Providing quality teaching resources for the 'computer subjects' (CAT and IT) since 1995.
We believe that all learners should be comfortable with computers as part of their lives.
Content is presented through real-life examples and scenarios, so that learners may identify with the material more easily and make it relevant to their lives / experiences.
We provide videos, PowerPoint presentations, solutions to exercises and data files for exercises - all to make life easier for teachers and learners.
Stacks Image 58588

This Week in Tech

Manslaughter - by text and a phone call

Seems like that old nursery chant: 'sticks and stones may break my bones, but words can never harm me' is no longer quite as true as we'd like to believe. Last week a judge in Massachusetts found a 17 year old young woman guilty of manslaughter for using text messages and a phone call to encourage and convince her 18 year old boyfriend to commit suicide.

“This is saying that what she did is killing him, that her words literally killed him, that the murder weapon here was her words,”
- Matthew Segal, lawyer with the American Civil Liberties Union of Massachusetts

Our learners live in a world where constant communication and the pressures of social media are pervasive. They often post private messages to each other and public messages on social media without giving a moments thought to the impact, implication, consequences or possible collateral damage these messages might cause. As educators, we need to take the time and effort to repeatedly draw to their attention cases that vividly illustrate this - cases that redefine the law and our society. This is one such case. The New York Times has a good article on the topic, but if you have already used up your free access for the month, here's a link at CNN. If nothing else, this could open the door to Manslaughter / Murder becoming, of all things, a cybercrime.

Human error - again

Computers are stupid. they only do what you tell them to do, so you better make sure that you tell them to do the right thing. One young person, first day on the job, just out of University, unguided and working according to a document telling him how to set up his own test development database did what many of our learners do: he copied the code in the document and executed it unmodified. The result: the entire companies database deleted. Gone. Unrecoverable. The CTO promptly fired him and he posted about his experience on Reddit. Many readers have come out in support of him and believe that the CTO should have been the one to lose his job.

A complete nightmare situation. A business almost down the tubes because of human error. I say almost, because surely there were backups and recovery, though tedious and inconvenient, would be possible? Wrong! Seems like there was a problem with the databases and backups were not being restored. A company that provides a document containing a potentially destructive code snippet to a complete noob for unsupervised use is not likely to make sure they follow the best backup procedure in the world. More human error, compounding the original human error...

Quartz Media has a nice article based on the incident.

Robot, Robots, Robots

Harvard students seem to want to prove that robots can be made from anything - they are developing a spider like robot made from drinking straws and powered by air.

And now, a robot that crawls up your butt - to make an unpleasant medical procedure weirder but less unpleasant. Curious? Check it out at Boing Boing.

This robot uses AI to figure out how to pick up almost anything.

In Shanghai, an automatic, self-driving supermarket cruises the streets....

Finally, the BBC has a short segment from Ashitey Trebi-Ollennu, chief engineer at Nasa’s Jet Propulsion Laboratory, on 5 robots set to change the world.

Click Fraud

Motherboard has an article on a click fraud farm busted in Thailand. Fascinating visuals and a glimpse into the world where fake likes, ratings, etc are manufactured on demand.

In Russia though, this type of click fraud is out in the open. Here's an article about a vending machine that sells Instagram likes and followers!

Lying AI

Whilst Google seems intent on creating AI's that defeat humans at complex games demanding strategy and insight, Facebook has built itself an AI that has learnt to lie to get what it wants. Appropriate for a system where most people create fake representations of a perfect life? A fascinating read.

AI, self driving cars and Insurance

Some interesting questions raised in this article from Readwrite.com.

Scary new malware infection technique

Digital trends has an article on how hovering your mouse over a link in a PowerPoint slide can automatically download and install malware (no clicking required).

Ransomware Ponzi scheme

A Ponzi scheme is a pyramid scheme. Popcorn Time is a new type of malware tries to maximise its profits by using the strategy behind a pyramid scheme - when you get infected and your data is encrypted and held ransom, you are given a choice: either pay up or deliberately infect at least 2 others to 'free' your data. What would you do? The New York Times has the details, also at Fortune.com.

That's it for this week - good luck with the last of exams and the reports....

Comments

Rise of Ransomware

Remember that whole saga of Apple vs the FBI when Apple refused to create a back door for the FBI to investigate a terrorists phone? Apple said that it was too dangerous and would make iOS vulnerable to hackers. The FBI said something like 'but you can trust us, we are a powerful government agency, we will protect the backdoor and keep it safe and no one else will ever get to use it - especially not hackers....' Apple stuck to their guns and the matter was never tested in court because the FBI withdrew their case and found an alternative solution to their problem.

