Security | Bach Seat

Tag Archive for Security

RB | September 20, 2012

Students – Insider Threat At K12 Schools

I have spoken to several tech people outside of K-12 lately. When the topic of information security comes around, they talk about how much they are focusing on the “growing insider threat” their employers face. I always smile because those of us in K12 have always faced a hostile internal threat, students. Here are a couple of examples of how students can be an insider threat at school.

student hackers changed grades At Colorado’s Jefferson County K12 Schools KUSA reports that administrators are investigating reports that student hackers got into Golden High School’s computer system and changed grades. Investigators are looking into whether students inside the school hacked the campus portal system. A student said, “People started giving themselves A’s.”

Golden High School students told the media that the hackers changed the grades for themselves and others just before winter break and the end of the first semester.

Administrators do not even know how many grades were changed. It could be low as 15 students or as high as 200. The district will not say if any students were caught or how many are suspected of hacking into the system.

Jefferson County Schools Superintendent Cindy Stevenson told local TV her staff is working hard to find out how it happened. When they do, she says security will be improved.

Berkeley High School

Prestigious Berkeley High School in Berkeley CA succumbed to the student insider threats. The media reports nearly three dozen students were suspended and face expulsion for hacking into the K12 school’s attendance system, an act that could lead to criminal prosecution according to SFGate. At least four students used an administrator’s stolen password to clear tardies and unexcused absences from the permanent records of 50 students, offering the service or the password for a price, Principal Pasquale Scuderi said.

The hackers erased from the system hundreds of cut classes and tardies from October through December, and charged classmates $2 to $20 for the illicit help, Scuderi told the SFGate.

Orange County K12 schools

The student insider threat struck K12 schools in Orange County, California. Omar Khan a former student of Tesoro High School, pled guilty to charges of having installed spyware on his high school’s computers and having used the collected passwords to get access to the grading system and change his grades according to CSO Online.

Khan and another student, Tanvir Singh were arrested for breaking into the school’s assistant principal’s office at night. Khan’s goal was to destroy the evidence that he cheated on a statistics test by stealing it.

Khan had faced a maximum of 38 years in prison on the felony burglary and public-record tampering charges is expected to be sentenced to 30 days in jail, 500 hours of community service, and ordered to pay about $15,000 in restitution.

The article says Khan admitted he was guilty of breaking into school offices and installing spyware on computers and then using the passwords to change some of his grades and that of 12 other students.

He also acknowledged that he changed his transcript grades to appeal rejection letters from the University of Southern California, the University of California, Berkeley, and the University of California, Los Angeles.

Nevada salutation

PC World reports that in Pahrump, Nevada, K12 schools Tyler Coyner, Pahrump Valley High School’s 2010 salutation with a 4.54-grade point average, was arrested as the ringleader in a group of 13 students who have been charged with conspiracy, theft, and computer intrusion. The article states that Coyner somehow obtained a password to the school’s grade system and, over the course of two semesters, offered to change grades in return for cash payments.

According to PC World, ten juveniles have also been arrested for having profited from Coyner’s offer to bump up their grades. It turns out that Coyner, somewhat foolishly – chose to make himself the one that profited most from his scheme. In fact, the 4.54-grade point average that made him the school’s salutation is the result of his own grade manipulation.

rb-

Looks like Coyner is gotten a head start on his dream of becoming a Wall Street hedge fund trader by facing criminal charges as a student insider threat at school.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2012, Hack, High school, Insider threat, K12, Password, PII, Security, Student

RB | September 18, 2012

Comments Off

Emma Watson Most Dangerous Online Celebrity

Emma Watson Most Dangerous Online Celebrity Computer security company McAfee warns fans of “Harry Potter” star Emma Watson to be careful when searching for photos of the actress. In the sixth annual Most Dangerous Celebrity study, the Intel (INTC) owned security technology company says there is a one-in-eight chance of landing on a malicious site if you Google Ms. Watson.

The blog says that the 22-year-old actress is dangerous because many cyber-criminal sites use her name or photos to trick users into downloading malicious software or to steal personal information. “It goes without saying that we are a celebrity-obsessed culture. We hyper-focus on their lives, what they look like, what they’re doing,” Robert Siciliano, McAfee’s online security expert told the LA Times. “Currently Emma Watson is one of those people that criminals have determined is a good target, based on the demographics of those who pay attention to her.”

Mr. Siciliano said criminals know that they can dupe a teenage boy to click on a link that infects the family’s computer, potentially giving them access to, say, a parent’s tax files that contain social security numbers.

“It’s a really a brilliant scam — and it’s so simple,” McAfee’s Siciliano said. “Hackers set up the websites, they use … search engine optimization to get the websites high up in search [rankings]. And once they get them high up in search, lace it with links and downloads that are infected.”

