Tag Archive for K12

| February 14, 2013
Comments Off

School Kids’ Data at Risk

School Kids' Data at RiskIn the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country. Data thieves want this information to commit identity theft. The author cites several recent cases:

Child identity theftThe article says these incidents highlight the growing risk of school kids’ vulnerability to identity theft. Across the country, schools have become conduits for children’s pristine Social Security numbers, which are increasingly falling into the hands of credit-hungry identity thieves. The frequent data breaches have prompted calls for schools to stop collecting sensitive student data and have angered parents like Art Staehling, whose 14-year-old daughter was among 18,000 Nashville students who had their Social Security numbers accidentally exposed online for three months in 2009.

“They left the gate wide open,” Staehling told The Huffington Post. “It’s clumsiness. There’s no excuse for it. If schools want that information, there should be some sort of penalty paid if they don’t guard it with their lives. I haven’t found a reason why they honestly need it.”

Socail security numberSchools collect students’ Social Security numbers as part of a campaign to more precisely track their progress. But privacy experts told Huff Post there are less risky ways to identify students, accusing schools of needlessly exposing children to identity theft by gathering their Social Security numbers in central databases with lackluster security.

The push for collecting student data began under the federal No Child Left Behind Act. Financial incentives in the 2009 stimulus package, including Race to the Top‘s $250 million in competitive grants drove schools to collect student social security number, according to Reidenberg.

Electronic school recordsThe U.S. Department of Education has warned schools not to use students’ Social Security numbers in their databases. The Huff Post says the Feds urge schools to create other unique identifiers. Social Security numbers are “the single most misused piece of information by criminals perpetrating identity thefts,” according to a technical brief issued last fall by the National Center for Education Statistics.

Despite the warnings, the collection and use of students’ Social Security numbers in K-12 schools remains “widespread.” An audit last year by Patrick O’Carroll, the Social Security Administration‘s inspector general found students’ Social Security numbers printed on transcripts, tests and athletic education forms. According to the article, The audit concluded that schools were using the numbers “as a matter of convenience.” O’Carroll found there have been at least 40 data breaches of confidential student information at K-12 schools since 2005.

“We believe the unnecessary collection and use of Social Security numbers is a significant vulnerability for this young population,” O’Carroll wrote. “Each time a student provides his or her Social Security number, the potential for a dishonest individual to unlawfully gain access to, and misuse, the number increases.”

Read Part 2 here:

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public and/or publicly displayed or mailed within an envelope.

 

Related articles

 

Category: Security | Tags: , , , , , , , ,
| December 18, 2012
Comments Off

VC’s Take on Ed Tech

VC’s Take on Ed Tech  at GigaOM reports on an open online course on entrepreneurship in education, called Ed Startup 101. During the course Fred Wilson, a managing partner at Union Square Ventures, gave a little insight into how venture capitalists view opportunities in education technology. Union Square Ventures has invested in education social network Edmodo, Skillshare, Codecademy and Duolingo.

Ed Startup 101VC Wilson said that education’s, notorious reputation for bureaucracy and long sales cycles have traditionally turned off VC’s (full video available here). But as startups have attempted new models that skip over institutional buyers to target teachers and students, investors have steadily warmed to the sector, including K-12 education. The blog cites data from GSV Advisors, a Chicago-based investment firm that specializes in education, who says that transactions in K-12 education climbed from just $13 million in 2005 to $389 million in 2011. Funding has been so strong that some have already started asking the inevitable question about whether an ed tech bubble is brewing.

The author offers a few takeaways from the video.

Bypass traditional K12 sales channelsConsumer tech offers plenty of models for freemium ed tech startups -The venture capitalist gave several examples in which consumer startups with a free service eventually found a path to profitability after years of venture backing, including Dropbox and Twitter. In those examples, he said, venture capital played a key role in helping them reach the scale that would make a freemium model work.  As the ed tech market expands, he expects models of all kinds – from those supported by advertising to those with enterprise licensing models – to emerge. Both Dropbox and Twitter are problematic to an enterprise network.