Turns out Apple was very right though. A couple of weeks ago we reported on US government hacking tools and secrets being exposed by a hacker group calling itself the Shadow Brokers - and published on Wikileaks. That leak led to the biggest flood of ransomware infections in history. Computers across the globe became inaccessible - their data encrypted and unavailable. Ransoms of $300 - $600 were demanded. Here are some very important facts about the infection:

  • The malware in question 'Wanna Cry' (where 'Cry' stands for cryptor or decryptor) is not a virus nor a phishing attack - it is a worm with the smarts to distribute itself over the network without human intervention (you don't need to click on a link to get infected).
  • It is based on an 'exploit' leaked from the Shadow Brokers' hack of 'safe' US government intelligence agencies, specifically the NSA..
  • Microsoft was warned by the NSA that they had been hacked and that there might be a leak - and made update patches that fixed the vulnerability available in March of this year (two months ago). Unfortunately they did not patch outdated versions of their OS (XP, Vista, Server 200, Server 2003, etc).
  • Turns out most of the computers that got infected were running Windows 7.
  • The spread of the infection was slowed when a researcher discovered that the malware checked for the existence of a specific web page. As long as the web page did not exist, the ransomware continued to spread itself. The researcher (MalwareTech) registered the domain, created the web page and WannaCry stopped spreading itself.
  • Microsoft took the unprecedented step of releasing free patches for its outdated OS's.
  • Turns out that if you got infected and have not rebooted there is a possibility you can crack the encryption and free your data. The tool is available on GitHub.
  • The hackers have not earned that much from the infection. Monitoring of suspected linked bitcoin wallets shows a ROI (return on investment) of around $70 000 dollars so far. Perhaps the infection was just too large and created too much talk too quickly for people to pay up.

Wanna Cry infected hundreds of thousands of computers in over 100 countries world wide. It crippled businesses, government offices, health care (especially the NHS in the UK) and private computers indiscriminately.

The biggest lesson though is that machines with the latest version of the OS and up-to-date patches were pretty much safe from the attack.

Cartoon resources - great for class discussion or tests / exams:

MP3 is dead - NOT!

News articles this week tried to scare people into believing that MP3 as a music format is dead. Why? Well, basically the Fraunhofer institute that created MP3 is no longer licensing the format. Because their patents have expired. Which means that the format essentially moves into the public domain and is free for developers to write encoders and decoders for without having to pay royalties.

The articles suggested people use other formats such as AAC - which are, co-incedentally, still under patent and require royalty payments. These formats are newer and (slightly) better than MP3. I was just gearing up to explain the nonsense in detail when I came across this article by Marco Arment - who did it all for me so I don't have to!

The Working Dead - IT jobs in review

As IT and CAT teachers we have a vested interest in extolling the job market for IT savvy workers. InfoWorld has an excellent article on the evolution and turnover of IT related jobs and just how tricky the IT job market can be. Well worth a read so that you can talk in an informed manner with your learners on the topic.

Other News:

Fake News corner:

You might wonder why I did not report on the supposed 'Blue Whale' suicide game last week. It's simple: what information was out there seemed sketchy, anecdotal and unreliable. It seemed like a sensationalist story, the kind that proliferates on Facebook. Here's htxt.africa doing some serious research and vindicating my opinion of the story and not giving it any kind of credence.

Infographics, Fake news and Malware

Welcome back to the blog. A few housekeeping changes this week before we get into the news.

  1. We have decided to enable comments on a trial basis to get feedback from you on the type of news you want to see and to enable you to share ideas, resources, etc. So that comments do not make the posts too long, you need to click on the 'Comments' link at the bottom of the post to view / make comments on the post.
  2. To prevent spam and abuse we have, for the moment, made it so that comments containing links need to be approved before they appear - this is to help prevent the spread of malware / spam.
  3. When you view comments you can also access social media sharing links to each post. Sharing a post that you find interesting will help other teachers to discover and read the blog - and hopefully add value to their teaching as well. Please share if you think the post is worth reading!

Teaching about Fake News

It looks like 2017 is not only the year of fake news, but also the year in which we have to make an important change to the way we talk about the web and web content with our learners.

Yes, it is true that the web enables anyone to publish anything. Yes it is true that this has been a great enabler for people in general to express themselves and spread news that might otherwise be suppressed.

