Echometrix) does not read or disclose private communications except to comply with a valid legal process such as a search warrant, to protect the company's rights and property," but in another it says "We have a parent's permission to share the information if the user is a child under age 13. Parents have the option of allowing SearchHelp to collect and use their child's information without consenting to SearchHelp sharing of this information with people and companies who may use this information for their own purposes."

At my request, the company provided a link to a Web page where parents can opt out of the collection process.

Spyware?
David Perry of TrendMicro, which includes parental control tools in some of its security products, said he isn't aware of any other parental control products that capture this type of information. "This is a severe case of what we used to call spyware," he said. Perry worries that even though the software may not collect the names of the children, "those names could be included in some of the chat messages."

Taking Greene at his word, and assuming that the company carefully avoids sending out identifiable information, I still can't shake the creepy feeling that I get about any product that collects any information from children, especially in the name of child protection.

Listen to my interview with Echometrix CEO Jeffrey Greene

Listen now: Download today's podcast

Along with keyloggers that track what you type, now we have to worry about malicious software that listens in on our voice over Internet Protocol conversations.

A Symantec security blog on Thursday disclosed a new Trojan horse, Tojan.Peskyspy "that records VoIP communications, specifically targeting Skype." The posting, based on analysis from Symantec's Karthik Selvaraj, pointed out that "its existence isn't due to any problems with Skype itself" but that Skype may have been targeted "simply because it has such a large install base."

Gerry Egan, Symantec's director of security response, says the Trojan is capable of "hooking...through some Windows APIs into some audio streams" that "can be intercepted, turned into MP3 files, and then sent over a remote channel to a remote electronic eavesdropper."

A PC can be infected through the usual channels for malware, including an executable file in an e-mail you click on and a "drive by download" that's automatically triggered when you visit an infected Web site. The most recent trend, Egan said, "is a shift toward socially engineered attacks like a fake video site."

The code has been published on the Web by a Swiss researcher, Egan said, adding that "we've not seen any indications of it being used maliciously, but the published code opens up endless possibilities in the mind of a hacker."

The code would affect Skype or any other VoIP software on a Windows PC that uses an audio stream, Egan said.

Unlike most malware, Symantec does not anticipate the code being used to launch widespread attacks.

"To do this en masse really isn't practical," Egan said. Even if a "piece of malware gets on the machine of someone who is using (VoIP), and they are talking about interesting things, finding those interesting things among the many hundreds of thousands of hours of phone calls would be like trying to find a needle in a haystack." He said it might be more valuable in a targeted attack against a specific individual.

Eavesdropping is a risk, when it comes to industrial espionage, prying spouses or significant others, and political campaigns, as well as political dissidents. U.S. law requires a court order before a phone or a computer can be legally tapped by government or law enforcement officials.

The best way to avoid being infected with this or any other malware is to use good up-to-date security software and to be sure that your operating system and browser are updated. It's also a good idea to avoid clicking on e-mail attachments and consider using security software that warns you when you're about to visit a potentially malicious Web site.

You can listen to my interview with Gerry Egan here:

Listen now: Download today's podcast

Back-to-school time is an excellent time for kids, parents, and teachers to think and talk about the safe and appropriate use of the Internet and social-networking tools.

My message to parents and teachers is simple: embrace the technology that kids use, recognize that whatever you may lack in technology knowledge you make up in wisdom, and remember that you, too, were once a kid. Your first reaction to kid activity that may be a bit disturbing shouldn't be to freak out and shut down access but to take a deep breath, talk with (and listen to) the kids, and do everything you can to encourage dialog.

And try to become familiar with the technology your kids use. That doesn't mean you necessarily have to be their friend on Facebook or MySpace, but before you start trying to control how they use social-networking technology, make sure you understand it.

Teachers should attempt to use social networking as part of the educational process. Whether they know it or not, kids are engaged in informal learning through their use of social networking, so why not use the same technology for formal learning? And while you're at it, incorporate digital citizenship and media literacy into your teaching.

As my ConnectSafely co-director Anne Collier pointed out in Social media literacy: The new Internet safety, media literacy and critical thinking "is protective against manipulation and harm." Encouraging kids to practice good digital citizenship helps protect all young people, because "behaving aggressively online more than doubles the risk of being victimized."