  • Someone PLEASE give me a long-term educational reason to give students on-network access to Twitter that out-weighs the distraction and cheating factors.
  • Dropbox is a potential data theft tool if allowed. We have seen 600 – 800 Mb of Dropbox space on users shares, then they complain when they can’t save their work to the network. Dropbox’s network behavior is annoying. Dropbox wants to check in with the mother-ship thousands of times a day. On our network we block file sharing with the content filter. When a users installs a Dropbox client on their workstation (don’t get me going about local admins) we have seen 60,000 attempts to connect to the Dropbox mother-ship over the course of a week. Dropbox could improve their product by throttling their checking in the long it doesn’t connect throttle down their phone-homes.

Work around the IT folksSell to the learner first, not the institution – Mr. Wilson says that ed tech firms should bypass traditional education sales channels. “We should compete with the existing education system as opposed to sell to it,” Wilson said. He thinks that entrepreneurs can make faster progress by bringing their tools straight to the learners and the teachers providing instruction. That’s the way Edmodo has gained its strong traction and the approach Codecademy has taken with its after-school program targeting students in schools without computer science instruction. As students and teachers adopt new platforms, Wilson said, the institutions will come around.

Gee I don’t know, sell to the end-user and then force the entire enterprise to change to accommodate a new toy, how very Apple of him. But VC’s don’t have to do the work. Maybe if he had to make AppleTV work on a network or get iMac‘s to regularly login to Active Directory.

Vendor lock-inVendor exclusivity is a bad thing - As more companies turn their attention to online learning and digital education, Wilson said universities shouldn’t standardize with just one vendor but support the range of tools that faculty members choose. Exclusivity, he said, makes vendors “fat and happy” and less incentivized to innovate.  “I don’t think there’s any benefit anyone would get by standardizing on one platform,” he said.

I agree with him here, the perfect example is Blackboard. They don’t seem to want to make our life easier. The restore process is stupid. Bring on Moodle.

Other areas of opportunity in ed tech – The VC says that his firm also thinks there are ed tech opportunities include:

  • Credentialing (Grades) Now that plenty of platforms offer courses and instruction, the next step is figuring out whether students are actually mastering the skills and knowledge that they’re setting out to learn.
  • He also said he thinks there are opportunities in peer-to-peer platforms, which leverage online communities to reduce the cost of creating curriculum and learning content,
  • Vertically focused startups, such as those similar to Codecademy and Duolingo.

rb-

Shell gameIt’s not only my opinion that the freemium model is a bait and switch scam that sucks users into a product and then does a switch at some time in the future to a pay model. But that is a VC’s take on Ed Tech, what is your?

 

Related articles
Category: K12 | Tags: , , , , ,
| October 2, 2012
One comment

Texas Schools Track Students with Chip in ID Cards

RFID smart card technologyUpdated 01-19-13 The student lost her lawsuit against the district. The student and her family had sued the district, claiming that her first amendment rights were being violated (she claims the RFID tag is “the mark of the Beast”), but the school removed the RFID chip from her ID and the court found that that was a reasonable accommodation.

Updates 12-02-12 A self-described teenaged Anonymous hacker claims to have hacked the web site of Texas’s Northside Independent School District’s in support of student who refuses to wear an RFID ID badge according to the San Antonio Express-News. The district’s site was never compromised, Northside spokesman Pascual Gonzalez said.

In a statement posted on Twitter, the teenaged hacker wrote: “Now it is your school and your rules, but you seen what I did to your website, and have a simple deal for you, weather you accept it or not, is up to you,” the statement reads. “If you still want to do this tracking idea on the students, at least have a meeting with each and every students parents, so they know what is going on.”

Updated 11-21-12 It is not surprising to me that Wired is reporting that the school district is being sued over the program. According to Wired, the family, claims that the student refuses to wear the badge because it signifies Satan.

A Texas school district is putting tracking chips into new, mandatory student ID’s to keep tabs on students’ whereabouts while on campus. According to Sophos’ Naked Security blog, Texas’s Northside Independent School District‘s John Jay High School and Anson Jones Middle School are performing a pilot test of the technology.

Sophos logoFOX 29 TV in Texas reports that students will be required to wear the cards on a lanyard around their necks and will be charged a fee for losing them. Their location will be beamed out to electronic readers throughout the campuses.

