Google Docs/Gmail Phishing Debacle

Note: Information for G-Suite domain Administrators located at the bottom of this write up.

Yesterdays email debacle was widespread and hit a large number of Gmail users worldwide. Many of the media outlets have touted the “dangerous attack” as “hacking” your email account and warned users not to open any Google Docs. However, this email in particular did not actually do any harm (beyond the annoyance of spamming millions of email accounts). After seeing the source code and the events that followed the incident, it is believed by many (myself included) that this was a proof of concept attack by a researcher to open Google’s eyes to a possible vulnerability. It worked, as Google moved swiftly to disable the app and put in safeguards to HELP combat similar and possibly more malicious attacks in the future. DO NOT be afraid to open Google Docs that are shared with you. DO read on for more information about how you can safeguard yourself from similar attacks in the future.

The Scam

  • What happened after you clicked open on the offending email is the problem, and it something that we have complete control over.
  • The email linked to an authorization page (see screenshot below) that asked you to give an app called Google Docs (Not the actual Google Docs, Docs should never ask you for Gmail and Contact permissions), full access privileges to your gmail account and your contacts.
  • If you clicked allow (rather than closing the page, or hitting deny), it installed an app with the ability to read your contacts and read/send email as you.
  • The app script then sent that same message to every one of your contacts and an inbox on mailinator.com (the hhhhhh@mailinator.com address). Mailinator.com is a public inbox service that had no ties to the email and worked quickly to disable the inbox.

Screen Shot 2017-05-03 at 2.16.10 PM (1).png

What can you do to protect yourself?

  • Never open ANY email Attachments from an unknown source, and be careful when opening attachments from a known source.
  • ALWAYS read and understand what permissions you are giving apps (Online, on your cellphone, on your computer, etc..). If the permissions seem overly invasive, ask questions.
  • If you get a message that says a Google Doc is being shared with you, and it seems out of place, go to drive.google.com and click on the “Shared With Me” tab. Any real shared Google Docs will be located there.
  • Go to https://myaccount.google.com/security and audit your account settings every once in a while. If you click on the “Connected apps & sites” tab, you can verify which apps have which permissions and disable any unused, over-reaching, or out of place apps.
  • Here is more information for keeping your account secure from Google- https://support.google.com/accounts/answer/46526?hl=en

Notes for G-Suite Domain Administrators:

  • It’s wouldn’t be a bad idea use GAM to delete and OAuth Tokens left behind by this incident.
  • If you want to see anyone on your domain has these OAuth tokens, you can use the following command:

gam all users show token clientid xxxxxInsertTokenIDHerexxxxx

  • If you want to see who has these tokens, and delete them, run this command in GAM

gam print users | gam csv – gam user ~primaryEmail delete token clientid xxxxxInsertTokenIDHerexxxxx

Known Token IDs to be removed.

187102321219-1cb4b2gdr0bqv5u5n35vi1hecjcp1sjg.apps.googleusercontent.com

946634442539-bpj9bmemdvoedu8d3or6c69am3mi71dh.apps.googleusercontent.com

632715883535-h36sb9m6fot4vusucprsab95naef791n.apps.googleusercontent.com

366668462857-3qkidqn8oseh9v3fhm3085kpb747bgm7.apps.googleusercontent.com

188775109388-t33r6vb45j8fgf8vpcp4q0e6qt2pe01n.apps.googleusercontent.com

1024674817942-fstip2shineo1lsego38uvsg8n2d3421.apps.googleusercontent.com

Resources:

 

May the 4th be with you (Happy Star Wars Day!),

J

Learn to code | Pass it on

Courtesy of Code.org
Photo courtesy of Code.org

Being a technologist, I love seeing the integration of technology into our everyday lives to make things more efficient. I love seeing the coolest new tech and what it can do to better the world. What better way to understand technology than to learn how to speak its language. Coding promotes logical thinking, creativity, and most-importantly problem solving skills. Creating projects through coding is also a great way to promote STEM, art, and entrepreneurial thinking.  If you go to code.org/promote, you can see several interesting infographics, including startling statistics about females involved in computer science versus males. The main infographic on that page is the one that leads this post. In 2020, there will be an estimated 1.4 million computing jobs, while at that same time there will only be an estimated 400,000 computer science students. In a field that is underserved and has salaries that are much higher than average we have, in general terms, failed to teach the current generation of students how important computer science is. Beyond just the computing jobs, teaching kids critical-thinking skills, how to approach a problem from different points of view, and how to create a solution will make them more well-rounded adults, that have a more opportunities to make a positive impact on their communities, both locally and globally, regardless of their field.

