Happy Saturday, Data Sheet readers. I had assumed that I’d be discussing securing the Internet of things, since that’s the topic I spend most of my time covering for Fortune. But my fourth-grade daughter came home from school on Thursday concerned because a few of the kids in her class had figured out the email passwords for all of their classmates and were “hacking” into their school Gmail accounts.
First off, this is the classroom version of Gmail, which is like a closed Google Apps account, where only the school has access to the kids’ emails. The kids can email their teachers, administrators, and classmates, but no one outside the closed system. Second, the passwords were the school’s name followed by the a number representing where that kid would rank in alphabetical order in the class. If your name was first alphabetically, your password was schoolname1.
Not too tough to “hack.” When my daughter realized her password was compromised, she told us and then a teacher, who told her that they would deal with it after the winter break. And this is why I’m writing this story. Because it occurred to me that in the small world of tech and some parts of the business world, security is a big deal and we recognize that a compromised password needs to be changed right away.
There are plenty of people who will shrug off changing the passwords for the entire class as an inconvenience–and good security is often an inconvenience. And in this case, this person was in a position to teach my daughter the wrong lesson about computer security. So I took matters into my own hands: I showed my daughter how to change her password and explained why it was important that she change it when she knew that other people might have it. I then emailed the teacher to alert her and say that I thought it was too dangerous to allow my daughter’s password remain compromised for the entire winter break.
It hammered home how much it is up to me to have regular, ongoing conversations with my daughter about her own online security. How to create good passwords, how to avoid sharing them with anyone, and when to stand up for her own security even when others might dismiss inconvenient measures to protect her online assets or identity. It won’t protect my daughter if an online service decides to store her info in a non-encrypted database, or her health insurance provider gets hacked, but I hope that at least when given the choice between the easy way and the secure way, she’ll take the secure way.
And maybe she can even convince her teacher to do the same if the situation comes up again.
More news below.
Stacey Higginbotham
stacey.higginbotham@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach me via Twitter or email. Feedback welcome.
THREATS
Cybersecurity bill becomes law. As part of the omnibus spending bill that became law on Friday, language that lets businesses share security information about hacking and surveillance without facing consumer lawsuits also made its way through Congress. The news disappointed tech companies, libertarians, and privacy advocates. (The Hill)
Rogue code found in Juniper gear. The U.S. government is investigating unauthorized code inserted in software from Juniper Networks. Experts warned that the code could be a “back door” used to spy on the networking equipment maker’s customers. The software was likely planted by a nation state or sophisticated criminals. (Fortune)
Does Twitter think you're a terrorist? The Department of Homeland Security (DHS) plans use social media in identifying possible terrorist threats among visa applicants, reversing a ban on the practice that the Obama administration upheld back in 2014. Between then and now, the DHS had checked social media accounts on select occasions, but under the new practice it would become standard protocol. (Fortune)
The Obama administration won't budge on encryption. The White House doesn't seem likely to budge when it comes to siding with law enforcement agencies on inserting "back doors" into encrypted software or devices. It is continuing to back tech firms and privacy advocates by allowing encryption to remain unhindered. (Politico)
Sanders campaign improperly breached Clinton's campaign data. A staffer on Bernie Sanders' campaign has been accused of improperly accessing some of Hillary Clinton's campaign data. The staffer was able to peek at the data because of a security glitch in the Democratic National Committee’s system. (Time)
What's in a name? Isis Pharmaceuticals announced Friday that it is finally changing its name to something that people won’t confuse with the terrorist group that took credit for the recent Paris attacks and other deadly episodes of violence. The new name is Ionis Pharmaceuticals. (Fortune)
Hacker group plans to take down Xboxes. A new hacker group plans to ruin Christmas morning by taking down Microsoft Xboxes and Play Stations this year, much like a different group did last year. The group, called The Phantom Squad, claimed responsibility for a distributed denial of service attack on Microsoft's Xbox Live service this past week. (Ars Technica)
What to get the law enforcement agency that has everything? The Intercept published the result of another leak. This time it was a catalog of military-level surveillance gear that it says is increasingly being sold to law enforcement agencies in the U.S., including "stingray" boxes that accurately track the location of a person's cell phone by mimicking a cell phone tower. (The Intercept)
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
How should the U.S. government talk about terrorism?
Public officials have struggled to find the sweet spot between informing the public about the very real threat of terrorism without causing excessive fear or magnifying the power of the terrorists.
We've been through color-coded alert systems. Binary alert systems. Empty promises that don't really mean anything. But public officials should be open about the threats and the actions they are taking, rather than trying to reassure people that they're doing everything they can, when that's clearly not true. Every government has other priorities, including education, infrastructure, and more... Read the rest on Fortune.com.
TREATS
@internetofshit An interview with the account creator (Vice)
Good question How did Reuters get the Martin Shkreli perp walk pic? (BoingBoing)
Putin and Trump sittin' in a tree. The macho endorsement (Politico)
FORTUNE RECON
Robots Will Do More of Your Driving in 2016 by Anne VanderMey
Why 2015 Was Such a Historic Year for Craft Beer by Chris Morris
How UPS Plans to Deliver Your Christmas Packages on Time by Phil Wahba
Is Amazon Planning an Air War on FedEx? by Don Reisinger
Inside Fargo, America's Most Undervalued Tech Hub by Melanie D.G. Kaplan
ONE MORE THING
The U.S. is running low on drone pilots.
Last week it was Hellfire missiles. This week, the U.S. is worried about an exodus of drone pilots. If you’re a US Air Force drone pilot, and your return to civilian life is fast approaching, the service will give you a bonus of $125,000, in exchange for an agreement to serve for five more years. (Fortune)
EXFIL
"There's no socialist running in the Republican primary. We're not hacking into each other's computers to steal our secrets the way that they are in the Democratic Party. You could have just called the Chinese or the Russians.”
Sen. Marco Rubio (R-Fla.) said at a campaign event in Spartanburg, S.C. discussing the fallout from accusations by Hillary Clinton's campaign that a staffer from Bernie Sanders' campaign had accessed proprietary campaign data models after a security breach let the Sanders' campaign get access to Clinton's proprietary data models. Sanders later said the DNC was cutting off his campaign's access to the DNC database ahead of Saturnight's Democratic presidential debate to help Clinton win. (The Hill)
