Technology Department

Troy Hunt (no relation, but a really great first name) has a post explaining “Collection #1” on his blog. Rarely do people read about online security because it can be complex and confusing. However, online security is crucial. In the case of identity theft, it general takes between 100 to 200 hours and six months to fix. While it isn’t fun to protect your identity, it sure beats the frustration involved in spending hundreds of hours to fix.

Troy’s information is powerful and useful. I suggest that you take a few minutes to read the post.

What follows is some basic information and advice.

Collection #1

Collection #1 is a database of almost 773 million unique email addresses (there are actually 2,692,818,238 rows of data – some are duplicates). This means that almost assuredly your email and password combination (at least one the you’ve used somewhere) are known by hackers.

Action

How do you know for sure if your email has been leaked? Head over to Have I Been Pwned. Enter your email address. Click on the “pwned?” button. I’ll share that a couple of my email addresses are available to hackers/spammers (some on sites that I’ve completely forgotten about/not sure I ever went there) and some aren’t.  The results also include what was leaked. In some cases, the leaked information is demographic information; in other cases, user names and passwords were leaked. See the results below:

Email Address #1

Email Address #2

Credential Stuffing

So, how do hackers and spammers use this information? One way is credential stuffing. Essentially, they take the user names and passwords that have been leaked and try those on other sites. Since many people reuse passwords and email addresses, it is very likely that one combination will work in many places. Importantly, this doesn’t mean that you specifically were targeted, just that you were on the list. (Many people think that they are “safe” because they aren’t well known, aren’t especially “rich”, aren’t on a lot of sites, etc. Credential stuffing isn’t personal at all- to hackers. It become very personal for you if it works and you have to deal with the cleanup).

Next Steps

This is where I recommend to never reuse passphrases. In order to realistically do that, a Password Manager is a must. I’ve written about these before. Free options exist but are limited to a small number of devices. This is one of those things that I’m willing to pay for. (And I have. I purchased a family account of 1Password many, many years ago. 1Password has teamed up with Have I Been Pwned, but this isn’t a sales pitch for them. There are several good password managers available).

Most importantly, do not reuse the same password (passphrase) over and over.

Turn on 2 Step Authentication wherever possible. Although certainly not a cure-all, 2 Step Authentication can be a powerful assist in keeping you safe.

As you know, most of the time when you need help, you create a ticket within the Helpdesk system. However, there are a few things that are very specific and a form does a better job. In the past, these were located on the Technology blog (and still are). However, to streamline things for end users, we’ve now added a few requests to the login page of the Helpdesk system.

These are broken into two sections: User Requests & Administrative Requests. User requests include the Gmail picture correction/deletion request and phone extensions on multiple phones request. The Administrative Requests are for use by principals (administrators) or those acting on their behalf.

We are aware of some teachers using the Remind service. Please be aware of the following:

Verizon Wireless customers who use the free Remind service will not be able to receive or send text messages as of January 28, 2019.
If you communicate with your class on Remind: People who normally get your Remind messages as texts may no longer receive them.
If you have Verizon Wireless as your phone carrier: You’ll no longer receive Remind text notifications.

 

We have reached a milestone! Installation is occurred at all buildings. We are ecstatic at reaching this milestone, but still have a massive amount of work to do. The phones that are seen and used everyday are but one part of the total system. The phone system also relies on complex server systems and settings. There are four different standards within the main connection standard that we use. No one (save a few of us network guys) should ever need to know that. However, technology frequently seems like “magic”. That magic really takes a lot of work.

Why did we do this?

Just a quick refresher. Our previous phone system was end of life. It was no longer being supported. We were experiencing many problems that the manufacturer was no longer will to resolve. Also, we had a large number of broken phones that we could no longer replace.

We need to meet a state law for 911 service. That law states that when someone calls 911, we must send not just the building address, but the specific area of the building. In our old phone system, we couldn’t do that. Not only that, but all 911 calls were only going out over POTS lines (these are the old copper connections that most people have gotten rid of by now).

Thus, we mounted most phones to assist with assurance that when 911 is called, the first responders can go the correct place.

With e911, we can no longer offer extension mobility. With extension mobility, we truly don’t know where the phone is at any time. Instead, we are setting up a bridged call system. This allows multiple phones to ring when a number is called. Importantly, each of those phones will have a discrete number that is reported to 911 if called.

What’s next?

We are hard at work on the following items:

• Converting the actual connections to the outside world. This should be seamless for all users. Once this is complete, we will also be able to:
• Configure Gmail – phone message syncing (this will mean that if you listen to a voice message in Gmail, that message will also be marked as listened to on your phone).
• Reviewing phone numbers to email addresses.
• Relocating of some furniture to complete the mounting of a phone.
• Setting up phones for those with “personal numbers” on multiple phones (the old extension mobility) where the phone needs to ring.

Thoughts on phones

Phones have seen an interesting transition. Originally, phones were place right next to the door. Phones were used for internal calls only. Parents never called the classrooms, because there was no physical way for that to happen. All phones were wired and went to a location (house, business, etc).

We installed phones in 2003 as part of a bond. Phones by that time were connected to the outside. In fact, these phones (somewhat amazingly) ran over the “Internet”. However, long distance phone calls could be expensive. Thus, calls outside of the 313 area code needed to be limited to those with permission.

Today, there are no extra costs for “long distance” phone calls. Most people no longer have a “house” phone. We no longer call a house, but a person. However, we have a variety of types of phones in the district:

• Position based – the Director of Technology is position. The office may move locations. The person in charge may change (hopefully not soon). But the phone number stays consistent. Or, think of a principal. A principal may move from one building to another. The phone number will change so that the contact from others is consistent (they want to reach out to the principal of Greatest Elementary School, but may not know who is currently in that role).
• Place based – think of a classroom. Classrooms can be shared by many teachers (both at once and over the course of the day). Thus, the phone for Room 101 is the phone for room 101 no matter who is in the room.
• Person based – these come in two flavors:
  • Those who are support people who may move specific jobs, but need to be contacted regularly.
  • Those who shouldn’t be interrupted with a phone actually ringing, but benefit from being able to be contacted (most teachers).

Each of the above situations calls for a whole different workflow and settings.

Appreciation

We greatly appreciate all of the wonderful teachers, administrators and others who have been so helpful and positive in this transition. The number of times that people have been happy because there would be space freed up on their desk because we are mounting the phones has been a joy. Many people have innately understood the value of what we are trying to do, and expressed appreciation for that work, that we are humbled. We truly do appreciate how universally people have understood that this isn’t about an individual, but about the safety and reliability for all of us. We are so grateful to work with such an awesome team.

Please be aware that NWEA needs to have a specific screen resolution. In some cases, students or others may have changed the screen resolution to something that is not  compatible with the NWEA test. This is an easy fix.

Simply use the keyboard shortcut below to reset the screen resolution to the default. This will bring the resolution in line with what the NWEA test needs.

ctrl | shift | 0

(Hold down the Control key (labeled ctrl), the Shift key and the zero key at the same time)

That’s it.

MyPD just got an update that slightly changes the homepage for users.  This change gives you better tools to organize and view enrolled courses.

We think the changes are minor but we wanted to let you know about them so you can take advantage and customize your Dashboard views.  Watch the video to see the latest changes.

We regularly share Tips and Tricks. This edition is brought to you by one of our Techs: Steven Mendez-Montiel. Here is how to turn a Chrombook screen back to “right side up”.