Tag Archive for 2013

| February 19, 2013
Comments Off on School Kids’ Data at Risk – Part 2

School Kids’ Data at Risk – Part 2

School Kids' Data at RiskIn the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country.

Read Part One here:

Data Quality Campaign, an organization that encourages states to build student databases argues that students’ Social Security numbers are useful for education policy by creating “enhanced analytical opportunities” for evaluating school curriculum. “The more important conversation is not whether states are collecting Social Security numbers, but how they are ensuring the privacy, security, and confidentiality of all personally identifiable information,” Laird said in a statement to the Huff Post. “We can’t speak to how Social Security numbers are collected and stored at the local level,” she added.

The article cites one survey that concludes student PII is not stored very securely. Only half of K-12 schools use data encryption, according to a survey of IT employees at K-12 schools nationwide. 72% cited budget constraints as the primary barrier to improving their IT security, according to the survey by Panda Security (PDF). Collecting PII in central databases with lackluster security is asking or trouble, “This is making a much bigger honey pot for people with malevolent purposes to gain access to children’s information,” Joel Reidenberg, a professor at Fordham University School of Law. He told The ID Channel, “It’s a meltdown waiting to happen.”

School districts in 26 states now ask for students’ Social Security numbers. The Michigan Department of Education states (PDF), “A school district cannot mandate that parents disclose the social security number of their children.” Huff Post states that Texas is one of those states where education officials use PII to connect K-12 records to higher education and workforce data, according to Debbie Ratcliffe, a spokeswoman for the Texas Education Agency.

Last year, the Texas agency asked eight school districts to send PII, including Social Security numbers, through the mail on unencrypted CDs for research purposes. The article reports that Laredo Independent School District learned the CD it sent got lost in the mail, exposing nearly 25,000 current and former high school students to identity theft, according to the Texas Tribune. Ratcliffe told The Huffington Post that the request came from an agency employee who operated “way outside” normal protocol.

Social Security numbers are useful enhanced analytical opportunitiesIt was not the only school data breach in Texas.

  • Beaumont school officials told parents that Social Security numbers belonging to an estimated 15,000 students were accidentally exposed online for nearly a year.
  • The San Antonio Independent School District told parents that names and Social Security numbers of up to 360 students were mistakenly made visible through a Google search.

Still, the Texas Education Agency has no plans to stop asking school districts for students’ Social Security numbers, Ratcliffe told the author. “We have so many databases that use them that it would require quite a bit of change to make that happen,” she said.

Texas has no plans to stop asking for students' Social Security numbersYet concerns over child identity theft have prompted at least five states — Nebraska, North Dakota, Washington, Maine and Wyoming. to create policies that restrict the collection and use of Social Security numbers in K-12 schools.

Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction Coleman said in an interview, “To protect those Social Security numbers would be a hassle we don’t need,”

Parents can refuse to disclose their child’s Social Security number, and the student would be assigned a different identifying number. Ratcliffe, of the Texas Education Agency, said most parents disclose their child’s number anyway.

Parents can refuse to disclose their child's Social Security numberBut privacy experts say, in most cases, parents should keep that information to themselves. “When someone asks for your child’s Social Security number, say no,” said Aaron Titus, chief privacy officer for Identity Finder, which helps organizations protect sensitive data. “I have found about 90 percent of the time when I push back a little bit, I get my way.”

Data breaches leave people six times more likely to become victims of identity theft, according to a survey by Javelin Research. Schools warn parents to monitor their children’s credit after a data breach. The Huff Post says credit reports only turn up 1 percent of fraud on children’s credit histories because thieves pair children’s Social Security numbers with new names and birth dates, a study by Debix found.

More than 18,000 child identity theft complaints were reported to the Federal Trade Commission. But experts tell Huff Post that figures on child identity theft are likely much higher because the crime often goes undetected for years. ID Analytics estimates more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service. When child identity theft victims turn 18, they find their credit has been destroyed, preventing them from taking out loans or renting apartments.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
    • Child Identity Theft: Warning Signs and Action (lexingtonlaw.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| February 16, 2013
Comments Off on UP EAS Warns of Zombie Attack

UP EAS Warns of Zombie Attack

UP EAS Warns of Zombie AttackEmergency Alert Systems at northern Michigan television stations sent out a fake emergency alert warnings. The alters warned the UP of a zombie attack after being hacked. The fake broadcast warned that bodies were rising from the grave and alerted people to avoid contacting the walking dead.

MLive Zombiereports the message went on Monday about 8:30 p.m.. The zombie attack warning interrupted “The Bachelor” on WBUP, ABC 10 and “The Carrie Diaries,” a prequel to “Sex and The City,” on CW. The same person got into Northern Michigan University’s public television station WNMU-TV 13. That message interrupted “Barney and Friends” at about 4 p.m., reports NMUstation manager Eric Smith.

