STE WILLIAMS

Internet Explorer is about to do more than just look like Chrome – it’ll silently update on your PC just like Google’s browser, too.

Microsoft in January will start rolling out auto updates moving you to the latest edition of IE available for your machine’s operating system.

Platforms covered are Windows XP, Windows Vista and Windows 7 and the policy means Windows XP holdouts on IE6 or IE7 get booted up to IE8 while Windows Vista and 7 users still on IE7 or even on Windows 8 get shunted up to IE9, released in March.

Silent updates will start in Australia and Brazil and you’ll need to have turned on automatic updating via Windows Update.

You won’t be forced to move, if you’ve deliberately decided old is your thing.

Microsoft makes available IE8 and IE9 Automatic Update Blocker toolkits to stop auto-updates while those who’ve actively declined updating in the past won’t be moved.

You can also uninstall the update.

Until now, Microsoft’s relied pretty much on the end-user to manage the move to a new version of IE – either by converting when they purchase a new machine with a new version of Windows on board, or when by downloading the latest version of IE online. In business, organizations will rollout an image of a standardized desktop with the browser in it.

General manager for business and marketing Ryan Gavin dressed up the change in policy here, with plenty-o-talk about making the web better and customer safer by putting them on the most up-to-date browsers. And, to be sure, there’s no reason anybody should still be on IE6 – Microsoft’s tried repeatedly to stamp it out with upgrade campaigns. Microsoft has been aggressively pushing HTML, which is supported better in IE9 than it has been at any other time in the history of Microsoft’s browser or of HTML.

Microsoft has two real problems, however.

The first, is that the PC market is in a crisis and if Microsoft expects shipments of new PCs will help see wider update of IE9, only released in March, then it’s mistaken. Sales of PCs for 2011 have been slashed by IDC, which now expects just 4.2 per cent growth down from seven per cent at the start of 2011. The outlook is unclear for 2012.

All of which hits to the bigger problem: IE8 and IE9 have failed to reverse IE’s falling market share. In the last few years, Microsoft’s tried everything: targeting mass-market consumers with dreamy talk about the “beauty of the web”, fashion-forward hipsters with an IE9 launch at the South-by-South-West conference in March, and engineering geeks with more rapid engineering cycles: after years of literally nothing between IE6 and 7 – that helped establish Firefox – we’ve had IE8 in May 2010, IE9 in March 2011, and now a preview for IE10 in April this year.

Yet, IE finishes 2011 with even less market then when it entered – 52.64 per cent versus 58.64, according to Net Applications. And while Firefox has, by all accounts stalled, Chrome is growing – having taken the number-two position from Firefox in November according to StatCounter.

Indeed, StatCounter thinks Chrome really is the one to watch: Chrome 15.0 is just a few per-centage points behind IE8, on 24 per cent and it was only released in October. IE9, in play since March, is still on less than 12 per cent.

Windows needs IE, IE needs Windows

The problem is clear, if not the reason. Fast releases don’t necessarily make more people use your software, as Firefox-shop Mozilla has discovered. Losing the browser would be a major set-back for Microsoft; IE is one more reason to buy Windows, and Microsoft needs those.

For example, IE9 lets you pin a website to your Windows 7 taskbar. You click on the pin when you want to visit a site, and you’re taken to the site or service you want without actively surfing. You can see a list of pinned sites here and see the kind of rich, content-driven desktop idea Microsoft had in mind here.

With IE only working on Windows, however, the idea is that IE gives you one more reason to buy Windows and it gives content providers another reason to target IE. If IE disappears, there’s another reason to bypass Windows.

To understand the link between Microsoft’s browser and sales of Windows, consider this: IE9 was not made for Windows XP because Microsoft’s priority is to sell copies of Windows 7.

Silent updates aren’t just needed for IE; they are needed for Windows, too. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/15/ie_9_silent_updates/

Victims of iPhone theft have discovered that remotely wiping the nicked kit won’t stop iMessage content being delivered to the thief, who can continue to respond under the owner’s name.

The flaw was spotted by one David Hovis, whose wife had her iPhone lifted and promptly deactivated the mobile number, remotely wiped the data and changed both Apple ID and password. But despite all that he discovered messages sent using iMessage were being received by buyer of the stolen handset, in addition to being delivered to his wife’s new handset, and shared the experience with Ars Technica.

