Troy Patterson

Online Security – Part 2

by
padlock

‘Tis the season. I just received a notification that Pure Michigan’s account was compromised:

December 20, 2019

As most of you are aware, Wednesday, December 18th an email was sent out appearing to be from Pure Michigan / Michigan Festivals and Events regarding updating your membership information. Unfortunately our account with Constant Contact was compromised. Constant Contact recognized that it was a faux email, and quickly disabled the provided links so others were not at risk. We have taken the necessary measures to secure the account again.

While we are needing your updated information, please contact our office directly for forms.

Please accept our apology in this error.

Wishing everyone Happy Holidays

Mike Szukhent
Michigan Festivals and Events Association
President, CEO

This follows on the heels of the news that 2019 brought us at least 948 reported attacks. Oh, and 1,500 Ring passwords have been discovered to be available via the dark web (in other words, there are 1,500 known user name and password combinations from Ring available to the bad guys).

This follows the news that MysteryScience had a data breach. A couple of our users reached out to me when they received an email stating that MysterScience had been breached and telling them to reset their password. I reached out to MysteryScience to confirm that there was a breach. I also reminded people to NOT follow the link in the email. Instead, always go to the site by typing in the URL yourself. This way, if the email is legitimate, you’ll be prompted to change your password. If the email was a phishing attack, you haven’t fallen for it.

MysteryScience did finally get back to me.

So sorry for any confusion! I’m glad you’re careful and double-checking. Yes, there was indeed a data breach. If you’d like more information, you can look at this FAQ directly on our website: https://mysteryscience.com/docs/security-update-dec-2019

You can reset your password from the link in the email we sent out to all users affected by this breach. Alternatively, you can go directly to our website at www.mysteryscience.com, and it will prompt you to reset your password there.

I hope this clarifies–and I’m sure glad you reached out to confirm!

MysteryScience

All of this is a good reminder to never use the same password twice. This can be accomplished via utilizing a good password manager (which I’ve been advocating for since 2016).

Online Security

by
padlock through a paper contract

A couple of incidents remind us of why you should never reuse passwords.

MysteryScience

Users have been receiving notice from MysteryScience about a breach. They are asking users to change their password.

*Reminder, do NOT click on the link in the email to change your password. Rather, go to the web site (in this case MysterScience) and use the Change password feature within the web site. This is a simple protection against phishing.

Massive Password Breach

This one doesn’t have a “cool” name, but is significant. A write up from the Infosecurity Group explains why this is so dangerous.

Billions of email addresses and plain text passwords have been leaked online by an unnamed party, putting countless internet users at risk from credential stuffing and other attacks.

In total, the database contained 2.7 billion email addresses, and plain text passwords for more than one billion of them — providing a perfect starting point for a credential stuffing campaign.

“Since many employees share passwords between their work and personal accounts, this leak not only problematic for the individuals who own the accounts, but a big risk for enterprises globally as well,”…

MISTAR – Free SCECHs

by
Chromebook on desk with a woman in front of it.

RESA has a pilot program offering training for MISTAR. RESA is offering this pilot program from January 13th through March 13th. The focus is on teachers. Monarch is a new program for MISTAR. Free SCECHs are available with the usual caveats.

Monarch – MISTAR Teacher Tools Training
Jan 13 – Mar 13, 2020

Teachers are invited to transform their use of MISTAR by participating in our pilot offering of Monarch, an online learning experience for MISTAR teachers.

As a participant, you will complete activities designed to increase your skill and knowledge of MISTAR teacher apps such as Class Attendance, Grade Book, Seating Chart, generating reports, and more. 

Working online from any device at your own time and pace, you will have two months – Jan 13 through March 13, 2020  – to complete the learning activities.

As you finish missions and levels, you will earn digital badges in recognition of your learning. SCECH credit is also available: complete the first two levels to earn 7 SCECHs or complete all three levels to earn 11 SCECHs.  

Monarch is especially beneficial for teachers new to MISTAR, but seasoned teachers will also benefit from participating. Non-teaching staff are welcome to register and will be able to participate as space permits.  

This course is free.

Register here by January 8.

Mi-Star Q Mobile App

by

Dearborn Public Schools is pleased to announce the availability of ParentConnect (Mi-Star) as a mobile app.

You can now access ParentConnect via a mobile app.

Parent Connect Mobile App

Download the Q ParentConnection App 

(from Aequitas Solutions, Inc.)

Or you can simply search for Q ParentConnect on the App Store for your device. (The correct app was the second one listed for me). Note the icon image listed below. 

ParentConnect Application screenshot from the iTunes App store.

Open the QParentConnect App on your device.

Once the download is complete, open the App and you will need to complete the following. 

*This will only need to be completed your first-time logging in. Click on each field to view your choices.

Enter the appropriate information

ParentConnect connect screen.

Using the “picker” select the following:

  • Michigan
  • Wayne
  • Dearborn Public

Press the “Enter ParentConnection” link.

On the next page, use the “Log In” link.

Log in button highlighted on ParentConnect screen

Enter your PIN and Password:

Pin and Password Screen on ParentConnect

Review information

That’s it. Now you have access to the information in ParentConnect. Although this isn’t a complete resource, most of the popular items. 

Using the App

The App can provide lots of information. The Q ParentConnection App can also be used to report absences. 

Click on Report Absence, you can then choose to enter attendance for the whole day or only for a specific length of time, for one student or multiple students. 

Follow the prompts. (We will update with more specific information soon). 

Annotation Pilot

by
Annotation example

One of the skills that students need to learn is how to annotate. Not only do they need to learn how to annotate, but learning how to annotate in a digital age is important.

The Technology Department has joined an Annotation Pilot Project. This project brings the ability for all Dearborn teachers to empower students to learn annotation skills.