The one-year pilot program, which will cost the district $261,000, is also expected to increase attendance, and could bring an extra $2 million to the district in state funding as a result, District spokesman Pascual Gonzalez said. He stated that the program will be reevaluated next summer.

Track to SchoolIn a letter to parents, school administrators stated that the ID cards will store no personal information and that they’ll work only on school grounds. “Think how important this will be in the case of an emergency,” the letter reads. “In addition, the ‘smart’ student ID card will be used in the breakfast and lunch lines in the cafeteria and to check out books from the library. Because all students will be required to wear their ‘smart’ ID, staff will be able to quickly identify Jay students inside the school.”

FoxNews reports that a coalition of privacy and civil liberties organizations and experts have called for a moratorium on the technology, including the American Civil Liberties Union.

RFID tagThe Sophos blog reports that some parents are protesting, comparing the tags to RFID tags used to track cattle. Steven Hernandez, a father of a student who attends the school and the only local parent to attend a protest late last month, told KSN News that the new badges amount to “a spy chip”.

His daughter, Andrea, a sophomore, told KSN that she’s decided to wear her old photo ID even though students were told the new micro-chip ID is mandatory: “It makes me uncomfortable. It’s an invasion of my privacy.”

Northside ISD’s Gonzalez rejected that criticism, saying the pilot program and the “smart” ID cards have been used successfully in Houston’s Spring Independent School District for at least the past five years. “This is non-threatening technology,” he said. “This is not surveillance.”

rb-

There is a great deal of bluster arounPoll: Should I use my new blink card?d this article on the blog. Look around people, your passports and drivers licences have RFID tags. What about proximity card readers? Have you checked the Visa in your wallet? Isn’t near field communications (NFC) the hot topic in the VC world?

I will bet a cookie that some of the same folks blustering about ID tags also favor gutting public education funding, yet the object to efforts to increase alternate sources of revenue for Texas schools by using chips in student ID cards.

Related articles

Category: Wireless | Tags: , , , , ,
| September 20, 2012
2 comments

Students – Insider Threat At School

Data theftI have spoken to several tech people out side of K-12 lately. When the topic of information security comes around,  they talk about how much they are focusing on the “growing insider threat” their employers face. I always smile because those of us in K-12 have always faced a hostile internal threat, students. Here are a couple of examples  of how students can be an insider threat at school.

At Colorado’s Jefferson County Schools KUSA reports that administrators are investigating reports that student hackers got into Golden High School’s computer system and changed grades. Investigators are looking into whether students inside the school hacked the campus portal system. “People started giving themselves A’s,” a student is quoted.

Golden High School students told media that the hackers changed the grades for themselves and others just before winter break and the end of the first semester.

Administrators do not even know how many grades may have been changed. It could be low as 15 students or as high as 200. The district will not say if any students have been caught or how many are suspected of hacking into the system.

Jefferson County Schools Superintendent Cindy Stevenson told local TV Students - Insider Threat At Schoolher staff is working hard to find out how it happened. When they do, she says security will be improved.

Prestigious Berkeley High Schoolin Berkeley CA succumbed to the student insider threats. The media  nearly three dozen students were suspended and face expulsion for hacking into the school’s attendance system, an act that could lead to criminal prosecution according to SFGate. At least four students used an administrator’s stolen password to clear tardies and unexcused absences from the permanent records of 50 students, offering the service or the password for a price, Principal Pasquale Scuderi said.

The hackers erased from the system hundreds of cut classes and tardies from October through December, and charged classmates $2 to $20 for the illicit help, Scuderi told the SFGate.

The student insider threat struck Orange County, California. OmarData BreachKhan a former student of Tesoro High School, pled guilty to charges of having installed spyware on his high school’s computers and having used the collected passwords to get access to the grade system and change his grades according to CSO Online.

Khan and another student, Tanvir Singh were arrested for breaking into the school’s assistant principal’s office at night. Khan’s goal was to destroy the evidence that he cheated on a statistics test by stealing it.

Student hacker in jailKhan, had faced a maximum of 38 years in prison on the felony burglary and public-record tampering charges, is expected to be sentenced to 30 days in jail, 500 hours of community service, and ordered to pay about $15,000 in restitution.