Female stars dominate the list of celebs used to dupe the unsuspecting. Late-night talk show host Jimmy Kimmel was the only guy to make McAfee’s “most dangerous” list, weighing in at No. 13.

rb-

McAfee recommends these steps to protect yourself:

Stick to sites you know and trust. If you don’t recognize the URL, don’t click.
Avoid search results that look too good to be true.
Alluring keywords like “nude” or “sex tape” are especially risky. Keep it clean.

following these steps will protect you from malware spread by Emma Watson, the most dangerous celebrity online.

McAfee's Most Dangerous Online Celebrities

2012	2011	2010	2009
Emma Watson	Heidi Klum	Cameron Diaz	Jessica Biel
Jessica Biel	Cameron Diaz	Julia Roberts	Beyonce
Eva Mendes	Piers Morgan	Jessica Biel	Jennifer Aniston
Selena Gomez	Jessica Biel	Gisele Bundchen	Tom Brady
Halle Berry	Katherine Heigl	Brad Pitt	Jessica Simpson
Megan Fox	Mila Kunis	Adriana Lima	Giselle Bundchen
Shakira	Anna Paquin	Jennifer Love Hewitt & Nicole Kidman	Miley Cyrus
Cameron Diaz	Adriana Lima	Tom Cruise	Meghan Fox & Angelina Jolie
Salma Hayek	Scarlett Johansson	Heidi Klum & Penelope Cruz	Ashley Tisdale
Sofia Vergara.	Emma Stone, Brad Pitt & Rachel McAdams	Anna Paquin	Brad Pitt

For the 6th year in a row, McAfee researched popular culture’s most famous people to reveal which ones are the riskiest to search for online

Category: Uncategorized | Tags: 2012, Emma Watson, Harry Potter, Malware, McAfee, Security

RB | September 13, 2012

Comments Off

Everyone Snoops Thru Smartphones

Mobile device users lose almost 70 million smartphones per year in the U.S., about 30 percent of all the phones in use at any given time. According to one report only seven percent of the lost smartphones are recovered. Only 57 percent had any security, but 60 percent have confidential contact lists, emails, Internet and security codes and credentials for business apps or mobile-payment services.

Even if an honest person finds your mobile, security company Symantec (SYMC) says that the good Samaritan will look at the confidential data stored on the smartphone while trying to return it. The study (PDF) found that 96 percent of the people who found a mobile device planted by the security vendor peeked at personal data. People who found the smartphones:

Clicked on an app labeled “online banking” 43% of the time
Tried to run a remote-access/VPN app to access the fake network 49% of the time
Clicked on a filed named “HR salaries” 49% of the time
Opened a file named “saved passwords” 57% of the time
Checked social networking tools and personal e-mail 60% of the time
Accessed a folder labeled “private photos” 72% of the time
Checked out something on the lost mobile device 96% of the time

Online storage company Carbonite (CARB) reports that the data on a mobile device is valuable enough and the headaches involved in recovering it are big enough that 50 percent of Americans would rather give up all of a year’s vacation time than lose all the files on their smartphones.

rb-

Even though most Americans would give up their vacation then lose the data on their mobile devices they don’t take steps to prevent other from snooping through their data. Simplistic as it seems, one password will deter most casual snoops.Identity theft data lose and embarrassment can easily be prevented by using the password screen-lock that comes with all smartphones.

How to Set a Passcode

WikiHOW explains How to Set a Passcode on the iPad to prevent people from snooping through your Apple (AAPL) iPad2.

Open the “Settings” app and tap “General Settings”. Continue by opening “Passcode Lock” in the center box of options.

Scroll until you find the “Passcode” option, then tap it. If this is your first time enabling a passcode, “Turn Passcode On” will be the only selectable option. If your iPad supports Touch ID, this option will be called “Touch ID & Passcode.”

Turn Passcodes on by tapping the “Turn Passcode On” option.

Enter a six-digit passcode of your choosing. You’ll need to enter it again exactly the same way on the next screen to verify. Be sure that it is a combination you won’t easily forget, as well as one that is also hard for others to figure out. This has increased from 4 – 6 characters since I first posted this article in 2012.

Re-enter the passcode. Pay close attention as you type to avoid mistyping the passcode. If both your new passcodes match each other, you’ll be taken back to the “Passcode Lock” screen.

Press the lock button to lock your iPad. You still need to confirm that your passcode is active.

Swipe right on your iPad’s screen, then enter your passcode. Your iPad is now passcode-protected!You can change or remove your passcode at any time in the “Passcode” menu.

How to Set a Passcode on the iPad - Step 7

rb-

Apple has updated this process since I first wrote about putting a lock on your iPad in 2012.

