Strong Password Security – a Cure to Cybersecurity Obsession?

Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about the Education industry and Education data breach. It provides brief summaries and links to articles and news across a spectrum of EdTech. Learn about strong password security.

Hack, change records and pass – reducing sick days by Jersey City high school student

NJ.com on June 14, 2019

Passing exam is a stressful process, particularly when student’s attendance leaves much to be desired. However, some students still believe – the end justifies the means and it seems that hacking is no exception.

One day the teachers of a Jersey City public school discovered the difference between their student attendance records and the data provided by the school’s attendance department. As it turned out, the network system, keeping the school’s attendance, was hacked by a teen, so that the number of absences of nearly dozens of students was deleted.

Jersey City school district spokeswoman Norma Fernandez said there could be several reasons which had led to this incident. A teacher might have left the attendance program open in the classroom and the student accessed it, or the student might have found a teacher’s password for the program.

Nevertheless, the investigation is ongoing and the only question arises: what if adequate study and attendance are simpler way to pass the course?

The recipe of strong password security – tastes good, easy to prepare

EdTech Magazine on June 17, 2019

Every time you type your birthdate or a pet’s name into a password field, at least one security specialist nervously shudders somewhere in the IT department. You hear about the strong password security from time to time. But are you sure your knowledge is updated?

For instance, the mantra “change your password every 180 days” is no more actual nowadays. While some educational organizations implement password expiration policies to encourage students, faculty, and staff to change their passwords on a scheduled basis, other institutions switch to multifactor authentication techniques to reduce password risks.

Furthermore, the password complexity requirements like uppercase and lowercase letters in conjunction with a digit and/or symbol are not a silver bullet. If senior administrators, meeting the complexity requirements, change the “MikeFall2018!” password on the “MikeSpring2019!”, the data will scarcely remain well-protected. Indeed, there are lists of the passwords, commonly used by malefactors, so the user can screen the passwords against them and ensure the strong password security.

Oregon State University cyberattack: 636 exposed records and the bitter feeling of uncertainty

EdScoop on June 17, 2019

Cybercrime in Higher education never ends. Here is one more evidence.

Oregon State University faced a cyberattack, leading to exposure of the names, birthdates, addresses, and SSNs of students and their family members. The email of an employee was hacked in early May, according to university’s spokesman.

We have no evidence that those files were viewed or used but we felt it appropriate to inform people. This was a sophisticated attempt by an individual or individuals, not to gain data, but to utilize Oregon State University’s email to send out phishing emails to other people and institutions.

Steve Clark, spokesman of Oregon State University

By the way, in recent years OSU email accounts were used by malefactors to legitimize spreading of phishing emails. Although the landscape of cybercrime in education sector is really diversified, phishing is one of the most common technique of gaining access to the personal data.

It’s too late to apologize – Duke researcher placed students’ images in a public database

EdScoop on June 14, 2019

The most unpleasant situations are always connected with violation of personal boundaries. But when such incidents are caused by institutions that use your data for good purposes (for instance, to conduct a research), and guarantee the privacy rights, data exposure is especially disappointing.

The story begins in 2014 when Carlo Tomasi, professor of the Duke State University, and doctoral student Ergys Ristani started the pedestrian-tracking research, in terms of which they used video cameras to record students for 85 minutes to collect the experimental information. The database included more than two million frames of video footage. After that researchers posted the datasets on the university’s website, so organizations and individuals around the world were able to download them.

On Thursday, professor Carlo Tomasi wrote a letter to the university’s newspaper and apologized for deviating from conditions of the research that actually forbade downloading its results without a direct request for the data.