Not only was the receiver-of-stolen-goods getting messages addressed to Hovis’ wife, but the chap was able to respond to the messages and got quite leery when told he had bought a stolen handset.

It seems the problem isn’t unique to Mrs Hovis, but has hit quite a few iPhone users, a problem which will presumably increase as iMessage gains ground.

iMessage works by automatically turning SMS, and MMS, messages into internet traffic when a data connection is available at both ends. It only operates where both parties have an iPhone, and are connected to the internet, but when activated it does provide a free messaging service.

Users sometimes find themselves caught out when they get billed for an MMS they expected to be free, and where group send is being used the service can get quite confused, but in general it’s a useful facility that users love. The fact that iMessages are converted from SMS’s means they are addressed to a phone number, rather than an Apple ID or similar, which might explain why the ID is proving so resilient.

Changing the phone number should really prevent iMessage delivery, but it seems the application is somehow cacheing the phone number and refusing to forget that cached content despite being remotely wiped.

The only reported success in stopping message deliver was to switch off iMessage on the stolen device (which might be tough unless it’s some sort of insurance scam) or register an completely new Apple ID and forget about the old one – though that means forgetting about all the films, music and applications owned by that account too.

If the problem is an overly persistent cache then Apple will probably get it fixed quite swiftly, but with Cupertino being as taciturn as ever we’ll probably never know when they have, or what messages have been delivered to thieves (and their customers) in the meantime. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/15/imessage_persistant/

Facebook has declined to comment on a report that suggested the dominant social network had already tucked away sales of $2.5bn for the first nine months of 2011.

Gawker, citing a “well-placed” source, claimed to have its hands on juicy financial details about the privately-held company that is expected to go public next year.

A Facebook spokeswoman told The Register “No comment, as it relates to revenue.”

If the numbers are accurate, then they paint a good picture of just how much money CEO and co-founder Mark Zuckerberg is sitting on right about now.

Here’s Gawker’s breakdown for the period covering January 2011 to September 2011:

Assets: $5.6 billion

Cash/cash equivalents: $3.5bn

Debt: $0

Shareholder equity: $4.5bn

Operating cashflow: $1bn

Revenue: $2.5bn

Operating income: $1.2bn

Net income: $714m

The same report echoed earlier suggestions that Facebook was looking to raise $10bn at a $100bn valuation in an initial public offering.

That private treasure trove, again if correct, is impressive. But some observers had estimated that Facebook could hit revenue of $4bn for 2011, a goal that may have now been missed, unless – that is – the company manages to pull in sales of $1.5bn during its final quarter.

Another interesting nugget apparently leaked by the anonymous source to Gawker appears to reveal exactly how Facebook’s ownership is currently carved up.

Zuckerberg owns 24 per cent of the network he helped build from his college dorm in Harvard.

Among others, Facebook employees have a 30 per cent slice of the pie, serial Web2.0 investor Digital Sky Technologies owns 10 per cent, and Microsoft has 1.3 per cent ownership of the network.

Earlier today, the company debuted a major makeover of Facebook by introducing its Timeline feature. The network certainly appears to be priming itself for a very public showtime in 2012. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/15/facebook_supposed_revenues_leak/

The Information Commissioner’s Office won’t begin enforcing the new cookies law for another six months yet – in the meantime, the regulator has issued a reminder to web outfits warning them to prepare to comply with the legislation.

On 25 May 2011, the implementation of the revised e-Privacy Directive passed with a whimper rather than a bang, after just two Member States issued a full notification to Brussels. The remaining 25 countries that make up the European Union failed to meet that deadline.

The UK at that point had offered Brussels officials partial notifications, despite the fact that the Commission had clearly stated that the implementation of all the measures detailed in the directive were required to be transposed into national law.

European Commissioner Viviane Reding told this reporter in June that she was surprised by how many member states had ignored the deadline for implementing the ePrivacy Directive, which included a requirement for businesses to be much more upfront about their use of cookies online.

“I always meet people who are astonished that Christmas is on the 25th of December. I always encounter governments that are astonished that a law that has been voted for two or three years before has to be applied on that date … That is not just on the cookies, but a general problem, which I have normally,” she said.

