Information

Online Security – Part 2

by
padlock

‘Tis the season. I just received a notification that Pure Michigan’s account was compromised:

December 20, 2019

As most of you are aware, Wednesday, December 18th an email was sent out appearing to be from Pure Michigan / Michigan Festivals and Events regarding updating your membership information. Unfortunately our account with Constant Contact was compromised. Constant Contact recognized that it was a faux email, and quickly disabled the provided links so others were not at risk. We have taken the necessary measures to secure the account again.

While we are needing your updated information, please contact our office directly for forms.

Please accept our apology in this error.

Wishing everyone Happy Holidays

Mike Szukhent
Michigan Festivals and Events Association
President, CEO

This follows on the heels of the news that 2019 brought us at least 948 reported attacks. Oh, and 1,500 Ring passwords have been discovered to be available via the dark web (in other words, there are 1,500 known user name and password combinations from Ring available to the bad guys).

This follows the news that MysteryScience had a data breach. A couple of our users reached out to me when they received an email stating that MysterScience had been breached and telling them to reset their password. I reached out to MysteryScience to confirm that there was a breach. I also reminded people to NOT follow the link in the email. Instead, always go to the site by typing in the URL yourself. This way, if the email is legitimate, you’ll be prompted to change your password. If the email was a phishing attack, you haven’t fallen for it.

MysteryScience did finally get back to me.

So sorry for any confusion! I’m glad you’re careful and double-checking. Yes, there was indeed a data breach. If you’d like more information, you can look at this FAQ directly on our website: https://mysteryscience.com/docs/security-update-dec-2019

You can reset your password from the link in the email we sent out to all users affected by this breach. Alternatively, you can go directly to our website at www.mysteryscience.com, and it will prompt you to reset your password there.

I hope this clarifies–and I’m sure glad you reached out to confirm!

MysteryScience

All of this is a good reminder to never use the same password twice. This can be accomplished via utilizing a good password manager (which I’ve been advocating for since 2016).

Online Security

by
padlock through a paper contract

A couple of incidents remind us of why you should never reuse passwords.

MysteryScience

Users have been receiving notice from MysteryScience about a breach. They are asking users to change their password.

*Reminder, do NOT click on the link in the email to change your password. Rather, go to the web site (in this case MysterScience) and use the Change password feature within the web site. This is a simple protection against phishing.

Massive Password Breach

This one doesn’t have a “cool” name, but is significant. A write up from the Infosecurity Group explains why this is so dangerous.

Billions of email addresses and plain text passwords have been leaked online by an unnamed party, putting countless internet users at risk from credential stuffing and other attacks.

In total, the database contained 2.7 billion email addresses, and plain text passwords for more than one billion of them — providing a perfect starting point for a credential stuffing campaign.

“Since many employees share passwords between their work and personal accounts, this leak not only problematic for the individuals who own the accounts, but a big risk for enterprises globally as well,”…

Mi-Star Q Mobile App

by

Dearborn Public Schools is pleased to announce the availability of ParentConnect (Mi-Star) as a mobile app.

You can now access ParentConnect via a mobile app.

Parent Connect Mobile App

Download the Q ParentConnection App 

(from Aequitas Solutions, Inc.)

Or you can simply search for Q ParentConnect on the App Store for your device. (The correct app was the second one listed for me). Note the icon image listed below. 

ParentConnect Application screenshot from the iTunes App store.

Open the QParentConnect App on your device.

Once the download is complete, open the App and you will need to complete the following. 

*This will only need to be completed your first-time logging in. Click on each field to view your choices.

Enter the appropriate information

ParentConnect connect screen.

Using the “picker” select the following:

  • Michigan
  • Wayne
  • Dearborn Public

Press the “Enter ParentConnection” link.

On the next page, use the “Log In” link.

Log in button highlighted on ParentConnect screen

Enter your PIN and Password:

Pin and Password Screen on ParentConnect

Review information

That’s it. Now you have access to the information in ParentConnect. Although this isn’t a complete resource, most of the popular items. 

Using the App

The App can provide lots of information. The Q ParentConnection App can also be used to report absences. 

