Featured Posts

<< >>

Ordinary People Did Extraordinary Things to Aid the American Revolution

The men who declared American Independence in 1776 get their due respect in the history books. But often, many of the men and women who helped earn that independence are forgotten. Mental Floss pays tribute to 11 of the unsung heroes who made huge contributions to the American Revolution. This is the story of Joseph

The Enemy Within

Naked Security reports on a hack that combines two of our favorite things on the Bach Seat, Florida and lax data security in schools. The way the Sophos blog tells the story, a 14-year-old Florida boy has been charged with trespassing on his school’s computer system after he shoulder-surfed a teacher typing in his password, used it without permission to trespass

How Social Engineering Works

From where I sit in my Bach Seat, it is clear that cyber-attackers will try anything to penetrate your online security. They will even exploit human nature to get access to a firms digital assets. In the human world, people who exploit human nature are often referred to as politicians, con-men or grifters. In the

Emoji Passcodes Replace PIN at ATM

Followers of the Bach Seat know that passwords are evil. I have written about dumb passwords again, again and again. Now a firm in the UK wants us to replace out ATM PINs with Emoji passcodes. The Verge brings us the latest theory get users to use passwords better than “123456,” “password,” and “12345678.” EMOJI. Yes those Japanese pictographs

2Gbps Coming To The D

Not so long ago, Comcast was leaving Detroit. Now, the embattled cable provider has announced it is ramping up its 2 Gbps fiber-to-the-home (FTTH) campaign in Motown. FierceTelecom reports that Comcast will bring its Gigabit Pro service to about 1.5 million homes in Michigan. The service provider said it will offer Gigabit Pro to residential

Ordinary People Did Extraordinary Things to Aid the American Revolution

The men who declared American Independence in 1776 get their due respect in the history books. But often, many of the men and women who helped earn that independence are forgotten. Mental Floss pays tribute to 11 of the unsung heroes who made huge contributions to the American Revolution.

This is the story of Joseph Plumb Martin the original Yankee Doodle. Martin was a typical soldier in the Revolutionary War. He joined the Connecticut state militia at just 15 years old and went on to serve almost seven years in the Continental Army of General George Washington.

What set Martin apart is that he kept a detailed diary during the War and many years later published an anonymous account based on that diary entitled A Narrative of Some of the Adventures, Dangers and Sufferings of a Revolutionary Soldier, Interspersed with Anecdotes of Incidents that Occurred Within His Own Observation. Although it sold poorly during his lifetime, the book was republished over 100 years later under the title Private Yankee Doodle and shed new light on the daily life of the men who made independence possible.

rb-

Between the hot dogs mosquitos and shopping, do something important. Turn off the TV, Read a book, Thank a veteran, Get smarter about how politicians are destroying the country.

Related articles

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

The Enemy Within

The Enemy WithinNaked Security reports on a hack that combines two of our favorite things on the Bach Seat, Florida and lax data security in schools. The way the Sophos blog tells the story, a 14-year-old Florida boy has been charged with trespassing on his school’s computer system after he shoulder-surfed a teacher typing in his password, used it without permission to trespass in the network, and tried to embarrass a teacher he doesn’t like by swapping his desktop wallpaper with an image of two men kissing.

Insider threatThe author cites a Tampa Bay Times report which says that an eighth-grader was recently arrested for “an offense against a computer system and unauthorized access”, which is a felony. Sheriff Chris Nocco said that the teen logged onto the network of a Pasco County School District school using an administrative-level password without permission.

In fact, a spokesman for the Pasco County Sheriff’s Office told Network World that the student was not detained. Rather, he was questioned at the school before being released to his mother. His sentence remains to be seen, but at this point, it’s looking like the boy isn’t going to suffer much more than a 10-day school suspension and what sheriff’s detective Anthony Bossone says is likely to be “pretrial intervention” by a judge with regards to the felony charge, the Tampa Bay Times reports. Naked Security says this is the student’s second offense.

Old school network securityWhen the newspaper interviewed the student at home, he said that he’s not the only one who uses that password. Other students commonly log into the administrative account to screen-share with their friends, he said. It’s a well-known trick, the student said, since the password was a snap to remember: it’s just the teacher’s last name, which the boy says he learned by watching the teacher type it in.