“This decision doesn’t come out of the blue. That was the Council of Ministers plus the European Parliament who had done this together … You decide something, you apply it. If you don’t we bring the country to the court.”

However, the UK government made the decision to effectively free up web owners from the burden of complying to the directive that required sites within the EU to obtain a visitor’s consent to install a cookie in their browser, by deferring enforcement of the law for one year.

And now, Blighty’s data protection watchdog is having another punt at playing the friendly policeman with website owners operating in the UK.

“The guidance we’ve issued today builds on the advice we’ve already set out, and now includes specific practical examples of what compliance might look like,” said Information Commissioner Christopher Graham.

“We’re half way through the lead-in to formal enforcement of the rules. But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”

However, fines of up to £500,000 could be levied against those web outfits that fail to get their cookie-tracking in order come mid-2012.

“Our mid-term report can be summed up by the schoolteacher’s favourite clichés ‘could do better’ and ‘must try harder.’ Many people running websites will still be thinking that implementing the law is an impossible task,” said Graham.

“But they now need to get to work. Over the last few months we’ve been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can’t you?”

He added that “prescriptive check lists” would not be issued by the ICO.

In May, the government confirmed it was working with Mozilla, Apple, Microsoft, Google, Yahoo, Adobe and the Internet Advertising Bureau to come up with a browser solution to obtaining users’ consent.

At the time, it indicated that coming up with a browser setting that helped websites comply with the directive was – in part – the reason behind the ICO delaying enforcement for a year.

The ICO noted yesterday that: “Achieving compliance in relation to third party cookies is one of the most challenging areas,” it said, thereby flagging up one of the main issues website owners have with the directive.

“The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers.”

That comment seemed to suggest that it’s now open season for any web outfits in the UK lobbying for tracking online behaviour without requesting consent just as the six-month countdown to compliance begins… ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/15/ico_cookie/

Security researchers have discovered that Google Wallet stores sensitive information unencrypted on devices, including the cardholder’s name, transaction dates, the last four digits of credit card numbers, email address, and account balances.

The mobile payment app fails to protect anything beyond the credit card number itself, according to an analysis by ViaForensics. The firm concludes that the shortcoming places users of the technology at unnecessary risk.

While Google Wallet does a decent job securing your full credit cards numbers (it is not insecurely stored and a PIN is needed to access the cards to authorize payments), the amount of data that Google Wallet stores unencrypted on the device is significant (pretty much everything except the first 12 digits of your credit card). Many consumers would not find it acceptable if people knew their credit card balance or limits.

Further, the ability to use this data in a social engineering attack against the consumer directly or a provider is pretty high. For example, if I know your name, when you’ve used your card recently, last 4 digits and expiration date, I’m pretty confident I could use the information to my advantage. When you add data that is generally available online (such as someone’s address), an attacker is well armed for a successful social engineering attack.

Google Wallet is a payment applications, targeted at consumers of Android smartphones. The technology uses wireless Near-Field Communication (NFC) for swipe-to-pay transactions with retailers. The technology is still in the early stages of development and only supports Citi MasterCard and Google Prepaid Card as well as a small number of store and loyalty cards.

Google said ViaForensics’ study looked at what data was available on a rooted Android devices running Google Wallet. It adds that credit card and CVV numbers held by Google Wallet are stored in the secure element of an NXP chip used by Android smartphones.

“The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers,” Google said in a statement, NFC World reports.

“Android actively protects against malicious programs that attempt to gain root access without the user’s knowledge. Based on this report’s findings we have made a change to the app to prevent deleted data from being recovered on rooted devices.”

The alleged security shortcoming uncovered by ViaForensics stem from Google’s implementation rather than any inherent shortcomings in the technology. Failure to encrypt transaction history and other sensitive details is a serious oversight with the technology, according to other security observers.

Mark Bower, VP at encryption firm Voltage Security, commented: “While Google Wallet presents an exciting new way for merchants to expand business, just because it’s new doesn’t make it secure.

“Given the wallet is so new, the fact that they aren’t encrypting the data beyond the credit card is a real surprise in this day and age of exploits and data compromises – the risk here is not so much about the credit card number, it’s about the customer personal data – their transaction history – exactly the kind of data an attacker can use to mount a social attack on the consumer to get something even more valuable.

“Android’s freedom is also its weakness in enabling such attacks to potentially be automated to the Google Wallet.”

