Meltdown and Spectre

You may have heard of two security issues that will impact everyone in the news lately. These are referred to as Meltdown and Spectre. These will actually impact everyone, just how is yet to be determined.

The short version of meltdown and spectre is that we want our computers to be fast. In order to make computers faster, they “guess” what you may want next and make that available. One way to think of this is the Boss from The Devil Wears Prada. The Boss is going to want coffee or tea first thing. The assistant (the computer for our analogy), doesn’t know which one the Boss will want, so the assistant gets both ready. Whichever one the Boss wants is delivered, the other discarded. (This is predictive computing. The computer “predicts” what you will want next and takes those actions. That way, you don’t have to wait for the actions to occur.) However, when the computer does this, it opens up a security vulnerability.

Let’s take a look what they are and how it will impact you.

Meltdown

Meltdown is a security issue at the processor level. Nearly all processors are affected. Basically, meltdown loads things into memory before containing how much memory it will use. This means that other applications can read that same memory. This is especially important to note on shared computers. (Since nearly all web site run on shared computers, this has the potential to be devastating for all of us).

Spectre

There are actually three different aspects for Spectre. Specter is named, in part, for speculative processing. Again, this is the result of trying to “speed things up” for end users. The scary thing about Spectre is that it is theoretically possible to implement from just visiting a web site. This would require the user (i.e. you) to do nothing special, it would not be necessary to click “install”, click “OK”, nothing, to start the process.

Impact

Many companies have known about this issue for a few months. Many have issued patches. (Although this is at the processor level, it appears as though it will need to be fixed at the application level). Unfortunately, the fix can slow your computer experience down. Some estimates indicate that the fix could slow your computer down by 5-30%.

Most major suppliers (Apple and MicroSoft) have already issued patches which address some of the issues. Future patches will address more of them.

Our Team

Our team is making sure that the district computers are patched and up to date. You may notice your computer taking a bit longer upon start up (this should only be once). We also take several other steps to keep the district safe (including limiting the installation of software). We have a lot of hardware to update (fortunately, we do this regularly). Some of the patches are not yet available.

You should…

You should make sure that all of your home and personal devices are up to date with the latest patches. These are crucial. Naturally, you should always follow good digital hygiene.

Also, be very aware of “phishing” scams. This may be an opportunity for the bad guys to try to get you to click on a link. Always think at least twice before clicking “Install” or “Accept”. Be extremely cautious with emails or web sites that ask you to enter your credentials (user name and password).

Interested in more  information?

Here are some resources if you want to know more:

Phishing Attempt – Beware!

The Internal Revenue Service (IRS) sent a warning Monday about a new ransomware email scam intended to steal private information from the recipient’s computer.

The email claims it is the IRS and the Federal Bureau of Investigation (FBI) and advises users to download a fake FBI questionnaire. Rather than downloading a questionnaire, the hyperlink installs malware and prevents victims from accessing their data unless they pay a ransom to the cybercriminals.

The IRS cautions victims not to pay the ransom, but instead report the attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov, and forward any IRS-themed scams to phishing@irs.gov.

The IRS does not use email, social media or text messages to communicate personal tax issues.

For more information, see the “Tax Scams and Consumer Alerts” page on IRS.gov or contact us today.

iLearn Upgrade

Moodle (iLearn) 3.3 is now available.

This is great news for us. We have been looking forward to the update since the beta was released. We will be upgrading immediately after school is dismissed in June.

Impact

So how does this impact teachers and students? iLearn will look very different than in the past. It will be more user friendly, but it will be different for those who have used iLearn in the past. If you are teaching summer school, the course work will be provided through the newer interface. (You can get more information from a previous post – The Gift that isn’t quite ready – or head over to the Moodle Sandbox to start to get comfortable.

Of course, the upcoming Moodle Moot (with ICE CREAM) will cover the new look and feel for iLearn as well.

MI-Star Access

There are two RESA maintenance events scheduled for this Friday that overlap. The first event is the MISTAR Web Update starting at 4:00 PM. The second event is a network routing change starting at 5:30 PM. Both events are explained below.

MISTAR Web Update

The MISTAR-Q 2.2 upgrade is scheduled to occur from 4:00 PM – 8:00 PM this Friday afternoon, February 27th, 2015. This is for all Livingston and Wayne county clients hosted by Wayne County RESA except Detroit Public Schools. MISTAR FrontOffice will still be available for use during this upgrade process, only the WEB applications are affected.

This new release will include many enhancements, bug fixes and new applications. Attached is a list of MISTAR-Q version 2.2 highlights.

Network Routing Change

Staff will be making routing changes between Wayne RESA and district firewalls, Friday 2/27 from 5:30 PM – 6:00 PM. When the change is complete district Internet connectivity will bypass the Wayne RESA ASA firewalls. The goal is to provide maximum network bandwidth and improve network reliability to better accommodate Spring on line testing. During the 30 minute maintenance window connectivity between your school district and the Internet will be interrupted. Also, VPN connectivity to RESA applications such as SMART and Polyplot will be interrupted.

We apologize for any inconvenience that these maintenance events will cause. 

Bond Update

We have been hard at work implementing the bond. Here is a quick overview of where we are so far.

