The reps said they’d pass my report of the vulnerability along to the development team. I tend not to make too many friends at these meetings.
Being online means accepting risk
Attacks and data theft are all over the news (think: Sony Pictures). Both high and low profile targets are breached every day it seems, and the trend doesn’t appear to be letting up. As a teacher or administrator using various web-based tools, the question will probably come up, “How secure is my and my students’ data?” It’s an important one, and the only antidote to paranoia is knowledge.
There are two primary categories of attacks. The first are known vulnerabilities. The attack I performed at the county meeting was a known vulnerability, commonly known as cookie hijacking. The cookie I hijacked was the cookie generated when I logged into my district’s instance of the service. Poor security signing from the website allowed a session cookie to be used in multiple places, including other computers and accounts that should not have access. In this case, the developers quickly corrected the oversight. That’s the issue with known vulnerabilities: they are caused by human error. The method of each attack is well known, therefore everyone should be diligent following the practices and procedures to keep these security holes closed.
The other category is known as “zero-day” vulnerabilities. Zero-day, as in the number of days the vulnerability has been known. Very recently, Adobe Flash player has had a number of zero-day vulnerabilities focused against it resulting in a flurry of patches and advisories to switch the plugin to manual activation in your web browser. Zero-day vulnerabilities are very challenging to guard against, and also very challenging to find.
Next page: What you can do to protect your school
- TC- What student choice and agency actually looks like - November 15, 2016
- What student choice and agency actually looks like - November 14, 2016
- App of the Week: Science sensor meets your smartphone - November 14, 2016