data-safety

How safe is my student data?


The reps said they’d pass my report of the vulnerability along to the development team. I tend not to make too many friends at these meetings.

Being online means accepting risk
Attacks and data theft are all over the news (think: Sony Pictures). Both high and low profile targets are breached every day it seems, and the trend doesn’t appear to be letting up. As a teacher or administrator using various web-based tools, the question will probably come up, “How secure is my and my students’ data?” It’s an important one, and the only antidote to paranoia is knowledge.

There are two primary categories of attacks. The first are known vulnerabilities. The attack I performed at the county meeting was a known vulnerability, commonly known as cookie hijacking. The cookie I hijacked was the cookie generated when I logged into my district’s instance of the service. Poor security signing from the website allowed a session cookie to be used in multiple places, including other computers and accounts that should not have access. In this case, the developers quickly corrected the oversight. That’s the issue with known vulnerabilities: they are caused by human error. The method of each attack is well known, therefore everyone should be diligent following the practices and procedures to keep these security holes closed.

The other category is known as “zero-day” vulnerabilities. Zero-day, as in the number of days the vulnerability has been known. Very recently, Adobe Flash player has had a number of zero-day vulnerabilities focused against it resulting in a flurry of patches and advisories to switch the plugin to manual activation in your web browser. Zero-day vulnerabilities are very challenging to guard against, and also very challenging to find.

Next page: What you can do to protect your school

 

Want to share a great resource? Let us know at submissions@eschoolmedia.com.

 

We’re Celebrating 25 Years with 25 Giveaways!

Enter Each Day to Win the Daily Gift Card Giveaway

and the Grand Prize drawing for an

Apple iPad!


Visit eSchool News each day through April 1, 2023 to enter the daily $25 Gift Card drawing.
Each daily entry counts as one entry for the grand prize drawing. See details and rules.
Giveaway is open only to legal residents of the fifty (50) United States and Canada who are employed full- or part-time in K-12 education.