Switch Upgrade

One phase of the implementation is to upgrade the switches. Switches have been updated in the following buildings:

  • Whitmore Bolles ES
  • Henry Ford ES
  • Edsel Ford HS
  • Lindbergh ES
  • Dearborn HS
  • Snow ES
  • Nowlin ES
  • Fordson HS
  • Berry Career Center
  • Dearborn Heights Campus
  • Haigh ES
  • Long ES
  • McDonald ES
  • Maples ES
  • River Oaks ES
  • Salina Intermediate
  • William Ford ES
  • Salina ES
  • Howard ES
  • Miller ES
  • Becker ES
  • Duvall ES

The rest of the switches are scheduled to be updated prior to the end of the calendar year.

Wireless

Another major component of the bond was this updating and installation of wireless throughout the district. The following buildings have been completed. (*Please note that the new wireless solution uses district credentials to connect to the wireless network. There is also a Guest wireless network so that the community can take advantage of the wireless while in our schools.)

  • Whitmore Bolles ES
  • Henry Ford ES
  • Edsel Ford HS
  • Lindbergh ES
  • Dearborn HS
  • Snow ES
  • Nowlin ES
  • Fordson HS
  • Berry Career Center
  • Dearborn Heights Campus
  • Haigh ES
  • Long ES
  • McDonald ES

The other schools are scheduled and in process of being wired. Since this work varies greatly based upon availability and issues within each building, it is more difficult to establish concrete deadlines. However, we anticipate having all buildings completed by the end of January.

UTM

UTM stands for Unified Threat Management. We have to put safeguards in place to protect our network and our users. This comes in many forms. As you may be aware from the news, this is a complex but crucial part of our network. We need to protect our network for outside threats, malware and more. We also need to protect our students and staff from inappropriate material. We have selected a comprehensive system. We are working on getting this installed and configured. This is currently scheduled to be installed and activated by the end of December.

Data Management

We are also working on upgrading our main servers and back up solutions. This is currently being evaluated. A decision and implementation schedule will be in place by the end of December.

Devices

The Technology Department is updating computers throughout the district. This is a rolling process. We have replace or repurposed all of the eMacs.

Desktop PC’s

The High School computers (mostly from the last bond) have been updated/repurposed as appropriate. We are working with all of the schools to make sure that computers are identified and updated as needed.

PC Laptops

Many schools have received updated PC laptops for students use.

Chromebooks

We will be installing a large number of Chromebooks. Each school will be receiving at least one cart of 30 Chromebooks. Chromebooks allow us to provide computers for students to use. However, this requires a bit of work since they will be used by students and staff. We need to have them connect to the network so that the user can connect. Then the Chromebook needs to “move” into the appropriate area (student or staff) based upon who logged in. We have that system in place, but need to set up each computer. We anticipate starting to release Chromebooks to schools in December. We hope to have this completed by the end of January.

Other

Please note that beyond the Bond implementation, we are also upgrading our copiers as well. This includes an all new print management system that will allow for better reporting back to buildings. This is another large project that will begin installation in December.

Heartbleed

What is it?

Heartbleed is a serious security vulnerability in web servers that run OpenSSL. (A lot of web servers run OpenSSL). Intrusion leaves absolutely no trace what so ever. Thus, there is no way to know if someone has implemented the vulnerability.

Why should you care?

Lots of web servers run OpenSSL for security and authentication. This bug could allow someone to steal your user name and password, without anyone knowing.

What should you do?

The short answer is that you should change your passwords on all important sites. The bad news is that you need to do that after the server has been updated and new security certificates installed. However, unless the individual site tells you that they have updated, you’ll have no way of knowing.

UPDATE: Most providers have updated their sites. It is prudent to change your passwords.

Examples

The following sites are SOME sites that are vulnerable or not:

Vulnerable Not Vulnerable
Yahoo Google
Flickr Youtube
Eventbright Twitter
Scoopit Facebook
Zoho Wikipedia

Note

This will be especially important for your personal accounts. We are currently reviewing our network vulnerability.

Digital Learning Day

Dearborn Public Schools is proud to participate in the Digital Learning Day for 2013! Every day we provide digital opportunities to our community.

We will also be encouraging individual teachers to sign up and participate. Teachers can celebrate Digital Learning Day with school-based activities, projects, and interactive lessons in math, science, civics, and language arts.

This year’s Digital Learning Day is Feb. 6, 2013. Digital Learning Day is a culminating event in a year-round national awareness campaign to improve teaching and learning for all children. On Digital Learning Day, the national campaign is asking everyone, no matter your comfort with technology – teachers, librarians, school leaders, afterschool programs, community groups, parents – to sign up and be counted in this effort.

Do be forewarned that you are also signing up for an email newsletter as well.

Email Certificate

You may see an Email certificate warning on email. The warning will note that our certificate has expired.

Action to take:

  • If on Outlook, click “Yes” to the question “Do you want to proceed?”
  • If on the web version, click on “Continue to the website (not recommended)”
  • If on a Mac, click on “Accept”

 

Our certificate was renewed but has not propagated through the system. We are following up with our domain registrar.

We apologize for the inconvenience.

Follow this blog

Get every new post delivered right to your inbox.


Skip to toolbar