Heise Medien on Mastodon

0 Beiträge0 Beteiligte0 Beiträge heute

Andrew 🌻 Brandt 🐇Last night I attended the <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers. I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence? In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.<a href="https://infosec.exchange/tags/COpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#COpolitics</a> <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> <a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchoolBoard</a> <a href="https://infosec.exchange/tags/policy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#policy</a> <a href="https://infosec.exchange/tags/electmorehackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#electmorehackers</a> <a href="https://infosec.exchange/tags/4thAmendment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4thAmendment</a> <a href="https://infosec.exchange/tags/PolicyHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PolicyHackers</a> <a href="https://infosec.exchange/tags/education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#education</a> <a href="https://infosec.exchange/tags/USPol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USPol</a>

Andrew 🌻 Brandt 🐇Well I didn't win my election, but my interest in <a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchoolBoard</a> policy is not going away.Tonight, immediately after the new board members are sworn in, I will be presenting a public comment to <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> about their use of <a href="https://infosec.exchange/tags/GoGuardian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoGuardian</a>, a technology that presents itself as a monitoring tool to ensure that kids visit age- and developmentally-appropriate websites on their school-issued laptops.In October, the <a href="https://infosec.exchange/tags/EFF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EFF</a> published a report about the privacy-invading and false-positive-prone tool. <a href="https://redflagmachine.com/research/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://redflagmachine.com/research/</a>The report highlights key problems about the software misidentifying benign websites with run-of-the-mill, unharmful content as potentially harmful or containing explicit content. Poetry by the Bronte sisters, the text of George Bernard Shaw’s Pygmalion, and even the text of Romeo and Juliet set off red flags. So did words in the Texas driver’s handbook, and health information websites. These false positive warnings are touted by GoGuardian not as a bug but as a desirable feature of the product.My concern here is that routine use of GoGuardian sends two very damaging messages to students: It normalizes routine surveillance, and it tells students that they cannot be trusted to use their computers responsibly.I will be giving public comment to the new board asking them to direct school administrators to investigate the district's contract with GoGuardian, and to seek out a less invasive, more accurate method of protecting children who use computers.If you wish, you can watch the board proceedings on their youtube livestream, starting at 6pm MST (UTC-7). The link is <a href="https://www.youtube.com/@bouldervalleyschooldistric5781/streams" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/@bouldervalleyschooldistric5781/streams</a><a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> <a href="https://infosec.exchange/tags/COPolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#COPolitics</a> <a href="https://infosec.exchange/tags/EdTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EdTech</a>

Andrew 🌻 Brandt 🐇I've just posted my latest <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> <a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchoolBoard</a> candidate newsletter. If you're not on my mailing list, check it out here: <a href="https://mailchi.mp/e442db061909/election-day-is-upon-us-sko-bvsd" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mailchi.mp/e442db061909/election-day-is-upon-us-sko-bvsd</a>

Andrew 🌻 Brandt 🐇Hi folks. Yesterday I posted on my other Mastodon account about a pretty stupid gift card <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> that was sent to an email address I use as a political candidate for my run for <a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchoolBoard</a> (<a href="https://toot.bldrweb.org/deck/@andrewbrandt/111326617529695469" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://toot.bldrweb.org/deck/@andrewbrandt/111326617529695469</a>)Tonight, I received a more ominous, targeted <a href="https://infosec.exchange/tags/spearphishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spearphishing</a> email against that same campaign address.It appears to be some form of Adobe e-signature message. The text content was weird and off.The email has a file attachment that, if you double-click it, opens a browser window and displays a form that looks like a login dialog box. The login box is a <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> attack, designed to steal credentials that you enter into it.What was distinctive about this is the fact the attackers customized the login form so it has my campaign logo embedded within the form. It also pre-populated the username field with the email address that they sent the original email to. It was not generic; This was targeted.The form will permit you to enter data into the password field three times, appearing to fail each time, and then redirects you back to your own website. It collects the IP address you were using at the time you submitted the form, and any of the passwords you submitted, and sends them to a <a href="https://infosec.exchange/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telegram</a> bot account. I have captured the network traffic of the phishing attempt, in which I entered bogus data, and have identified the owner of the Telegram bot account and other identifiable information. I'll be reporting it to Telegram for shutdown as soon as possible.I guarantee, if this is happening to me -- a relative nobody in my lowly, local school board race -- it is happening all over the country to political candidates of any stature.There is less than one week until election day in the United States. Colorado voters already have their ballots and can turn them in by dropping them in a ballot collection box anytime between now and election day.Just another reason why we need to <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ElectMoreHackers</a> Also, once again: nice try, losers. Keep going. You're sure to hit pay dirt at some point. :ablobcateyeroll:<a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> <a href="https://infosec.exchange/tags/COpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#COpolitics</a>