The article says Khan admitted he was guilty of breaking into school offices and installing spyware on computers and then using the passwords to change some of his grades and that of 12 other students.

He also acknowledged that he changed his transcript grades to appeal rejection letters from the University of Southern California, the University of California, Berkeley, and the University of California, Los Angeles.

Nerdy hackerPC World reports that in Pahrump, Nevada, Tyler Coyner Pahrump Valley High School’s 2010 salutation with a 4.54 grade point average, was arrested as the ringleader in a group of 13 students who have been charged with conspiracy, theft and computer intrusion. The article states that Coyner somehow obtained a password to the school’s grade system and, over the course of two semesters, offered to change grades in return for cash payments.

According to PC World, ten juveniles have also been arrested for having profited from Coyner’s offer to bump up their grades. It turns out that Coyner, somewhat foolishly – chose to make himself the one that profited most from his scheme. In fact, the 4.54 grade point average that made him the school’s salutation is the result of his own grade manipulation.

rb-

Looks like Coyner is gotten a head start on his dream of becoming a Wall Street hedge fund trader by facing criminal charges as a student insider threat at school.

 

 

 

Category: Security | Tags: , , , , , ,
| July 31, 2012
Comments Off

Mommy Hacker

HackerzTime Magazine reports that a Pennsylvania woman faces six felony charges for hacking the computer system at her kids schools. Catherine Venusto, 45, hacked into the Northwestern Lehigh School District computer system and altered the grades of her two children, ABC News reports. Venusto had worked at the district as an administrative office secretary from 2008 through April, 2011. A year before she quit, Venusto, of New Tripoli, PA ad been accused of changing her daughter’s failing grade to a medical exception. And in February, 2012, she was accused of changing her son’s 98 to a 99.

Data integrityMs. Venusto was arraigned on three counts of unlawful use of a computer and three counts of computer trespassing and altering data. All six of those charges are third degree felonies. Pennsylvania State police say Venusto admitted changing the grades, saying she thought her actions were unethical but not illegal.

When ABCNews.com attempted to contact Ms. Venusto at her current job as an event coördinator at Lehigh University, a school employee said her employment ended Wednesday.Venusto’s lawyer, Thomas Carroll, declined to comment.

School grades“I’m concerned on numerous levels,” said Jennifer Holman, Northwestern Lehigh School District’s assistant superintendent. “When we say systems, there were three difference systems violated…There were 10 different users that at some point had their email violated.”

Assistant superintendent Holman told ABCNews.com that she first realized something was wrong when a teacher asked why superintendent Mary Ann Wright was in that teacher’s online grade book. Once Wright explained she was never in the grade book, administrators and state police began looking for whoever used Wright’s username and password without permission.

Bad passwordsPA State police discovered Venusto used Wright’s username and password 110 times to access the district’s online grading system, according to the District Attorney’s office. Venusto also allegedly accessed nine other faculty members’ email accounts without permission, and accessed the human resources “H-drive” to view “thousands of files associated with district policy, contract information, employee reports and personnel issues.”

Superintendent Wright released a statement on Wednesday in anticipation of Venusto’s arraignment.

“We deeply regret this incident and that this unauthorized accessMommy hacker occurred, and we sincerely regret any inconvenience this may cause,” Wright wrote. “We are doing everything we can to prevent this from happening again, and new security procedures are in place to better assure that our systems are protected from such attempts.”

The court set bail at $30,000, but Venusto will not have to pay it unless she does not appear in court for her preliminary hearing. Venusto could face a maximum of 42 years in prison or a $90,000 fine, according to District Attorney’s office spokeswoman Debbie Garlicki, who said the maximum penalty on each count is seven years or a $15,000.

rb-

Deputy Barney FifeThe mommy hacker’s defense is “I thought it was immoral but not illegal”. I will mention in passing the declining parenting standards which is creating a bunch of narcissistic and self-absorbed generation that has no conscious to what right and wrong is. 

The Administration and IT department both bear blame for this intrusion. Some easy to implement best practices could have shut the mommy hacker down quicker. They should have required regular password changes. They could have broken the bank and installed an intrusion protection systems. Those of us who work in K-12 understand that security is only important after an incident.

 

Category: Security | Tags: , , , ,
« Older Entries  

Switch to our mobile site