The thing is, the value of the content on the web depends very much on the sense of integrity and responsibility of those creating that content. The current trend of spreading blatant untruths without pause or hesitation or thought for the consequences devalues the web as a source of reliable content. We need to address this issue in the classroom. The least we (and our learners) can do is identify and refuse to spread fake news.

We know that Fake News has become an issue after the creation of both the CAPS and the textbooks and therefore resources for this topic are scarce. We will continue to feature 'Fake News Corner' in all the blogs throughout the year.

Why is Fake News spread?

Three main reasons are:

  1. To make money with sensationalist click-bait
  2. To further specific agendas and protect dubious people / actions / intentions by muddying the truth
  3. Genuine satire meant to create awareness and ridicule various topics.

This Weeks Fake News links:

  • MyBroadband : How to stop falling for fake news on Facebook.
  • Factcheck.org: How to spot fake news.
  • BBC: How do fake news web sites make money?
  • News 24: Alert - USA still requires Visas for South African Travellers
  • CNN: A video showing the very real impact of fake news on an individual refugee in Germany.

And, in other news - to show that accuracy and integrity is important, Wikipedia has banned the use of the Daily Mail (UK Newspaper) as a source because of its unreliability, bias and inaccuracy! Whatever you do, don't use the Daily Mail as a source to check the accuracy of something you think might be fake news! Read it at The Guardian.

Classroom Resources

This week we have a few InfoGraphics that could be useful for your classroom. Finding good material to print and put on your noticeboards / classroom walls is hard. Here's some useful stuff! To check out lots of other interesting infographics visit coolinfographics.com.

Make sure to tell your Art department that the Metropolitan Museum of Art has made 375 000 high res images of art free to download and use as you wish! What an amazing resource! They explain the move to 'open access' here.

Can you spot the phish? This article from CSO Online makes for a great classroom exercise. It shows a number of real phishing emails and asks you to try and identify why they are phishing mails. It also gives explanations that you can share with your learners.

Filleless Malware

We all know that anti-virus software works by scanning files on your storage for known signatures of viruses and other malware. The question is - what happens when the malware does not store itself as a file but simply loads itself into memory, leaving no trace for anti-malware software to find? The answer is that the malware becomes almost impossible to detect and eliminate. The scary thing is that, although a proven concept since 2015, fileless malware is hitting the news in a big way this week. It seems that a spate of this type of attacks against mainly banks has been detected in the last while. The good guys are going have to put in looooong hours to find a solution to this one!

Read about it at Wired and Boing Boing and the Hacker News.

The Ransomware Industry

CSO Online says the stats prove the move away from general malware toward Ransomware. Apparently there was a 6% decline in new types of malware last year - at only 60 million new varieties been listed. They proceed to give various reasons, but the astonishing fact is:

The number of attacks increased 167 times.
Not 167 percent -- 167 times, from 3.8 million ransomware attack attempts in 2015 to 638 million in 2016.

And if you are in any doubt about how Ransomware is becoming big business, read this eye-opener from Boing Boing about the customer service offered by the operators of the Spora Ransomware. They want to make sure you trust that if you pay your files will be decrypted...

Ransomware is not the only type of hacking going commercial. More proof that hacking is being run like a business is the offering of payment for insider information / passwords / logins. The Hacker News has the low down on how porn and credit card numbers is not all that you can buy on the Dark Web.

That's it for this week. We hope you'll start making use of comments and shares - if you think that what we've got to say is worth it!


Comments

Phishing and Whaling

We all take a lot of time and effort to teach our learners about Phishing - and about the more specialised, targeted "Spear Phishing" version of this type of attack. Well, it's time we added "Whaling" to that repertoire.

The term 'Whale' is often used in IT - and in business in general. A 'Whale' is generally a big spending customer - for example in all those 'free' games that you find available on mobile devices you are able to buy 'coins' or 'stars' or 'points' or something that will make it easier to progress through the game faster. Most people do not spend real money on these in game currencies - but there is a select group of users that do buy them - and they buy large. They are usually called 'Whales' - and they are where these companies make their money. Before science was sufficiently advanced whales were simply regarded as another type of fish - the biggest fish in the sea. So they are the biggest Phish for Phishers to focus their attention on as well. In the world of cybercrime a whale is typically a high level business person (CEO, COO, CFO, CTO = 'C' level executive, someone with 'Chief' in their title), politicians or celebrities.

The Whale phisher typically sends an urgent e-mail from a trusted colleague / business partner requesting urgent payment for some critical aspect of the business. The CEO then gives the order that payment be made, short-circuiting the usual paperwork... The phisher scores big. In May this year an Austrian aircraft company lost nearly € 41 Million (more than R 645 000 000) to a Whaling attack. The CEO and CFO lost their jobs. Read about it here.

