If the school didn’t care enough to secure or monitor their
systems, why take it out on these students?
They Hacked
Their School District When They Were 12. The Adults Are Still Trying
to Catch Up.
The hack started small, in 7th grade, when they
bypassed their middle school’s internet filters to watch YouTube
during lunch.
But by the time Jeremy Currier and Seth Stephens
were caught, more than two years later, their exploits had given them
extraordinary reign over the computer network of the Rochester
Community Schools, a well-to-do suburban district about 45 minutes
outside Detroit.
The teens had access to the logins, passwords,
phone numbers, locker combinations, lunch balances, and grades of all
15,000 of their classmates.
They could view teachers’ tests, answer keys,
and email messages.
They could control the district’s security
cameras and remotely operate its desktop computers via their phones.
… Though there’s no evidence to date that
Jeremy and Seth directly threatened anyone, the district expelled
both boys, then referred them to the county sheriff’s office.
… Seventh grade was also the year the boys
noticed a sticky note
attached to one of the public computers in the middle
school library. It had a username and password on it, they said, in
case students or staff wanted to look up books but had forgotten
their own credentials.
Jeremy and Seth discovered that by logging in with
the information on the note, then closing out of the library
software, they could access files that had been shared with the
library’s adult staff.
One
of the files, they said, was a Microsoft Excel spreadsheet with a
filename that included the school year and the word “students.”
The file was unprotected.
They opened it up.
It
contained the passwords for every student in the Rochester district.
Probably
not Russians and probably not campaign related.
Caballero’s
Merced office burglarized. An effort to ‘take down’ campaign,
staff says
Campaign staffers working for Anna Caballero’s
bid for the California Senate say a break-in and theft at the
campaign’s Merced office resulted in stolen campaign material as
well as computers and electronics containing voter information.
According to Bryan King, campaign manager for
Senate Democrats, about
9,500 door hangers [What
possible value to thieves? Bob] informing people where
and how to vote had been stolen from the West Main Street office.
Additionally, every laptop was taken from the
office as well as devices
used to scan voter data and personal items such as cell
phones used to call voters, according to King.
“They also ripped out our internet modem so
we’re totally offline right now,” King said.
“Gosh, we never thought about security!”
U.S. Secret
Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service
A year ago, KrebsOnSecurity warned that “Informed
Delivery,” a new offering from the
U.S.
Postal Service (USPS) that lets residents view
scanned images of all incoming mail,
was
likely to be abused by identity thieves and other fraudsters
unless the USPS beefed up security around the program and made it
easier for people to opt out. This week, the
U.S.
Secret Service issued an internal alert warning that
many of its field offices have reported crooks are indeed using
Informed Delivery to commit various identity theft and credit card
fraud schemes.
The internal alert — sent by the Secret Service
on Nov. 6 to its law enforcement partners nationwide — references a
recent case in Michigan in which seven people were arrested for
allegedly stealing credit cards from resident mailboxes after
signing up as those victims at the USPS’s Web site.
… The Michigan incident in the Secret Service
alert refers to
the
September 2018 arrest of seven people accused of running up
nearly $400,000 in unauthorized charges on credit cards they ordered
in the names of residents. According to
a
copy of the complaint in that case (PDF), the defendants
allegedly stole the new cards out of resident mailboxes, and then
used them to fraudulently purchase gift cards and merchandise from
department stores.
Follow your ‘best practice’ procedures and
this will never happen.
Catalin Cimpanu reports:
The personal details of nearly 700,000
American Express (Amex) India customers have been accidentally left
exposed online via an
unsecured MongoDB server.
The leaky server, which was left exposed
online without a password,
was discovered three weeks ago by Bob Diachenko, Director of Cyber
Risk Research at cyber-security firm Hacken.
Most of the data on the server appeared
to have been encrypted and required a decryption key to view, but the
researcher says 689,272 records were stored in plaintext and
accessible to anyone who stumbled upon the database.
Another example of poor security by design.
Default
Account Exposes Cisco Switches to Remote Attacks
A
default account present in Cisco Small Business switches can allow
remote attackers to gain complete access to vulnerable devices. The
networking giant has yet to release patches, but a workaround is
available.
The
follow-on to GDPR…
First Came
GDPR, Then Comes ePrivacy - What to Expect with Global Data
Regulations
While
the GDPR was designed to ensure protection for personal data related
to European Union (EU) citizens, ePrivacy takes this approach a step
further by ensuring personal and family privacy in relation to data
collection, storage and usage. Put more simply, ePrivacy protects
your right to a personal life and personal existence.
I’m not sure the reporters understand what she
is saying. On one hand, BIG is not automatically dominant. On the
other hand, individual slices of a company may be dominant in some
areas. On a third hand, perhaps it’s just a language problem?
Europe's
anti-monopoly chief conducted 'very preliminary investigations' into
Apple but decided it's 'not a dominant company'
The European Commission conducted "very
preliminary investigations" into whether
Apple
might be so large that it had an anti-competitive effect in Europe,
but quickly realised that the company was not "dominant"
enough in its markets to warrant further action, the European
Commissioner for Competition said Wednesday.
… "Google in the legal term of dominance
is a dominant company because they are dominant in search," she
said. "The bigger you get the more responsibility you get. So
if you are a dominant company, you also have a special responsibility
because competition is weakened in the market that you're in. This
is why we have the Google case. This is the legal basis of the
Google case. And if a
company is not dominant it can do all the things that a dominant
company can do, and in some of the areas where we have had
very preliminary investigations, we find that Apple is not a dominant
company.
Interesting. Who knew that China produced 25% of
the world’s beer?
Knoema -
Huge Collections of Data Maps and Charts
Knoema
is a service that offers a huge collection of data sets and maps for
public use. Knoema offers data maps and charts for almost every
country in the world. There are dozens of data categories to pick
from. Some of the data categories that you will find include GPD Per
Capita, Government Debt, Migration, Housing, Energy Consumption, and
Agricultural Production.
To find a data map or chart on
Knoema
to use with your students first select a data set then choose a
country from the drop-down menu tied to each data set. Each data
set, map, and chart can be exported downloaded and or embedded into a
blog post or webpage.
For the tool kit.
Visme -
Great Tools for Making Flowcharts and Mind Maps
Visme
is a graphic design tool that I've been using off and on for the last
five years. Back when I started using Visme it was known as EWC
Presenter and it was a good tool for designing slides and
infographics. Recently, Visme added new flowchart design templates
and tools. The flowcharts that you make on Visme can be downloaded
as PDFs, shared via email and social media, or embedded into blog
posts. If you use any of the online sharing options, you can include
interactive elements in your flowcharts.
Watch
the following video to learn how to quickly create flowcharts and
mind maps on Visme.
Perhaps it was Taylor Swift fans, perhaps Donald
Trump haters, either way it seems 53% still don’t care.
A Boatload
Of Ballots: Midterm Voter Turnout Hit 50-Year High
Voter turnout on Tuesday was massive: More than
47
percent of the voting-eligible population cast a ballot in
the midterm elections on Tuesday. That's according to early
estimates from the
United
States Election Project.