Google Wallet was launched in May and still remains very much a work in progress. The analysis by ViaForensics, which the firm says is far from comprehensive, follows other misgivings from security experts about the use of a simple PIN to lock Google Wallet, as exemplified by a blog post by Sophos here.

Last week it emerged that Verizon Wireless is blocking (or at least omitting support for) Google Wallet on the upcoming Galaxy Nexus smartphones that will run on Verizon’s 4G LTE network. However this decision might just as easily be explained by a commercial dispute over who controls the secure element on users’ smartphones than security concerns per se, a post by Lisa Vass on Sophos’ Naked Security blog concludes. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/15/google_wallet_uncryption/

The FBI has arrested a man suspected of taking part in a DDoS attack that smashed KISS bassist and reality telly star Gene Simmons’ web site off the internet.

Kevin Poe, 24, of Manchester, Connecticut, was cuffed and appeared in court on Tuesday to answer charges of conspiracy and unauthorised impairment of a protected computer regarding the alleged attacks. Investigators allege Poe is affiliated with Anonymous, the hacktivist group that launched an assault on Simmons’ online presence in retaliation for his aggressive public diatribes against file sharers.

GeneSimmons.com was knocked offline for five days in October last year as a result of a sustained attack launched by Anonymous.

According to the indictment, Poe (AKA spydr101) used a much loved software tool of the Anonymous collective – the Low Orbit Ion Cannon – to flood Simmons’ site with junk traffic. LOIC, be default, does nothing to hide the identity of its users, a shortcoming that led to the arrest of many alleged Anonymous members before the collective moved on towards using more sophisticated tools.

Poe was released on a $10,000 bail pending an as yet unscheduled appearance at a federal court in Los Angeles, a statement by the central Californian US Attorney’s Office in charge with prosecuting the case explains.

The Connecticut arrest follows a raid in May by investigators in the Simmons’ web site DDoS case. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/15/feds_cuff_simmons_ddos_hack_suspect/

Software developers at Google, Apple, Adobe, and elsewhere are grappling with the security risks posed by an emerging graphics technology, which in its current form could expose millions of web users’ sensitive data to attackers.

The technology, known as CSS shaders is designed to render a variety of distortion effects, such as wobbles, curling, and folding. It works by providing programming interfaces web developers can call to invoke powerful functions from an end user’s graphics card. But it could also be exploited by malicious website operators to steal web-browsing history, Facebook identities, and other private information from unsuspecting users, Adam Barth, a security researcher on Google’s Chrome browser warned recently.

“Because web sites are allowed to display content that they are not allowed to read, an attacker can use a Forshaw-style CSS shader [to] read confidential information via the timing channel,” Barth wrote in a December 3 post to his private blog. “For example, a web site could use CSS shaders to extract your identity from an embedded Facebook Like button. More subtly, a web site could extract your browsing history bypassing David Baron’s defense against history sniffing.

On the discussion list for developers of the WebKit browser engine, Barth and developers from Apple, Adobe, and Opera discussed the risks posed by the CSS shaders technology, which was submitted to the W3C as an industry standard in October. Some members argued the timing attack Barth contemplated wasn’t practical because it would have to be customized to a particular browser and would took a long time to extract only a partial image displayed on an end user’s monitor.

“Even if you tuned a CSS attack to a given browser whose rendering behavior you understand, it would take many frame times to determine the value of a single pixel and even then I think the accuracy and repeatability would be very low,” Apple developer Chris Marrin wrote in response. “I’m happy to be proven wrong about this, but I’ve never seen a convincing demo of any CSS rendering exploit.”

Barth conceded he was aware of no reliable proofs of concept demonstrating the attack, but he told The Register he’s concerned the feature could expose users to a classic browse-and-get-hacked attack in which private information is stolen simply by visiting the wrong site.

“For example, an attacker could apply a CSS shader to an iframe containing content from another web site,” he wrote in an email. “If the attacker crafts a shader such that its run time depends on the contents of the iframe, the attacker could potentially steal sensitive data from that web site.”

He said that exploits might also expose the directory locations of sensitive files when users upload files to a website.