Andrew 🌻 Brandt 🐇Hey, hacker fam. Quick update on what's going to be a big week.Tomorrow I'm flying out to Bellevue and Wednesday I'm speaking at <a href="https://infosec.exchange/tags/BlueHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlueHat</a> about the work <a href="https://infosec.exchange/@SophosXOps" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@SophosXOps</a> has done helping <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> protect all Windows users from a very devious attack.After I return, I'm in full-swing campaign mode running for the <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> <a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchoolBoard</a>. I've been doing door-knocking and meet-and-greet for days. Yesterday I spent hours giving out water to marathon runners here in <a href="https://infosec.exchange/tags/boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#boulder</a> Next week though - I'll be participating in a candidate forum hosted by BVSD and you will be able to watch it live from anywhere because it will be broadcast by <a href="https://infosec.exchange/tags/livestream" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#livestream</a> on BVSD's Youtube channel (<a href="https://www.youtube.com/@bouldervalleyschooldistric5781/streams" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/@bouldervalleyschooldistric5781/streams</a>). October 18 from 6pm-7:30pm MDT (UTC -6)You can read up now on the forum and ** you can even submit questions.** If you work in <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> or fight <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> like me, I'd like you to submit questions to the forum. You can send in questions about <a href="https://infosec.exchange/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChatGPT</a> or any other subject, as long as it pertains to public education in some way. The link to submit questions and get more information (including a detailed look at my platform) is here: <a href="https://www.impactoneducation.org/event/2023-bvsd-board-of-education-candidate-forum/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.impactoneducation.org/event/2023-bvsd-board-of-education-candidate-forum/</a>I try not to clutter up the infosec feed with this stuff, so for more, follow <a href="https://toot.bldrweb.org/@andrewbrandt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@andrewbrandt</a> Together, we're going to <a href="https://infosec.exchange/tags/ElectMoreHackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ElectMoreHackers</a>

Andrew 🌻 Brandt 🐇NBD, just got to march in a Labor Day parade in Louisville, CO because I am a candidate for local office. Got a chance to shake hands with my rockstar congressman Joe Neguse and thank Colorado's Secretary of State Jena Griswold for helping defend democracy in 2020 and beyond. Pretty sure this was the first time any participant in the parade wore a <a href="https://infosec.exchange/tags/Defcon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Defcon</a> speaker badge!<a href="https://infosec.exchange/tags/SchoolBoard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchoolBoard</a> <a href="https://infosec.exchange/tags/COPolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#COPolitics</a> <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> <a href="https://infosec.exchange/tags/LaborDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LaborDay</a> <a href="https://infosec.exchange/tags/LouisvilleCO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LouisvilleCO</a>

Andrew 🌻 Brandt 🐇I haven't seen much about this, but I saw a data breach notification come from the local K-12 school district (<a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a>) this morning, and then someone else who lives in a neighboring district (<a href="https://infosec.exchange/tags/SVVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SVVSD</a>) mentioned that they had also seen a breach notification from their school district.This is the notification. It says, in part, that this was "a nationwide data incident affecting over 350 school districts and higher education organizations across the US"Does anyone have more information on these school data breaches/intrusions that seem to have been much larger than previously thought?<a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/schoolboard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#schoolboard</a> <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> <a href="https://infosec.exchange/tags/StVrain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#StVrain</a> <a href="https://infosec.exchange/tags/colorado" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#colorado</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/schoolbreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#schoolbreach</a>

Andrew 🌻 Brandt 🐇Hi folks. I wanted to share a bit of news about something outside of the world of <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> that I'm getting involved in: I'm officially a candidate running for school board in the town where I live, Boulder, Colorado. The election is this November!I won't be posting about education policy topics on this account; I've set up a separate Mastodon account on the server used by many locals in <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a>: <a href="https://toot.bldrweb.org/@andrewbrandt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@andrewbrandt</a> and using that account as the main one for my campaign. I hope you will follow me there if you care about compassionate, supportive schools that are not hostile to the <a href="https://infosec.exchange/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LGBTQ</a> community.I've also set up a campaign website where I'll be trying to reach <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> county voters at <a href="https://brandtforbvsd.co/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://brandtforbvsd.co/</a>This is a bit of a reach for me. I haven't ever run for...well, anything, before. I am looking for people who can help me run my campaign, including folks who might know a thing or two about the <a href="https://infosec.exchange/tags/VAN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VAN</a> system for reaching registered voters. I'd also welcome references to people who can help me craft visuals for the website and for things like campaign yard signs.I've been extremely humbled by the support I've already received from many current and former <a href="https://infosec.exchange/tags/BVSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BVSD</a> board members, and hope to continue the challenging (and unpaid) work of helping to manage a wonderful and well run school district with a nationally-renowned superintendent.Most importantly, I believe that, as a hacker, I have a unique opportunity to help guide the local public school system as it faces unprecedented challenges in the form of emerging technologies like <a href="https://infosec.exchange/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChatGPT</a> and other large language models and <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> platforms, as well as trying to navigate the tricky waters of internet safety and data privacy for school-age kids.If you believe, as I do, that we need to do a better job as a society at helping the next generation deal with these thorny issues, I hope you'll support my campaign and follow me on this journey. Thanks for reading! Please boost for reach.<a href="https://infosec.exchange/tags/schoolboard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#schoolboard</a> <a href="https://infosec.exchange/tags/Boulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Boulder</a> <a href="https://infosec.exchange/tags/LouisvilleCO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LouisvilleCO</a> <a href="https://infosec.exchange/tags/LafayetteCO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LafayetteCO</a> <a href="https://infosec.exchange/tags/SuperiorCO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SuperiorCO</a> <a href="https://infosec.exchange/tags/elections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#elections</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#bvsd