As per kids, Hemanshu Nigam, the chief security officer at News Corp. and MySpace offers some Online Safety and Back to School advice especially suited to youth who use social-networking services like MySpace and Facebook (MySpace is one of several companies that provide financial support for ConnectSafely). He starts off with the usual internet safety advice: "Don't post anything you wouldn't want the world to know" and "don't get together with someone you 'meet' online unless you're certain of their identity." Then, perhaps a bit uncharacteristic of his background as a former federal prosecutor, Nigam also provides advice about the compassionate and kind use of social networking:

• Post with respect: photos are a great way to share wonderful experiences. If you're posting a photo of you and your friends, put yourself in your friends' shoes and ask would your friends want that photo to be public to everyone. If yes, then you're uploading photos with respect.
• Comment with kindness: compliments are like smiles, they're contagious. When you comment on a profile, share a kind word, others will too.
• Update with empathy: sharing updates lets us tell people what we think. When you give an opinion on your status updates, show empathy towards your friends and help them see the world with understanding eyes.

ConnectSafely.org, the nonprofit Web site I co-direct, has lots of other advice on the safe and productive use of social media and technology.

The recent recovery of Jaycee Lee Dugard, who was located 18 years after being abducted by a stranger, once again has parents thinking about how to protect their own kids. That's one of the reasons behind a growing number of child locator products that typically use GPS and a cellular device to help a parents and authorities pinpoint a missing child to within a few yards.

But before getting into the technology, here are some important statistics to put this problem into context.

Stranger abduction is rare
A 2002 study commissioned by the U.S. Department of Justice found that, in one year, 797,500 children were reported missing. That's a lot, but most of those weren't abducted. Of those, 203,900 were family abductions, which means the abductor was related to the child, often a noncustodial parent. Some 58,200 were "nonfamily abductions," but that doesn't necessarily mean strangers were responsible. And 115 children, a tiny fraction of those reported missing, were victims of what the National Center for Missing & Exploited Children (NCMEC) calls "stereotypical kidnapping," which involves "someone child does not know or someone of slight acquaintance, who holds the child overnight, transports the child 50 miles or more, kills the child, demands ransom, or intends to keep the child permanently."

(Disclosure: I serve as an unpaid member of NCMEC's board of directors.)

The potential loss of 115 children a year is a national tragedy, but to put it into perspective, there are 74 million children and teens in America; the odds of it happening are about 1 in 644,000, or about the same risk as being struck by lightning.

Still, it does happen and just because most abductions are carried out by family members or acquaintances doesn't mean that they're not potentially tragic. But it does mean that "stranger danger" is not the biggest threat to our children. In fact, because so many children are exploited by acquaintances and family members, NCMEC has stopped using that term and now refers to it as a "misguided message," because "children don't get it, adults don't practice it (and) it doesn't go far enough in protecting children from potential danger." Plus, when a child is in trouble, sometimes their protector can be a stranger such as a police officer, a mall security guard, or a passerby.

Reasons for concern
Having said, this, there is still a logical reason for parents and guardians to consider equipping their children with a device that can help locate them in an emergency. For one thing, these devices can bring peace of mind. Parents worry about their kids for a lot of reasons beyond being taken by a stranger. Have they wandered off? Did they get into an accident? Could they be lost? And it's not just little kids we worry about. Parents of teenagers are rightfully concerned when they're kids are away from home, especially if they're riding or driving in cars. To be honest, my kids are now in their 20s and I still worry about them.

Technologies
There are various technologies that can help protect children ranging from devices that send out a local alarm that can be heard from a couple of hundred feet away to very sophisticated dedicated GPS tracking devices.

It won't locate your kid or transmit a signal, but the AmberWatch (about $23) is a wristwatch that puts out a 115-decibel signal that, according to its manufacturer, can be heard up to 100 yards away. The alarm is activated by the child by pushing both buttons on either side of the device. It's actually a real watch with time, date, and stopwatch functions and comes in pink and blue. A search for child locator alarm systems will find plenty of similar products.