The scenario outlined by Barth closely resembles a vulnerability disclosed in another graphics engine that’s also emerging as an industry standard. In June, security researchers warned that a 3D-accelleration API known as WebGL also allowed websites to extract images displayed on a visitor’s monitor. An accompanying proof-of-concept exploit stole images displayed on the Firefox browser by “spraying” memory in the computer’s graphics card. The researchers said other browsers were probably also vulnerable. Barth said the vulnerability has since been fixed.

Parts of the CSS shaders specification are available in nightly developer builds of the WebKit browser engine that form the underpinnings of the Chrome and Apple Safari browsers. Adobe has an internal build of WebKit that implements CSS shaders more completely. Barth said he’s unaware of the technology shipping in working versions of any browser. And that means the coalition of developers still has time to fix the flaw before it can do any damage.

“There are a number of defenses that we’re discussing in the W3C CSS-SVG effects task force,” Barth said. “In my view, the most promising approach is to find a subset of the GLSL shader language in which a shader always takes the same amount of time to run, regardless of the input. If we find such a subset, web sites would be able to use these effects without the browser leaking sensitive information into the timing channel.” ®

Follow dangoodin001

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/14/browser_image_theft_threat/

Microsoft released 13 security bulletins addressing 19 vulnerabilities overnight, as part of a bumper final Patch Tuesday of the year.

Highlight of the baker’s dozen is a patch for the the zero-day vulnerability exploited by Duqu (sibling of Stuxnet) worm back in October. Fixing the underlying flaw exploited by Duqu involves the resolution of a problem in how Windows kernel mode driver handles TrueType font files.

Aside from this critical update the batch includes an update to address a critical flaw n Windows Media Player. A cumulative security update of ActiveX kill bits is covered by the third, and final, critical update this month. The other ten bulletins address less severe (important) flaws in Windows, IE and Office. Altogether its a desktop-heavy patch batch, as you can see from Microsoft’s summary here.

Microsoft originally promised 14 bulletins for the December edition of Patch Tuesday but one has been pulled, probably for quality control reasons. The original anticipated 14th bulletin was for the BEAST attack, but did not make it in time for the holidays due to a last minute software incompatibility uncovered during third party testing, security services firm Qualys reports. The absence of this fix means that Microsoft has issued a grand total of 99 bulletins this year, one less than the ton up that might have resulted in adverse headlines.

The BEAST attack affects web servers that support SSLv3/TLSv1 encryption. Although a patch will have to wait until January, at least, Microsoft has already published a workaround, which involves using the non affected RC4 cipher in SSL setups.

The Internet Storm Centre has produced a helpful graphical overview of the Black Tuesday updates from Microsoft here. It reckons that some of the flaws are more severe than Redmond’s rating. By the ISC’s count there are EIGHT critical updates. Either way you look at it, this is a lot of patching work even before we think about other security updates doing the rounds.

Google and Adobe are also joining in on the season of giving by releasing updates of their own. Adobe last week issued a critical updates for Adobe Reader and Acrobat. The latest version of Adobe PDF-reading software, Adobe Reader X, is not affected by this vulnerability thanks to the use of sand-boxing technology. So users have the option to either upgrade or apply a patch to the earlier version of the software.

In addition, Google published an update to its Chrome browser that addresses 15 security flaws, including six high-risk vulnerabilities, on Tuesday. More details of what’s fixed inside Chrome 16.0.912.63, the latest cross-platform version of the browser (yes Mac and Linux fans you ought to update too), can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/14/ms_bumper_patch_tuesday/

A computer enthusiast from York has admitted hacking into Facebook.

Glenn Mangham, 26, pleaded guilty to hacking into the social networking site between April and May this year at a hearing in London’s Southwark Crown Court on Tuesday. The court heard that the incident sparked a major security alert amid fears that some form of industrial espionage was involved, the BBC reports.

Mangham, a computer science student, had previously advised Yahoo! on how to improve the security of its website. Although his subsequent actions against Facebook were not maliciously motivated they were unauthorised and resulted in the extraction of what prosecutor Sandip Patel described as “highly sensitive intellectual property”. Mangham had downloaded and stored code he wanted to work with offline.

Although Mangham attempted to delete his tracks he was tracked down and arrested, after which he freely admitted his actions, violations of the UK’s Computer Misuse Act. Evidence of the hack was discovered during a routine security check.

In a statement, Facebook explained its decision to file a criminal complaint, adding that the “attack did not involve an attempt to compromise or access user data”.