People panicked and it was crazy and we didn’t know how to stop it,”  Cynthia Thompson, station manager and news director at ABC 10 and CW 5 in Marquette, MI said. The suspected hacker has been caught, according to MLive, Ms. Thompson could not release any further details on the suspect.

Attacks around the nation

Security leakSimilar attacks were reported at Great Falls, MT station KRTV and KNME/KNDM in Albuquerque, NM. The security breach’s occurred at stations that didn’t have their login names or passwords reset from factory default settings, said Ed Czarnecki, senior director for strategy and regulatory affairs for Monroe Electronics Inc., a Lyndonville, NY based manufacturer of EAS equipment. “We are very aggressively working with authorities … to ensure that all broadcasters have updated their passwords on their critical equipment,” he said.

Michigan Association of Broadcasters CEO Karole White said the MAB is taking the issue very seriously and working with the Michigan State Police and Federal Communications Commission on the case. “Though this was kind of a pranksters joke, they could have used a different code that could have caused people to be very concerned and possibly even panic,” CEO White said.

HackerInfoSecurity says the problem goes beyond just passwords. Mike Davis, a security expert with IOActive, submitted a report to US-CERT detailing flaws in the equipment used by the EAS system a month before the incident. “Changing passwords is insufficient to prevent unauthorized remote login. There are still multiple undisclosed authentication bypasses,” he told Reuters via email. “I would recommend disconnecting them from the network until a fix is available.

Really, really, terrible software

According to Kaspersky’s ThreatPost, the flaws Mr. Davis unearthed allowed him to do exactly what Monday’s hacker did. “There is some really, really, terrible software on the other side of that box,” Davis said. “There are some known issues like authentication bypasses and what I would call back doors, although I don’t know if they were meant that way. While I can’t provide authenticated messages [from the EAS system itself], I can log into all of them and insert authenticated messages.

The problems that Davis found,” warns ThreatPost, “represent a serious weakness in the EAS system. Some of the ENDECs (encoder-decoder) are networked together in a way that enables them to relay messages to one another, so an attacker who could compromise one could conceivably cause problems on others, as well.

 rb-

Umm Networking 101, change your default passwords.

Haven’t the dead been roaming the halls of Congress for years? Brain dead anyway!?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| February 14, 2013
Comments Off on School Kids’ Data at Risk

School Kids’ Data at Risk

School Kids' Data at RiskGerry Smith writes about the growing amount of school kids’ data being stolen across the country. In the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” the author explains why.  Data thieves want this information to commit identity theft. The author cites several recent cases:

Child identity theftThe article says these incidents highlight the growing risk of school kids’ vulnerability to identity theft. Across the country, schools have become conduits for children’s pristine Social Security numbers. The students’ numbers are increasingly falling into the hands of credit-hungry identity thieves. The frequent data breaches have prompted calls for schools to stop collecting sensitive student data. The breaches have angered parents like Art Staehling, whose 14-year-old daughter was among 18,000 Nashville students who had their Social Security numbers accidentally exposed online for three months in 2009.

They left the gate wide open for data theft

“They left the gate wide open,” Mr. Staehling told The Huffington Post. “It’s clumsiness. There’s no excuse for it. If schools want that information, there should be some sort of penalty paid if they don’t guard it with their lives. I haven’t found a reason why they honestly need it.

Schools collect students' Social Security numbersSchools collect students’ Social Security numbers as part of a campaign to more precisely track their progress. But privacy experts told Huff Post there are less risky ways to identify students. The privacy experts accuse schools of needlessly exposing children to identity theft by gathering their Social Security numbers. Mn then not securing them.

The push for collecting student data began under the federal No Child Left Behind Act. Financial incentives in the 2009 stimulus package, including Race to the Top‘s $250 million in competitive grants drove schools to collect student social security numbers, according to Reidenberg.

No Child Left Behind Act drove schools to collect student social security numbersThe U.S. Department of Education has warned schools not to use students’ Social Security numbers in their databases. The Huff Post says the Feds urge schools to create other unique identifiers. The National Center for Education Statistics warned schools last fall that. They told educators that Social Security numbers are “the single most misused piece of information by criminals perpetrating identity thefts.”

School abuses student’s Social Security numbers

Despite the warnings, the collection and use of student’s Social Security numbers in K-12 schools remain “widespread.” An audit last year by Patrick O’Carroll, the Social Security Administration‘s inspector general. The IG found students’ Social Security numbers printed on transcripts, tests, and athletic education forms. According to the article, the audit concluded that schools were using the numbers “as a matter of convenience.” Mr. O’Carroll found there have been at least 40 data breaches of confidential student information at K-12 schools since 2005.