Teachers can now easily add the ability for students to annotate web pages or PDFs right through iLearn.

Teachers: if you’d like to try this with your students, please reach out to our Tech Coach or the Technology Department.

Black Friday Phishing

by

Ah, there’s nothing like phishing on Black Friday. The sun breaking over the horizon, the water gently lapping.

Oops. Phishing, not fishing. Phishing is bad.

This is an example of a Phishing email. The scammers have used the amazon logo. They have included “deals” that seem reasonable. However:

  • The sender’s email does not match with amazon
  • Hovering your cursor over the link will display a link to a site other than amazon
  • There is some odd wording

Please be aware of phishing attempts and scams.

A few things to remember:

  • Just because it has a logo, doesn’t mean it comes from the company. It is easy to copy and paste the Amazon logo, the Apple logo, etc.
  • Watch out for things that are “time-sensitive”
  • Do NOT use the link within an email to log in and fix an issue. Type the URL into the URL bar yourself
  • Watch out for “tracking numbers” that claim to come from UPS, FedEx, etc.
  • Be wary of promised Gift Cards for completing a survey (almost all of these are fraudulent).

Also:

  • Reputable companies won’t ask for your Social Security Number/Bank Account Number/Credit card to prove who you are
  • Remember that phishers are trying to get information (either log in information, credit card numbers, or personal information)

Choose iLearn

by
This is the login page of ilearn.
iLearn Sign in page

DESIGNED TO SAVE YOU TIME

Quit wasting time and get started using a tool that is designed for teaching and learning by people passionate about education!  iLearn is built for classroom activities. We now offer pdf and web page annotation, secured and shareable assessments, writing peer review workshops with rubrics, interactive H5P activities, and so much more!  

ONE CLICK LOGIN

Log in with your Google Account
Utilize Google Single Sign-on so that your students can access learning materials quickly.  

SECURE BROWSER APP

Stop cheating before it happens
The iLearn Secure Browser App prevents cheating by locking down Chromebooks. 

MISTAR GRADE EXPORT

Publish grades directly to MISTAR
Save time and be more efficient. Let iLearn grade your assessments and with the click of a button transfer grades to MISTAR.  

Choose iLearn – Flyer1Download

Standards in DEC

by

Good news! The Technology Department has now embedded more standards into DEC. These are all linked. This way, if you use the Standard Short Code in a lesson, explanation or reference, it will be linked automatically.

We now have the following standards linked:

Plus, all of the standards are searchable. You can click on a Standard Resource and search within it. In the example below, I searched for “upper case” (note that I did NOT use quotation marks in the search thoughusing quotation marks would not return any results since those words are not next to each other). This returns three standards that deal with “upper case” (even though there are words between “upper” and “case”) and gives me the standards.

iLearn Sign-On

by

We’ve been working for quite a while on a special project. We are now ready to unveil that project.

We understand the struggle with signing into different places. We want to make this as easy as possible, AND as secure as possible. Those things are generally two different ends of the teeter-totter. That is, the easier something is to access, the less secure it is.

Kindergarteners face a special challenge. Since they are frequently still learning their letters and numbers, signing in to a computer securely can be a conundrum. We’ve developed badges to help that process out. That can get them signed into a Chromebook easily, but not iLearn.

We now have an answer.

Students (and Staff) can now sign in using Google. This reduces the load for elementary students. As it turns out, this is good for everyone. We were able to accomplish this while still protecting the security of our data.

Now, IF you are signed into Google, signing into iLearn only requires a button click – no more entering a user name and password. (We have also implemented this on MyPD.)

That’s right. If students are on a Chromebook, they are already signed in. So, when they click the Google button at the bottom of the login page, they will be automatically (and quickly) signed into iLearn.

This reduces the time it takes students to log into iLearn. Thus, students can even more quickly and efficient start working on Peer Editing Assignments, Recording A Reading to track their fluency, Creating their very own digital glossary to create Vocabulary Connections, Self-monitoring their spelling proficiency, and much, much more.

Online Security

by

With the holidays fast approaching, a rise in phishing attacks is traditionally seen as well. Phishing attacks can be frustrating to deal with. The best defense is to not fall for them in the first place. Unfortunately, we are seeing phishing attacks because “better” (i.e. harder to detect) and more polished.

What Phishing Does

Phishing is an attempt to do one of two things

  1. Tricking users into revealing their credentials.
  2. Getting users to install malware.

Credentials

Quite frankly, your credentials are very valuable. For many of our users, district credentials lead to student information, lots of valuable district information and more. Plus, many users “reuse” passwords. So, learning a user name and password on one site can lead to the ability to log into other sites.

Protecting Against Phishing

We employ several strategies to prevent phishing attempts from ever reaching our users. However, even the best of all of these combined will not be perfect. Occasionally, phishing attempts will land in your inbox.

Tips to Identify Phishing Attempts

  • Be suspicious of “odd” grammar and punctuation
  • Be suspicious of “odd” wording
  • You probably didn’t “win” a gift card (especially if you never entered a contest)
  • Be wise about contests
  • Be aware of “urgent” deadlines
  • Watch out for shortened URL’s
  • Look at where the link is actually taking you
  • Carefully review the actual URL of the site that you are on

Spear Phishing

Spear phishing is targeted at specific individuals. Unlike phishing (which usually blankets a wide variety of users), spear phishing aims to trick high profile targets into giving up their credentials.

Preventing Becoming a Victim

It is important to prevent becoming a victim.

  • Use the Tips to Identify above.
  • Turn on 2-Step or 2-Factor Authentication.
  • Use a Password Manager.
  • Be suspicious (especially when on a mobile device).
  • Instead of clicking on a link, enter the URL of a website that you want to visit (or use a known bookmark)

Follow this blog

Get every new post delivered right to your inbox.