Tips to Security and Privacy with Mobile Devices (thedroidguy.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedIn, Facebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2012, iPad, Mobile device, Security, Symantec, SYMC

RB | September 11, 2012

Comments Off

ITU Regs Bad for Cybersecurity

Emma Llansó at the Center for Democracy & Technology writes that the International Telecommunication Union is ill-suited to regulate cybersecurity. The United Nations-backed ITU will meet in December to try to expand its control over the Internet. The CDT believes that the issue of cybersecurity perfectly illustrates why the ITU should not be given expanded regulatory authority to include matters of Internet governance.

The UN body is holding the World Conference on International Telecommunications (WCIT) this December in Dubai, UAE to renegotiate the International Telecommunication Regulations (ITRs), the UN’s core telecommunications treaty. The ITRs were in 1988 and sets forth general principles for the operation of international telephony systems. The CDT reports that some Member States of the ITU want to use the WCIT to expand these regulations to Internet matters by amending the ITRs. The CDT and others have warned of the risks to online freedom and innovation if the UN is allowed to regulate the Internet. The CDT has released a paper (PDF) that examines in detail some of the proposals pending before the ITU relating to cybercrime and cybersecurity.

The CDT states that cybersecurity is undeniably a critical issue for the future of telecommunications and indeed for global commerce, development, and human rights. On the other hand, it is ill-suited to the kind of centralized, government-dominated policy-making that the ITU represents.

Cybersecurity requires agility: Given the pace of technological change, governmental bodies are not likely to be the source of effective technical solutions. The CDT predicts those solutions will emerge from multi-stakeholder efforts, involving ICT companies, technologists, academics, and civil society advocates, as well as governments.

Moreover, the cybersecurity issue inevitably leads straight into questions of human rights and governmental power: surveillance, privacy, and free expression. None of these are issues the ITU has any expertise in or any ability to assess and balance. The CDT suggests, rather than adopting vague wording that could be used by governments as justification for repressive measures, the ITU should endorse existing standards initiatives such as those underway at the IETF and continue to serve as one forum among many for the development of consensus-based, private sector-led efforts.

According to the CDT briefing, the Arab States regional group has offered a proposal to amend the ITRs to require Member States to “undertake appropriate measures” to address issues relating to “Confidence and Security of telecommunications/ICTs,” including “… online crime; controlling and countering unsolicited electronic communication (e.g Spam); and protection of information and personal data (e.g. phishing).” The governments of the middle-east have a history of manipulating the Internet to silence dissent.

Another example of why the UN should not control the Internet comes from the African Member States cybersecurity proposal which deals with data retention. The CDT reports the requirement will force communications companies to retain data about customers and communications for the benefit of the government rather than for business purposes.

Analysis by CDT says that this requirement goes against American criminal laws. This data retention law turns the presumption of innocence on its head since these cybersecurity data retention laws apply to every citizen regardless of whether they have committed a crime. Further, because data retention laws require service providers to store information that identifies people online, they threaten anonymity online, implicating the rights to both privacy and free expression.

The CDT writes that several cybersecurity proposals to amend the ITRs refer to the routing of communications. One proposal from the Arab States regional group would amend the ITRs to specify that “A Member State has the right to know how its traffic is routed.”

The proposal is justified on the grounds of security, according to the CDT which some Member States clearly interpret to mean national security. In its comments, Egypt argued, “… Member States must be able to know the routes used … to maintain national security. If the [Member State] does [not] have the right to know or select the route in certain circumstances (e.g. for Security reasons), then the only alternative left is to block traffic from such destinations…”

The brief explains that Internet protocol (IP) networks transmit communications and interconnect entirely differently than traditional telephone networks; in that context the Arab States proposal to “know how traffic is routed” simply would not work and could fundamentally disrupt the operation of the Internet. If the Arab States proposal were applied to all Internet communications, the requirement that countries be able to “know” how every IP packet is routed to its destination would necessitate extensive network engineering changes, not only creating huge new costs but also threatening the performance benefits and network efficiency of the current system.

The brief goes on to explain that the Arab States proposal could also serve to legitimize governmental efforts to set up controls on the Internet traffic, by enshrining in an international treaty. Changes to IP routing rules to carry out the Arab States’ cybersecurity proposal could give the Member States more technical tools to use to block traffic to and from certain websites or nations. The regulations on routing that the Arab States proposal condones could take a variety of forms, from prohibiting certain IP addresses from being received inside a country to tracking users by IP addresses and blocking specific individuals from sending or receiving certain communications. “Knowledge” of IP routing could also encompass countries keeping track of what websites their citizens visit or with whom they email – all in the name of national security.

These types of regulations, which could be legitimized if the Arab States proposal is adopted, could threaten user rights to privacy and freedom of expression on the Internet.

rb-

The UN must not be allowed to expand its control over the Internet. ITU regulation will be bad for cybersecurity.

