Archive of ‘privacy’ category

Cybersecurity Risks in schools

FBI Warns Educators and Parents About Edtech’s Cybersecurity Risks

By Tina Nazerian     Sep 14, 2018

https://www.edsurge.com/news/2018-09-14-fbi-warns-educators-and-parents-about-edtech-s-cybersecurity-risks

The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.

In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.

Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.

“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”

According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.

++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

AI tracks students writings

Schools are using AI to track what students write on their computers

By Simone Stolzoff August 19, 2018
50 million k-12 students in the US
Under the Children’s Internet Protection Act (CIPA), any US school that receives federal funding is required to have an internet-safety policy. As school-issued tablets and Chromebook laptops become more commonplace, schools must install technological guardrails to keep their students safe. For some, this simply means blocking inappropriate websites. Others, however, have turned to software companies like GaggleSecurly, and GoGuardian to surface potentially worrisome communications to school administrators
In an age of mass school-shootings and increased student suicides, SMPs Safety Management Platforms can play a vital role in preventing harm before it happens. Each of these companies has case studies where an intercepted message helped save lives.
Over 50% of teachers say their schools are one-to-one (the industry term for assigning every student a device of their own), according to a 2017 survey from Freckle Education
But even in an age of student suicides and school shootings, when do security precautions start to infringe on students’ freedoms?
When the Gaggle algorithm surfaces a word or phrase that may be of concern—like a mention of drugs or signs of cyberbullying—the “incident” gets sent to human reviewers before being passed on to the school. Using AI, the software is able to process thousands of student tweets, posts, and status updates to look for signs of harm.
SMPs help normalize surveillance from a young age. In the wake of the Cambridge Analytica scandal at Facebook and other recent data breaches from companies like Equifax, we have the opportunity to teach kids the importance of protecting their online data
in an age of increased school violence, bullying, and depression, schools have an obligation to protect their students. But the protection of kids’ personal information is also a matter of their safety

+++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

more on surveillance  in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

thermal imaging

***** thank you Tirthankar ! ******* : https://www.linkedin.com/feed/update/urn:li:activity:6424443573785235456

Recovering Keyboard Inputs through Thermal Imaging

https://www.schneier.com/blog/archives/2018/07/recovering_keyb.html

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it’s interesting to think about the types of scenarios in which it might be pulled off.

+++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

Are your phone camera and microphone spying on you

Are your phone camera and microphone spying on you?

https://www.theguardian.com/commentisfree/2018/apr/06/phone-camera-microphone-spying

Apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber

Felix Krause described in 2017 that when a user grants an app access to their camera and microphone, the app could do the following:

  • Access both the front and the back camera.
  • Record you at any time the app is in the foreground.
  • Take pictures and videos without telling you.
  • Upload the pictures and videos without telling you.
  • Upload the pictures/videos it takes immediately.
  • Run real-time face recognition to detect facial features or expressions.
  • Livestream the camera on to the internet.
  • Detect if the user is on their phone alone, or watching together with a second person.
  • Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.

For instance, here’s a Find my Phone application which a documentary maker installed on a phone, then let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone.

The government

  • Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
  • Government security agencies like the NSA can also have access to your devices through in-built backdoors. This means that these security agencies can tune in to your phone calls, read your messages, capture pictures of you, stream videos of you, read your emails, steal your files … at any moment they please.

Hackers

Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.

An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.

Once a user opens this PDF file, the hacker can then:

  • Install whatever software/app they like on the user’s device.
  • Use a keylogger to grab all of their passwords.
  • Steal all documents from the device.
  • Take pictures and stream videos from their camera.
  • Capture past or live audio from the microphone.
  • Upload incriminating images/documents to their PC, and notify the police.

And, if it’s not enough that your phone is tracking you – surveillance cameras in shops and streets are tracking you, too

  • You might even be on this website, InSeCam, which allows ordinary people online to watch surveillance cameras free of charge. It even allows you to search cameras by location, city, time zone, device manufacturer, and specify whether you want to see a kitchen, bar, restaurant or bedroom.

++++++++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

more on surveillance in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

 

Putin’s game

What Putin Really Wants

Russia’s strongman president has many Americans convinced of his manipulative genius. He’s really just a gambler who won big.

JULIA IOFFE  JANUARY/FEBRUARY 2018 ISSUE

https://www.theatlantic.com/magazine/archive/2018/01/putins-game/546548/

(translated in Bulgarian http://librev.com/index.php/2013-03-30-08-56-39/prospects/europe/3371-igrata-na-putin-1

“They do plan,” said a senior Obama-administration official. “They’re not stupid at all. But the idea that they have this all perfectly planned and that Putin is an amazing chess player—that’s not quite it. He knows where he wants to end up, he plans the first few moves, and then he figures out the rest later. People ask if he plays chess or checkers. It’s neither: He plays blackjack. He has a higher acceptance of risk. Think about it. The election interference—that was pretty risky, what he did. If Hillary Clinton had won, there would’ve been hell to pay.”

Even the manner of the Russian attack was risky. The fact that the Russians didn’t really bother hiding their fingerprints is a testament to the change in Russia’s intent toward the U.S., Robert Hannigan, a former head of the Government Communications Headquarters, the British analogue to the National Security Agency, said at the Aspen Forum. “The brazen recklessness of it … the fact that they don’t seem to care that it’s attributed to them very publicly, is the biggest change.”

also: http://blog.stcloudstate.edu/ims/2016/11/13/hacking-voting/

in German: http://www.sueddeutsche.de/medien/phishing-attacken-der-feind-liest-mit-1.3378411

+++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

WhatsApp privacy France

French privacy watchdog raps WhatsApp over Facebook data sharing

 France’s data privacy watchdog may fine messaging app WhatsApp if it does not comply with an order to bring its sharing of user data with parent company Facebook into line with French privacy law.
Separately, Germany’s cartel office said on Tuesday it had found Facebook had abused its dominant market position, in a ruling that questioned the company’s model of monetizing the personal data of its users through targeted advertising.
My note: it seems the EU is gearing toward in increase scrutiny of social media giants regarding users’ privacy:
http://blog.stcloudstate.edu/ims/2018/01/05/tinder-dating-privacy/ 

++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

 

fake emails

Why everyone still falls for fake emails

By Richard Matthews  Jul 31, 2017

https://gcn.com/articles/2017/07/31/why-fake-emails-still-work.aspx

Phishing is likely to get only more sophisticated.

Based on my experience in Tallinn, we will see companies become more transparent in how they deal with cyber attacks. After a massive cyber attack in 2007, for example, the Estonian government reacted in the right way.

free anti-phishing software

+++++++++++++++++++++
more on phishing in this IMS blog
http://blog.stcloudstate.edu/ims?s=phishing+

1 2 3