The sheriff says that the student didn’t just access the teacher’s computer to pull his wallpaper prank. He also reportedly accessed a computer with sensitive data – the state’s standardized tests (now we know why he is in trouble – NCLB! – Common Core!!while logged in as an administrator. Those are files he well could have viewed or tampered with, though he denies having done so. Sheriff Nocco says that’s the reason why this can’t be dismissed as being just a bit of fun. Even though some might say this is just a teenage prank, who knows what this teenager might have done.

I logged out of that computer and logged into a different one and I logged into a teacher’s computer who I didn’t like and tried putting inappropriate pictures onto his computer to annoy him.

in typical HS-er logic, he told the newspaper:

If they’d have notified me it was illegal, I wouldn’t have done it in the first place. But all they said was ‘You shouldn’t be doing that.

DDos attackAnother report from the other side of the continent comes from Engadget which reports that a teenager from Idaho took advantage of the latest trend in online criminal activity and likely rented a cloud based botnet to launch a distributed denial of service (DDos) against the largest school district in Idaho. The alleged DDoS took down the school district’s internet access according to media reports.

KTVB News reports that the 17-year-old student paid a third party to conduct a distributed denial of service attack that forced the entire West Ada school district offline. The act disrupted more than 50 schools, bringing everything from payroll to standardized tests (More high stakes testing – NCLB! Common Core!!) grinding to a halt. Unfortunate students undertaking the Idaho Standard Achievement test were required to go through the process multiple times because the system kept losing their work and results.

BotnetThe report goes on to say that authorities have found the Eagle High student from their IP address, and could now face State and Federal felony charges. If found guilty, the unnamed individual is likely to serve up to 180 days in jail, as well as being expelled from school. In addition, the suspect’s parents are going to be asked to pay for the financial losses suffered as a consequence of the attack.

rb-

Many school networks have bigger pipes than the business world. Some EDU networks I have worked on have had 10 GigE for years. In the rest of the online world, these incidents would serve as a wake-up call to network managers that hey, we might be at risk too, but not schools. Oh yeah – Password are Evil

Rightly or wrongly schools rely on the Intertubes for instruction, their core-business and NCLB high-stakes testing, but they take no steps to have strong passwords or prevent DDoS or other network outages from occurring.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

How Social Engineering Works

From where I sit in my Bach Seat, it isHow Social Engineering Works clear that cyber-attackers will try anything to penetrate your online security. They will even exploit human nature to get access to a firms digital assets. In the human world, people who exploit human nature are often referred to as politicians, con-men or grifters. In the digital domain, it is called social engineering. Most online attackers use some sort of social engineering to get users to do something risky.

Fake web siteHere a list of 6 psychological tricks that social engineers use to trick staff.

1- Reciprocation – When people are provided with something, they tend to feel obligated and subsequently repay the favor.

2 – Scarcity – People tend to comply when they believe something is in short supply. As an example, consider a spoof email claiming to be from a bank asking the user to comply with a request or else have their account disabled within 24 hours.

Phishing3 – Consistency –  Once targets have promised to do something, they usually stick to their promises because people do not wish to appear untrustworthy or unreliable. For example, a hacker posing as a company’s IT team could have an employee agree to abide by all security processes, then ask them to do a suspicious task supposedly in line with security requirements.

4 – Liking – Targets are more likely to comply when the social engineer is someone they like. A hacker could use charm via the phone or online to win over an unsuspecting victim.

Social engineering5 – Authority – People tend to comply when a request comes from a figure of authority. So a targeted email to the finance team that appears to come from the CEO or company president will likely prove effective.

6 – Social validation – People tend to comply when others are doing the same thing. For example, a phishing email might look as if it’s sent to a group of employees, which makes each employee believe the message must be valid if other colleagues also received it.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Emoji Passcodes Replace PIN at ATM

Emoji Passcodes Replace PIN at ATMFollowers of the Bach Seat know that passwords are evil. I have written about dumb passwords again, again and again. Now a firm in the UK wants us to replace out ATM PINs with Emoji passcodes. The Verge brings us the latest theory get users to use passwords better than “123456,” “password,” and “12345678.” EMOJI. Yes those Japanese pictographs that anybody over 15 loves to hate. 

