Sunday, April 17, 2016
For my Computer Security students to pass on to their organization’s security manager.
Schools put on high alert for JBoss ransomware exploit
More than 2,000 machines at schools and other organizations have been infected with a backdoor in unpatched versions of JBoss that could be used at any moment to install ransomware such as Samsam.
That's according to Cisco's Talos threat-intelligence organization, which on Friday announced that roughly 3.2 million machines worldwide are at risk.
Many of those already infected run Follett's Destiny library-management software, which is used by K-12 schools worldwide.
"Follett identified the issue and immediately took actions to address and close the vulnerability," the company told Cisco.
… Governments and aviation companies are also among the organizations affected, Cisco said.
There must be a database of unsupported software somewhere that we could match to what we have installed. If not, let’s create one.
Here's why US is urging Windows users to uninstall Quicktime
… The US Computer Security Readiness Team (CERT) on Thursday issued an alert after Trend Micro put out word that Apple will no longer be updating defenses in QuickTime and that two vulnerabilities in the program could be exploited by hackers.
"Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems," CERT said in the alert.
"The only mitigation available is to uninstall QuickTime for Windows."
A “backgrounder” for my Computer Security students.
When a nation is hacked: Understanding the ginormous Philippines data breach
I usually don’t talk about “pending” law because it changes so frequently.
James Anderson reports:
Colorado lawmakers are moving to enact what is billed as one of nation’s toughest student privacy laws at a time when unscrupulous data collectors can identify youths by their keystrokes in typing class and sell their information.
The House on Thursday unanimously backed a bill that defines at what point data accumulated by in-class programs can identify students. The legislation from Reps. Paul Lundeen and Alec Garnett requires companies to destroy, not just delete, that information, unless authorized by contract to keep it. Deleted data can be traced and retrieved, the lawmakers say.
Read more on The Daily Reporter.
Not surprisingly, perhaps, the Software Information Industry Association is urging lawmakers not to enact such strong legislation and to do what other states have done:
Existing laws, contracts and a privacy pledge adopted by the trade group’s members ensures data privacy, said Brendan Desetti, director of education policy. The Federal Trade Commission can enforce the pledge, he said.
Oh, puhleese – like the short-on-resources FTC is really going to enforce student data protection laws if companies violate any pledges? Yes, the FTC would have authority to do so, but would they? Better to have strong state laws that states enforce, I think.
Good customer service?
Sorry, Kids: No More iTunes Allowances for You
Apple issued a Support Page update on Wednesday, announcing that it was turning off its iTunes Allowances feature. Starting on Thursday, parents will not be able to open new accounts. Those who have existing allowances will see their accounts canceled.