At Facebook nothing is more important to us than the security and integrity of our site, and we take any attempt to compromise our security network incredibly seriously. We work closely with law enforcement agencies and the police to ensure that offenders are brought to justice.

This attack did not involve an attempt to compromise or access user data.

A sentencing hearing against Mangham has been set for 17 February. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/14/facebook_hack_prosecution/

The author of recent guidance on using social media for nurses and midwives says NHS managers should be able to actively respond to issues around how their staff use social media.

Andy Jaeger, assistant director of public and professional communications at the Nursing and Midwifery Council (NMC) and author of recent guidance on social media, says that NHS managers must be better equipped to handle issues around social media.

The regulator has seen an increase in the number of enquiries from nurses and midwives about social media and referrals that directly relate to social networking, but despite this there are still managers who are “social media refuseniks”.

“One of things that we say in our advice is that if a manager has responsibility for investing in a complaint about the use of a social networking site, that they should join the social networking site so that they understand the mechanics of how it works. People need to familiarise themselves with this kind of thing,” he says.

“I think actually what it needs is a robust response at a local level. In our advice much of what we’ve done is interpret the standards that already exist around conduct, performance and ethics. We’re just helping people to understand what it is that is going on and then act appropriately.”

But he says: “that really is better done not with a set of national guidelines from the Department of Health, but with local managers taking responsibility and understanding the issue and dealing with it for themselves.”

Last month a snapshot survey of some of England’s biggest trusts by the Guardian’s healthcare network showed that 72 separate actions were carried out by 16 trusts against staff who inappropriately used social media between 2008-09 and October 2011, suggesting social networking sites are presenting some challenges to the health service.

Jaeger say one of the things that prompted the guidance over the summer were questions from employers about issues of confidentiality and when it was appropriate or not to be friends with a patient on Facebook. This led to guidance being created largely based on the NMC’s code of conduct for nurses and midwives.

“We heard from students, nurses and midwives about the inconsistencies in the way that their managers were dealing with problems that they were raising about colleagues or other students’ use of social networking sites,” Jaeger says. “So some of what we’ve included in our advice is around the managers who are having to deal with these issues. It’s actually for them to have some understanding of social networking sites and how they work, but also to take the issues that are raised with them as seriously as if they had happened in a real world scenario.”

The British Medical Association (BMA) also issued guidance around the same time as the NMC as it said it felt that with more people using social media, advice and guidelines were lacking.

The NMC’s guidance has proved a success among healthcare professionals, and the guidance has received 50,000 page views since it was published in July.

From his own experience, Jaeger explains that while there are some managers who use Facebook and Twitter, there are some that are “social media refuseniks”. This becomes an issue when these managers fail to understand the ethics around social media, which makes it hard for them to tackle problems that arise as they might not see why something may be inappropriate.

Jaeger says: “When I’ve given talks on this I’ve used the example of somebody taking photographs of their colleagues, changing them and putting rude captions on them and sharing them online.

“If you view that as seriously as if somebody had done that and pinned it on a staff noticeboard, it gives you as a manager a better steer about how important it is that you deal with those kinds of things robustly and not just think because it happened on a social networking site like Facebook that it’s not important, because it is.”

Jaeger says he believes that staff misuse of social media is largely unintentional, but there are cases that the NMC deals with which are “absolutely deliberate” – which is perhaps not surprising given that the regulator deals with referrals relating to nurses and midwives that may not be fit to practice. Such instances include pursuit of relationships with patients and bullying and harassment of colleagues.

Looking to the future, Jaeger says that the NMC is currently helping the British Psychological Society to produce its own set of social media guidelines for psychologists. He says the NMC is also interested in encouraging healthcare professionals to use social networking sites to positively engage with patients and share good health stories. He adds that it would be disappointing if some health professionals stayed away from sites like Facebook just because they were scared of misusing it.

“We’re starting to think about, organisationally, the kind support we can give to nurses and midwives who are positively using social media as a way of talking about health,” he says. “There are potentially so many positive benefits. It’s an area we’re looking at, and we’ll be publishing something in the new year on the subject.”

This article was originally published at Guardian Professional. Join the Guardian Healthcare Network to receive regular emails on NHS innovation.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/14/nhs_facebook_twitter/