EMOJI KNEE HIGH SOCKSSince most users just don’t care about their passwords Intelligent Environments, a UK firm that makes digital banking software, has created what it’s calling the “world’s first emoji-only passcode,” offering a choice of 44 emoji that can be used to create a four-character PIN. The company told the Verge the 44 emoji can create 3,498,308 possible permutations for non-repeating emoji passcodes, compared to just 7,290 for traditional non-repeating PIN.

The firm believes that everyone loves emoji, so why not replace those pesky digits emoji?  Intelligent Environments is betting that forcing people to use emoji instead of numbers would also stop them choosing PINs based on memorable events — birthdays and weddings for example — that might be easily guessed. Tony Buzan, inventor of the Mind Map technique is quoted by the company, adds that the idea “plays to humans’ extraordinary ability to remember pictures, which is anchored in our evolutionary history.” Memory expert Buzan explains, “Forgetting passwords is because the brain doesn’t work digitally or verbally. It works imagistically.”

TPassword dresshe author points out while it is a clever idea, certainly, but don’t get too excited yet: it’s not the first PIN replacement we’ve seen, and implementing these ideas is always far more difficult than just coming up with them. Intelligent Environments’ press release is also little too heavy on the hyperbole (it claims that “64 percent of millennials regularly communicate only using emojis” — really? Only using emoji?) and a little too light on actual industry support. Intelligent Environments’ managing director David Webber told BBC News that the company hadn’t patented the idea, meaning any bank that wants to introduce emoji PIN codes can do so. Although, there’s always the chance that security wouldn’t be increased as everyone picked what is objectively the best emoji passcode ever: four smiling poops.

rb-
There is some research that says this makes sense. The kids think they are so cool with their newfangled emoji. What about old-school?

: )

:-O

(-_-)

(^_^)

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Related articles

2Gbps Coming To The D

2Gbps Coming To The D Not so long ago, Comcast was leaving Detroit. Now, the embattled cable provider has announced it is ramping up its 2 Gbps fiber-to-the-home (FTTH) campaign in Motown. FierceTelecom reports that Comcast will bring its Gigabit Pro service to about 1.5 million homes in Michigan. The service provider said it will offer Gigabit Pro to residential customers in Detroit, Flint, Grand Rapids, Jackson and Lansing. Tim Collins, senior vice president of Comcast Cable’s Heartland Region, said in a release that the company’s move into Michigan is designed to address “tech-savvy residents who have a need for even faster speeds.”

Similar to other markets where it has announced plans to deliver Gigabit Pro, homes that live in near Comcast’s fiber network will be eligible to get Gigabit Pro service. Customers will have to have a technician install an optical network terminal and related equipment at their home for the service. In addition to the metro-Detroit area, Comcast plans to offer 2 Gbps service in Benton Harbor and St. Joseph (as part of the Greater Chicago region).

Comcast has not yet disclosed what it will charge for the Gigabit Pro offering. The author cites a DSL Reports article, Comcast was planning a $299 per month price tag for the service, which would make it much more expensive than Google’s $70 per month Google Fiber service or AT&T’s (NYSE: T) $120 per month charge for its gigabit services. However, it’s unclear if Comcast will adhere to that pricing when it does launch service.

The article says today, Comcast charges $399.95 a month for its 505 Mbps tier. An Ars Technica report said Comcast’s 2 Gbps service will cost less than that. It also said that all 505 Mbps customers will be upgraded to the new Gigabit Pro service. As the MSO tries to work out pricing, it decided to delay the initial May release of the service to a new, undetermined date.

rb-

Lets be honest, the real hero here is Dan Gilbert and his RocketFiber project. As has been the case where Google Fiber has gone in, the other players suddenly show an interest in that market. I predict a win for RocketFiber, because Mr. Gilbert’s people understand customer service and Comcast hates its customers.