No need for UN to take over internet, says EU digital chief Kroes (zdnet.com)

Category: Uncategorized | Tags: 2012, CDT, Computer, Cybersecurity, Dubai, IETF, Internet Freedom, ITU, Security, United Nations, WCIT

RB | August 28, 2012

One comment

A History of Mac Malware: Part 1

Graham Cluley at Sophos recently wrote an excellent history of Apple Macintosh malware. He points out that Mac malware is a subject that raises strong emotions. There are some who believe that the problem is over-hyped and others who believe that the malware problem on Macs is underestimated by the Apple-loving community. The author writes that hopefully, this short history will go some way to present the facts and encourage sensible debate. (rb- We have just taken on a new customer which is 85% Mac and 15% PC. I have had this very conversation with my Apple certified tech who does the field support.)

Click here for part two of this series. Click here to read my recent series commemorating the 25th anniversary of the computer virus.

1982 – Apple II – The first virus to affect Apple computers wasn’t written for the Macintosh (the original Mac did appear until 1984). 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers. On every 50th boot the Elk Cloner virus would display a short poem:

It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

The blog says many Apple fans are surprised that the Elk Cloner boot sector virus predates IBM (IBM) PC viruses by some years. (I got my first paying tech job using an Apple II and PFS:File to build a database).

1987 – Macintosh – The nVIR virus began to infect Apple Macintosh computers, spreading its malware mainly by floppy disk. It was a similar story to what was happening in the world of MS-DOS malware, where viruses would typically travel from computer to computer by users sharing floppy disks.

Source code for nVIR was later made available, causing a rash of variants for the Mac platform. The author writes that the first anti-virus products for Mac, some free, some commercial, began to emerge in response th this malware. (In my first tech support Job, I got very familiar with the Mac 30/SE, since there was a computer lab full of them with a SCSI chain from the Mac to an external hard drive to a scanner. They also printed to a LaserWriter 2 with AppleTalk and Phonenet. I still have a bag of terminators.)

1988 – HyperCard – Running on early versions of Apple’s Mac OS, one HyperCard virus displayed a message about Michael Dukakis’s US presidential bid before self-destructing:

“Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14-year-old, and am completely harmless. Dukakis for preseident (sic) in ’88. Peace on earth and have a nice day”

1990 – The MDEF virus (aka Garfield) emerged, spreading malware on application and system files on the Mac.

1991 – HC (also known as Two Tunes or Three Tunes) was a HyperCard virus discovered in Holland and Belgium in March 1991. The writes that on German language versions of the operating system it would play German folk tunes and display messages such as “Hey, what are you doing?” and “Don’t panic.”

1995 – Concept Macro Virus – Microsoft (MSFT) accidentally shipped the first-ever Word macro virus, Concept, on CD-ROM. It infected both Macs and PCs running Microsoft Word. Concept was not written with malicious intent but thousands of macro viruses were to follow, many also affecting Microsoft Office for Mac. Word macro viruses turned the world of Mac *and* Windows malware on its head overnight according to Sophos.

Macro viruses are written in an easy-to-understand macro language that Microsoft included in its Office programs making it. The blog says the macro language made it child’s play to create new malware variants. Most people at the time considered documents to be non-dangerous and were happy to receive them without thinking about the security risks. Just opening a Word .DOC file could infect your computer because the macro virus’s code was embedded within.

1996 – Laroux Excel macro virus – The Laroux virus did not affect Mac users until Microsoft released Excel 98 for Mac and then Apple users could also become victims.

1998 – Hong Kong introduced the next significant Mac malware outbreak the blog says. It was first spotted in the wild in Hong Kong. The worm – dubbed AutoStart 9805 – spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+. (rb- An AutoPlay issue – whoda thunkit?). In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.

After 1988 Mr. Cluely writes that big changes to the Mac malware scene were just around the corner. The release of Mac OS X, a whole new operating system which would mean that much of the old malware would no longer be capable of running. Mac-specific malware would have to be written with a new OS in mind.

In Depth: Macs and malware: how real is the threat? (techradar.com)

Category: Uncategorized | Tags: 2012, AAPL, Apple, Elk Cloner, history, HyperCard, IBM, Mac, Mac OS, Mac OS X, Macintosh, Malware, Microsoft, MSFT, Security

« Older Entries Recent Entries »

Bach Seat

Tag Archive for Security

Students – Insider Threat At K12 Schools

Berkeley High School

Orange County K12 schools

Nevada salutation

Emma Watson Most Dangerous Online Celebrity

McAfee's Most Dangerous Online Celebrities

Everyone Snoops Thru Smartphones

How to Set a Passcode

rb-

Related articles

ITU Regs Bad for Cybersecurity

Related articles

A History of Mac Malware: Part 1

Related articles

Meta