Click on Report Absence, you can then choose to enter attendance for the whole day or only for a specific length of time, for one student or multiple students. 

Follow the prompts. (We will update with more specific information soon). 

Annotation Pilot

by
Annotation example

One of the skills that students need to learn is how to annotate. Not only do they need to learn how to annotate, but learning how to annotate in a digital age is important.

The Technology Department has joined an Annotation Pilot Project. This project brings the ability for all Dearborn teachers to empower students to learn annotation skills.

Teachers can now easily add the ability for students to annotate web pages or PDFs right through iLearn.

Teachers: if you’d like to try this with your students, please reach out to our Tech Coach or the Technology Department.

Black Friday Phishing

by

Ah, there’s nothing like phishing on Black Friday. The sun breaking over the horizon, the water gently lapping.

Oops. Phishing, not fishing. Phishing is bad.

This is an example of a Phishing email. The scammers have used the amazon logo. They have included “deals” that seem reasonable. However:

  • The sender’s email does not match with amazon
  • Hovering your cursor over the link will display a link to a site other than amazon
  • There is some odd wording

Please be aware of phishing attempts and scams.

A few things to remember:

  • Just because it has a logo, doesn’t mean it comes from the company. It is easy to copy and paste the Amazon logo, the Apple logo, etc.
  • Watch out for things that are “time-sensitive”
  • Do NOT use the link within an email to log in and fix an issue. Type the URL into the URL bar yourself
  • Watch out for “tracking numbers” that claim to come from UPS, FedEx, etc.
  • Be wary of promised Gift Cards for completing a survey (almost all of these are fraudulent).

Also:

  • Reputable companies won’t ask for your Social Security Number/Bank Account Number/Credit card to prove who you are
  • Remember that phishers are trying to get information (either log in information, credit card numbers, or personal information)

Choose iLearn

by
This is the login page of ilearn.
iLearn Sign in page

DESIGNED TO SAVE YOU TIME

Quit wasting time and get started using a tool that is designed for teaching and learning by people passionate about education!  iLearn is built for classroom activities. We now offer pdf and web page annotation, secured and shareable assessments, writing peer review workshops with rubrics, interactive H5P activities, and so much more!  

ONE CLICK LOGIN

Log in with your Google Account
Utilize Google Single Sign-on so that your students can access learning materials quickly.  

SECURE BROWSER APP

Stop cheating before it happens
The iLearn Secure Browser App prevents cheating by locking down Chromebooks. 

MISTAR GRADE EXPORT

Publish grades directly to MISTAR
Save time and be more efficient. Let iLearn grade your assessments and with the click of a button transfer grades to MISTAR.  

Choose iLearn – Flyer1Download

Online Security

by

With the holidays fast approaching, a rise in phishing attacks is traditionally seen as well. Phishing attacks can be frustrating to deal with. The best defense is to not fall for them in the first place. Unfortunately, we are seeing phishing attacks because “better” (i.e. harder to detect) and more polished.

What Phishing Does

Phishing is an attempt to do one of two things

  1. Tricking users into revealing their credentials.
  2. Getting users to install malware.

Credentials

Quite frankly, your credentials are very valuable. For many of our users, district credentials lead to student information, lots of valuable district information and more. Plus, many users “reuse” passwords. So, learning a user name and password on one site can lead to the ability to log into other sites.

Protecting Against Phishing

We employ several strategies to prevent phishing attempts from ever reaching our users. However, even the best of all of these combined will not be perfect. Occasionally, phishing attempts will land in your inbox.

Tips to Identify Phishing Attempts

  • Be suspicious of “odd” grammar and punctuation
  • Be suspicious of “odd” wording
  • You probably didn’t “win” a gift card (especially if you never entered a contest)
  • Be wise about contests
  • Be aware of “urgent” deadlines
  • Watch out for shortened URL’s
  • Look at where the link is actually taking you
  • Carefully review the actual URL of the site that you are on

Spear Phishing

Spear phishing is targeted at specific individuals. Unlike phishing (which usually blankets a wide variety of users), spear phishing aims to trick high profile targets into giving up their credentials.

