Archive for No Contest Communications
“Intimate supervision”: Surveillance on campus
This Washington Post report – holy crap:
Short-range phone sensors and campuswide WiFi networks are empowering colleges across the United States to track hundreds of thousands of students more precisely than ever before. Dozens of schools now use such technology to monitor students’ academic performance, analyze their conduct or assess their mental health. …
Instead of GPS coordinates, the schools rely on networks of Bluetooth transmitters and wireless access points to piece together students’ movements from dorm to desk. One company that uses school WiFi networks to monitor movements says it gathers 6,000 location data points per student every day.
School and company officials call location monitoring a powerful booster for student success: If they know more about where students are going, they argue, they can intervene before problems arise. But some schools go even further, using systems that calculate personalized “risk scores” based on factors such as whether the student is going to the library enough.
The dream of some administrators is a university where every student is a model student, adhering to disciplined patterns of behavior that are intimately quantified, surveilled and analyzed.
cross-posted from nocontest.ca
h/t Clarissa
Saving your name
The “Naked Security” blogs published by Sophos remind me how vigilant online publishers – and all organizations, really – have to be to protect their content, their data, even their names. Indeed, the word “vigilance” needs to at the top of our whiteboard every day – and never erased.
When I moved to Vancouver in 1996, I saw that almost no small-cap companies in the exploration and mining business had online presences. This was a good business opportunity. I knew my way around the Internet – coming from Stanford, you had to be – but hadn’t created websites myself. I found a couple of partners who did, and we found a bunch of clients right away.
The first order of business was registering URLs for each client. This typically involved registering four or five: client.com, client.net, clientresources.com, clientresources.net, and clientinvesting.com, for instance. We wanted to make sure that we covered the bases, so to speak. We would use the main URL and make sure that the others “pointed to” the main one.
For a couple of years, on the Internet there was the equivalent of the 19th-century American land rush. Promoters, IT whizzes, managers, communications pros, publishers, inventors, entrepreneurs – everybody, it seemed to me – were staking out their claims to URLs, in essence buying names and making them their own. Whether or not these names were used for actual websites, for some it was just as important that their competitors *didn’t* have these names.
I have a spreadsheet to make sure that I never forget to re-register the “stable” of URLs I own or manage (a few dozen). Two times I missed a deadline; I lost one URL (this still bugs me, as you can imagine) and *miracle of miracles* I got the other one back.
Forgetfuless is one way to lose control of your URL. Having it stolen is another. The other day Sophos blogger John E Dunn published an article called “US gov issues emergency directive after wave of domain hijacking attacks.”
The US Department of Homeland Security (DHS) has issued an emergency directive tightening DNS security after a recent wave of domain hijacking attacks targeting government websites. …
Domain hijacking has been a persistent issue in the commercial world for years, a prime example of which would be the attack that disrupted parts of Craigslist in November 2014.
In that incident, as in every successful every domain hijacking attack, the attackers took over the account used to manage the domains at the registrar, in this case, Network Solutions.
The objective is to change the records so that instead of pointing to the IP address of the correct website it sends visitors to one controlled by the attackers.
This change could have been made using impersonation to persuade the registrar to change the domain settings or by stealing the admin credentials used to manage these remotely. …
Dunn recommends that you verify your company’s IP addresses and “change passwords on all accounts used to manage domain records.” Read his entire post for a longer list of important safeguard measures.
Reposted from nocontest.ca