These products can be useful for finding a child who was wandered off in a mall or perhaps on a trail, as long as the child knows to sound the alarm before they have gone too far. They could play a roll in help to thwart an abduction if the child activates the alarm before the abductor gets them into a car or remote location. But screaming often accomplishes the same goal, which is why NCMEC advises parents to instruct kids to "scream and make a scene if anyone tries to grab them or force them, in any way, to go with them."

Although this and other products use the term "Amber," they are not associated nor endorsed by the Department of Justice's AMBER Alert program. The Justice Department restricts the use of the Amber Alert logo but not the term "Amber."

Dedicated GPS Devices
There are several products on the market that use GPS to track your child along with a cellular device to notify parents where they are. With all such devices, their ability to determine a location is dependent on getting a GPS and cellular signal. GPS may not work indoors, around tall buildings, in forests, or other locations without a clear view of the sky. Cellular, as we all know, is also depended on location. Also, these devices work only as long as their battery does.

Amber Alert GPS 2G costs $379 product plus $9.99 to $19.99 a month for the service. It measures 1.77 inches long by 1.68 inches wide by .78 inches deep and is designed to fit into a backpack or be worn around a child's wrist. It can be programmed via the Web or a cell phone to send you text messages and e-mails with your child's location and a link to a map. You can also use it to create a "safe zone" or virtual boundary. If your kid wanders out of that zone you and up to four other trusted adults get a text messages and e-mail alerts every 5 minutes until you cancel. It also gives you a "bread crumb" location trail so you can see where your kid has been.

The device also has an SOS button that your kid can use to send a help message if they are in any kind of danger. A speed alert lets you know if the device is moving above a set speed. That way you can tell if your kid is in a car and, if so, how fast it's moving. The mere fact that your kid is moving faster than a walk could be a reason for concern if they're not supposed to be in a car or public transportation. Parents of teens can use it to make sure they're not speeding. There is even a temperature alert to help protect against young children being left in hot (or cold) cars. The device's battery is rated to last 12 hours between charges.

Another product is the WorldTracker Enduro. It measures 2.6 inches long by 1.4 inches wide by .79 inches deep and has a GPS receiver and a GSM SIM card to transmit its report to a Web site or send a notification to a parent by e-mail or text message. It too features real-time tracking and allows a parent to be alerted if a child leaves a virtual safe zone. It also tracks the speed and altitude of the device, but a feature that will alert a parent if a child exceeds a certain speed is "in the works," according to a company spokesperson. The Enduro has a rechargeable lithium ion battery that, according to the company, tracks for up to a week on a single charge. It costs $295 plus $49.99 a month for service that includes unlimited tracking. You can also use your own T-mobile or AT&T SIM card and pay $20 a month for the service in addition to your cellular plan.

Other companies in this space include Whereify Wireless, U.K.-based lok8u, and TrackMyKids.

Cell phone services
All cell phones sold in North America have GPS tracking capability so that 911 operators can locate users in an emergency. That same technology can also be used to track the location of the phone either as a child locator or a friend tracker.

AT&T, Sprint, and Verizon offer add-on services that allow parents to track the location of their kids cell phone. AT&T FamilyMap and Verizon Chaperone cost $9.99 a month, while Sprint Family Locator is $5 a month. All of these services allow you to see real-time location on a map and get automatic location alerts.

With all these devices your kid, of course, needs to have the cell phone with him or her and turned on.

In addition to what's offered by the phone carriers, there are some third-party services that can track and report location. These include Loopt, Glympse, and Google's free Latitude service. None of these services is marketed as child locators. Latitude only gives an approximate location on a map and doesn't attempt to pinpoint a street address. It would be better than nothing in an emergency but not nearly as precise as the dedicated child locator services. Glympse, which works with Android phones and soon iPhones and BlackBerrys, is a permission-based system that allows the phone user to send an e-mail or text message that gives someone the ability to track them for a specific period of time--never more than four consecutive hours. Once you get a "Gympse" you can see that person's location on a map and, if on the move, you can see their path and their speed. It's a great way to track teens who would have to agree to be tracked such as a condition for borrowing the car, but it's not really well suited for tracking young children.

Loopt is designed to help friends locate each other, but it could be used to locate a child.