In his report, O’Carroll wrote.”We believe the unnecessary collection and use of Social Security numbers is a significant vulnerability for this young population. Each time a student provides his or her Social Security number, the potential for a dishonest individual to unlawfully gain access to, and misuse, the number increases.

Read Part 2 here.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
  • Young children can be identity-theft targets (goerie.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| February 12, 2013
Comments Off on UN Tries to Control the Internet Again

UN Tries to Control the Internet Again

UN Tries to Control the Internet AgainInfoSecurity reports that even after much of the free world refused to sign the controversial new ITU WCIT-12 treaty in December 2012, U.S. Many argued this would give the UN control of the Internet. Federal Communications Commission (FCC) Commissioner Robert M. McDowell warned, ‘the worst is yet to come.’

ITU logoThe United States,” he said, “should immediately prepare for an even more treacherous ITU treaty negotiation that will take place in 2014 in Korea. Those talks could expand the ITU’s reach even further.” McDowell seems convinced that the ITU’s desire to control the internet is not a passing fancy, but a long-term intent. He may be right, and it may come before 2014.

Last week the ITU Secretary-General Hamadoun Touré released his draft report for the Fifth World Telecommunication/Information and Communication Technology Policy Forum 2013. “This draft report of the Secretary-General to the WTPF-2013,” it states, “aims to provide a basis for discussion at the Policy Forum, incorporating the contributions of ITU Member States and Sector Members, and serving as the sole working document of the Forum focusing on key issues on which it would be desirable to reach conclusions.

ITU’s takeover attemptSuggested themes for discussion include, “Global Principles for the governance and use of the Internet,” and “On the basis of reciprocity, to explore ways for greater collaboration and coördination between ITU and relevant organizations – including, but not limited to, the Internet Corporation for Assigned Names and Numbers (ICANN), the Regional Internet Registries (RIRs), the Internet Engineering Task Force (IETF), the Internet Society (ISOC) and the World Wide Web Consortium (W3C) – involved in the development of IP-based networks and the future internet, through cooperation agreements, as appropriate, to increase the role of ITU in Internet governance to ensure the largest benefits to the global community.”

This is exactly what caused disarray in December’s WCIT in Dubai the commissioner states.

Meanwhile, a ‘de-fund the ITU petition has appeared on the White HouseWe the People’ website. A supporting website gives full details. “Fighting on behalf of the Internet,” it states, The United States government and fifty-four other countries rejected the ITU’s takeover attempt, but this is a single battle in a war that the ITU will continue to fight. The ITU is spending more than $180M/year to oppose the Internet and is drawing from its reserves more heavily each year ($9M in 2010, up from $5.5M in 2009), as progressive countries withdraw their payments from the ITU’s war-chest.

The ten most oppressive countries in the Open Net Initiative’s ranking of online freedom all sided against the internet, and none of them are giving the ITU as much as the U.S. is. If all the countries that stood with the Internet against the ITU’s attack withdraw their funding, it claims, “the ITU’s membership revenue will be reduced by 74%.

The petition also calls for future U.S. delegations to be reduced “to no more than one USG representative, tasked primarily with communicating a U.S. position that the ITU’s only legitimate area of authority is radio communications.” The long-term danger from such entrenched views on both sides is that the worldwide nature of the internet might fracture into one internet under multi-stakeholder governance in the ‘free’ world, and a series of heavily government-regulated Internets elsewhere.

Freedom and prosperity are at stake,” warned Commissioner McDowell.

rb-

I have warned about the United Nations’ attempt to take over the Internet since November.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| February 7, 2013
Comments Off on Internet of Things Infographic

Internet of Things Infographic

Internet of Things InfographicBosch Software Innovations released some new data on the Internet of Things (IoT)  In the near future, more and more devices and systems will be capable of sending and receiving data automatically via the internet. We’re already poised on the verge of new developments that offer enormous market potential. Bosch believes the Internet of Things isn’t just a distant vision of the future, it’s already very real and is having an impact on more than just technological developments.

The blog claims that in the next few years, increasing numbers of devices and systems will automatically send and receive data over the Internet. The author claims that we are about to see a huge new market develop.

By 2015, Bosch predicts that the number of IP-ready devices connected to the Internet will grow to a total of 6,593 billion. Even more impressive according to the author, is the growth in Internet access. The blog reports that in 1995, less than 1% of the world’s population was online, in 2011 this number exploded to 2.3 billion people online, Bosch expects that in 2015, 5.5 billion people will have internet access (source: ITU). This equates to around 75% of the world’s population.

The German firm estimates the number of devices configured to send and receive data over the Internet will reach 50 billion devices in 2020. Just recently, Vint Cerf, who is better known as the father of the internet, also spoke in an interview about the number of devices and confirms this assumption.

Bosch Internet of Things markets

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »