We had some great participants learn and grow during the July session of our Moodle Moot. There is still an opportunity to attend the August session.
There is another report of another major ransomware attack. This one is based off of the same code as the WannaCry attack. If you have a Windows PC at home, please make sure that you have installed all of the security patches recommended by MicroSoft. MicroSoft has issued a security update that addressed this vulnerability. (This update was issued in April). Up to date computers will be fine.
This is also a good time to remember to “Think Before You Click”. Please make sure that you follow good digital practice of making sure that you are expecting a link, that you trust the person sending the link and that you verify the link before clicking on it.
With the end of the school year, we have implemented a new feature. We will be limiting Google Chrome extensions for students. This is intended to provide additional security for our users and allow teachers to continue focusing on student work. Occasionally, we had students install Google Chrome extensions that would take over the browsing experience for the student. This meant that a teacher had to stop what he/she was doing and try to figure out what was happening with the student’s computer. This was frustrating for the student and the teacher.
Staff members will continue to be able to install any extensions that they want. We also have a handy form for staff members to suggest an extension that they would like students to be able to install. Extensions that students have installed that are not approved will be removed. Here is a list of the approved extensions:
The State of Michigan has undertaken a statewide bidding process the last few years. Essentially, the State asks vendors for “their best pricing”. The school district takes advantage of some of these prices. As part of the process, some of the vendors have extended lower prices for school employees and students to purchase devices for their own personal use.
Please note that these are for personal use only. This information is being provided for individuals in the case that they wish to purchase devices for personal, not at school, use.
Moodle (iLearn) 3.3 is now available.
This is great news for us. We have been looking forward to the update since the beta was released. We will be upgrading immediately after school is dismissed in June.
So how does this impact teachers and students? iLearn will look very different than in the past. It will be more user friendly, but it will be different for those who have used iLearn in the past. If you are teaching summer school, the course work will be provided through the newer interface. (You can get more information from a previous post – The Gift that isn’t quite ready – or head over to the Moodle Sandbox to start to get comfortable.
Of course, the upcoming Moodle Moot (with ICE CREAM) will cover the new look and feel for iLearn as well.
The 4T conference will be held this May 20th through May 22nd. This is a virtual conference.
There is zero cost for K-16 educators to register for the conference (or to receive archives of the webinars). There is also no cost for K-12 educators to earn up to 19 SCECHs from the State of Michigan (the 4T will pay for you!). If teachers would like an official attendance certificate (usually teachers outside of Michigan are interested in this option), there is a small cost, please see the link here.
I’ve presented for and attended this conference in the past. This can be a great way to learn something new and receive some SCECHs from the State of Michigan.
Head over the 4T web site for more information and to register.
On Wednesday, May 3, Google identified, investigated, and resolved an email phishing campaign that affected some accounts in our domain. This issue was addressed within approximately one hour from when Google became aware of it. Please note that we have already taken action to protect all users, and no further action is necessary. To assist you in understanding what happened and providing all users with information on the importance of email security, we are sharing details on how the campaign worked and how we addressed it.
The affected users received an email that appeared to be from a contact offering to share a Google doc. Clicking the link in the attacker’s email directed the user to the attacker’s application, which falsely claimed to be Google Docs and asked for access to the user’s account. If the user authorized the application, it accessed the user’s contacts for the purpose of sending the same message to those contacts. This access only retrieved contacts and sent the message onward—customer data such as the contents of emails and documents were not exposed.
Upon detecting this issue, we immediately responded with a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems.
In addition, Google is taking multiple actions to combat this type of attack in the future such as updating our policies and enforcement on OAuth applications, updating our email filters to help prevent campaigns like this one, and augmenting the monitoring of suspiciously behaving third-party apps that request consent from our users.
Immediately upon notification that there was an issue (we received the phishing attempt as well), we began taking steps to limit the access and impact. We started by addressing the email itself. We began controlling that email so that it did not go to everyone (even though we were on the quickly by human standards, it takes only microseconds for email to be sent). We also began addressing the accounts that we knew were affected. (*Please note that for security purposes, we don’t share all of the details of actions that we take).
Technology has become an essential part of our lives. We all rely on email, shared documents and lots of electronic resources. It is up to all of us to be careful and mindful of what we do on the Internet. We should always think twice before granting access to Applications (many users did think twice and did NOT grant access). Unfortunately, we will probably see more attempts to steal our information. Please be mindful and follow good password policies.
You may have seen this attack on your personal (or other) Google accounts. There is no action that you need to take at this point. However, it is a good idea to occasionally change your password. It is also important not to use the same password on multiple sites.
There was a major phishing attack today. This one was particularly well done. In short, here is what was happening:
Users would receive an email that someone had shared a document with them. This document was a “real” person. When the user clicked on a link, there was a prompt to allow “Google Docs” access to your data. This was an App that was masquerading as “Google Docs”. If the user clicked “Allow”, the App now had access to contacts and would further propagate itself by sending out more emails.
This phishing attempt was well crafted in several ways. Everything was spelled correctly. The link looked perfectly legitimate. Lots of people clicked the link and allowed access.
As soon as the Technology Department saw this attack, we immediately began taking steps to intervene. Our intervention included many steps with an “all hands on deck” mentality. We were able to very quickly stem the flow of phishing attacks. However, email moves very quickly and there were some people who received the emails. Again, we took many steps to mitigate the damage (which we don’t lay out here for security reasons).
This attack was not limited to Dearborn Public Schools. Thus, your personal Google account may also have been compromised.
Google has revoked the access that this App had. Thus, everything should be fine now. However, if you want to be double-triple sure, you can go to your Google settings and remove access (the App should no longer be there, but you can confirm that):
Again, it appears as though Google has responded in a method that completely remediates this issue. You shouldn’t have to do anything in particular.
This is a good time to remind ourselves to be careful when we approve others having access to our stuff though. Think twice, click once.