MyBroadband.co.za has a story on Whaling and some tips from the FBI about how to avoid such attacks, whilst Social-Engineer.com asks 'Why go after minnows when you can catch a Big Phish?'. Finally CSOonline.com has got some examples of scams that CEOs could fall for (especially the spoofed 'from' addresses that rely on similar looking mis-spellings to seem as if they are from a valid source) - if you can stand their irritating multi-page slideshow format.

Fighting back against RansomWare

A great resource for learning about, identifying and fighting Ransomware is nomoreransom.org. They even have tools that will decrypt certain types of Ransomware attacks. A great resource for teaching about this type of malware.

Watch out for that cheap wireless keyboard

You better watch out, you better beware, Keysniffer is already in town.

Armed with a bit of smarts and a wireless dongle that costs less than R200 a hacker can not only intercept whatever you type on your keyboard (without even having to install key logging malware on your computer) from up to 70 m away, but they can also insert their own keystrokes to change whatever you are typing.

How is this possible? Well, makers of cheap wireless keyboards (those that use their own wi-fi dongle instead of Bluetooth) let the communication between the keyboard and the computer take place without encryption (or with poor encryption). Why? Because its cheaper and cheaper = lower price or more profits or both. Wired magazine has the lowdown on this new hacking exploit.

There is no such thing as anonymity or privacy on the web

Keep on telling your learners this fact. Repeat it until they think you are a stuck record. For those that say that they are savvy and have the skillz and the toolz to keep private - point out to them that the TOR browser and account they are using is probably compromised. Researchers recently found over 100 TOR nodes that were spying on their users... Tell them to read the article at The Hacker News. Then point out that the web is a large, wild, ungoverned place which is about as tough and secure as a bag made of wet toilet paper. They need to always assume that most of what you do, create, store, collect, download electronically is traceable and watchable and has probably been intercepted by someone somewhere.

A general Resource for all

The World Digital Library is a resource created by the US Library of Congress with support from UNESCO. It contains many digitised images, texts and maps that are interesting to browse through but could also be valuable resources for the History / Geography teachers at your school.

Building at 225 bricks per hour

3DPrint.com has an article about an Australian company which has created a robot that can lay 225 bricks in an hour - as much as a human does in half a day. Basically a truck loaded with bricks arrives at the building site, extends a robotic arm and starts laying the bricks according to the design programmed into it from a CAD model. There's a time lapse video of the robot at work near the end of the article.

That's it for this week.

Skimer is coming to get you(r cash)

Another day, another malware.

Card skimmers are physical devices that criminals attach to ATM machines to copy the magnetic stripe information from bank cards as they are put into the ATM. They are usually used with a hidden camera which spies on you as you type in your PIN code.

The problem with card skimmers is that, because they are physical devices, an alert customer can spot that there is something wrong with the ATM.

For the criminals there are two solutions to this problem:

1) Use more creative hardware

The trend for computer kit to get smaller and thinner doesn't only apply to your smartphone. Since 2014 criminals have been able to create card skimmers so thin and small that they fit inside the card slot of the ATM - making the skimmer that much harder to detect. Krebs on Security has a great and detailed article on this here.

2) Make the ATM your card skimmer

Since 2009 criminals have figured out that using malware to infect an ATM can turn the whole machine into a card skimmer - no extra hardware or camera required. The malware was called Skimer and it is back in the news again this week because; surprise, surprise; there's a new version of the malware that's just crawled out of the woodwork (making a total of 49 versions of this malware). This new version was discovered by Kaspersky and you can read the details here.

What is new is that the malware hides itself and only becomes active when a specific 'magic' card is inserted into the ATM. The card contains activation codes on its magnetic stripe that set the malware into action. The criminal is given a menu of options which include the functions:

  • pay out 40 banknotes
  • start collecting user data
  • print out user data
  • update the malware from the card
  • remove (delete) the malware from the machine

A big advantage of using malware like this is that the ATM customer has absolutely no way of telling that their data is being stolen. The criminal can also chose to run the skimmer function when and how they need, generally making the criminal activity harder to detect.

'Till next week..

Show more posts

Contact Information

E-mail:

Fax:

Tel:

Postal Address:

soemail

012 546 5313 or 086 293 2702

012 565 6469 or 087 230 8479 

PO Box 52654, Dorandia, 0188

Copyright Study Opportunities 2016. All rights reserved.

Privacy Policy | Terms of use