Preventing Becoming a Victim

It is important to prevent becoming a victim.

  • Use the Tips to Identify above.
  • Turn on 2-Step or 2-Factor Authentication.
  • Use a Password Manager.
  • Be suspicious (especially when on a mobile device).
  • Instead of clicking on a link, enter the URL of a website that you want to visit (or use a known bookmark)

RESA Smart Web

by

RESA has updated the link to SMART web (this is where you can see your paycheck). This may cause some frustration for users if you are using a bookmark.

The link from the Staff Page on Dearborn Public Schools website has been updated. Please use that link.

Chromebooks: Keeping Them Up To Date

by
Screen shot showing "About Chrome OS" and "Check for updates" locations.

It is important to keep Chromebooks up to date. Many of our Chromebooks will automatically update every time that they are shut down and restarted. However, sometimes that doesn’t happen.

Out-of-date Chromebooks can cause the following problems:

  • WIDA Test won’t run
  • NWEA test won’t run
  • Security issues
  • instability

Fortunately, anyone (including students) can update Chromebooks.

  1. Sign-in to the Chromebook
  2. At the bottom right, select the time.
    Screen shot showing location of time panel to click.
  3. Select Settings .
    Screen shot showing Setting icon
  4. Select Menu   About Chrome OS.
    Screen shot showing "About Chrome OS" and "Check for updates" locations.
  5. Select Check for Updates.
  6. The result will be a message that the Chromebook is up to date OR the update will download. In the event of an available update, the Chromebook will need to be restarted. 

*Under “Google Chrome OS,” you’ll see which version of the Chrome operating system your Chromebook is using. Currently, Chromebooks need to be on at least version 74.

Security

by

One of the things that we take very seriously is security. The safety and security of our users and data are important. This responsibility is not just for the Technology Department but is the responsibility of every user. Some times, people do what is expedient, instead of what is safe. One example that we had this year was a teacher signing into a computer and then letting a substitute use that computer. Unfortunately, the substitute made some poor decisions. (Just a reminder to NEVER share your credentials with someone else or sign into a computer and let someone else use it. This can lead to many uncomfortable situations. It’s also against federal law).

Because we take security seriously, we frequently have to ask questions and seek clarification about accounts and access. Recently, I had someone ask why I cared, and what were the possibilities of a compromise (frequently called a “hack”, but hacking is more specific than a compromise) of our data.

The K-12 Cybersecurity Resource Center posted a map of Cyber Incidents:

Pins on a map showing K-12 cybersecurity reported issues.
K-12 Cyber Incident Map

*Note that these are only the reported compromises.

Compromises occur due to a wide range of conditions that include, but are not limited to:

  • a misconfiguration on a server
  • an employee giving out their credentials
  • a contractor who copies information
  • malware installed by a user
  • ransomware installed by a user
  • email phishing that was successful

These compromises happen to all different sizes of districts and background. While the districts vary greatly in terms of size, socio-economic status, funding and more, the impact is similar for all.

…the impact of publicly-reported K-12 cyber incidents is significant. During 2018, such incidents resulted in the theft of millions of tax payer dollars, stolen identities, tax fraud, altered school records, website and social media defacement, and the loss of access to school technology and IT systems for weeks or longer.

Recently, several other governmental agencies have been successfully compromised. The cost of recovering from those compromises can be expensive in terms of actual dollars, time to recover and lost data.

These are only a few of the city governments that have been compromised. There are a great many more agencies and businesses that have been compromised.

We anticipate attempts to compromise networks to continue to increase. Importantly, one of the most important defenses against compromise is every user. There are important steps that you can take:

  • NEVER share your passphrase with anyone
  • Do not reuse passwords on multiple sites
  • Be wise about making sure that you are not entering your user name and password on a scam site (you should be going to the site, not using a link)
  • Turn on 2-step authentication everywhere that you can
  • Report suspicious sites

Please bear this in mind the next time security questions come up. The Technology Department is being “mean” or “rude”, the stakes for online security are high.

Follow this blog

Get every new post delivered right to your inbox.