I have taken great interest in the hour of code project, the growth of the maker-movement, and the development of the personal learning model that is becoming prevalent on the net. I want to push some of these ideas in my district, and I know that the best way to get others on board with any initiative is to model it. To be fair, it would be hypocritical to tell children that this is important, you need to learn this, when we as adults don’t completely comprehend it. So, I am going to learn to code. I have to admit, this is also a very self-serving statement. I have always wanted to learn to code, but I didn’t have the resources growing up to pursue it (Full disclosure- see next paragraph for my experience).  As I get older I find that I have the urge to create meaningful content, and teach others to create the same. Today, the resources are endless and a lot of them are free.

My prior coding experiences are limited to a few computer science courses in college that taught me the basics of computer science and a limited understanding of the C programming language. Beyond that, I taught myself HTML when I was a teenager, because I wanted to build a website. I have dabbled here and there with javascript and in the last 5-6 years and learned basic CSS principals. By no means am I an expert coder. In fact, I would struggle to call myself an intermediate coder.

So how am I going to teach myself to code? Well, to start, I am using the same tools freely available to teach kids. I enrolled in the CS50 program at Harvard through their extension school at edX.org. This program is awesome. This is the Intro to Computer Science class at Harvard, and anyone can take it online for free. It includes all the materials that would be included if you were taking the course as a Harvard student. Syllabus, recorded lectures, problem sets, even tutoring/walkthrough videos, and a student forum. You could even pay a fee and get a certificate of completion if you wanted. I am in week 2 of the program, and I love it. Here is a simple game called Star Battles that I created using scratch for my week 0 problem set. I know it is trivial, but actually making myself take the time to learn and create something is a very rewarding feeling.

I will also be using the site CodeAcademy.com  moving forward. I have already started using it as a refresher for HTML and CSS. It is a great free resource if you want to teach kids to code. It is has simple to use, web-based walk throughs for learning to code in several different languages.

Here are just a few good resources for learning and teaching to code-

I know there a a lot more resources. If you have one that you think should be on the list, leave a comment and I will add it.

 

Thank you,

J

Tool of Choice

tools-625620_1280

Let me preface this post with the following statement- I am a technologist, and I have always lived under the motto that any technology is better than no technology. I also strongly feel that in education, adding technology should never be the end-game, learning is. Technology is just a very efficient tool for teaching and learning when placed in the right hands with the right resources.

With that said, I have some great news! Monday night, our School Board approved our district wide 1:1 initiative starting in 2015-2016. This program will put a Chromebook in the hands of every student in grades 5-12 and move current Macbook carts down to cover grades K-4. If you would like more information on all the specifics, here is our press release on the topic. Right now, I really want to discuss why we decided to go with Chromebooks for our 1:1.

The journey to now has been an interesting one. When I started at my district 4 years ago, there were a handful of iPads, tons of 5-10 year old computers, and almost no WiFi (I won’t go into depth on the rest of our infrastructure. Just know, it wasn’t pretty). We have since fixed (most of) our infrastructure issues, including WiFi, which we will be building out to one 802.11AC access point per classroom this summer. With a limited budget, we struggled with how to both modernize our infrastructure and get modern tools in the hands of teachers and students.

In 2012, Google Apps for Education came along and saved us. Email, collaboration tools and storage were just what we where looking for. All of this for the incredibly low price of free! It was around this same time period that Chromebooks became a thing. Through a grant, we were able to purchase several carts of Chromebooks for our district that helped us fill a void of in-class technology that, until that point, we could not afford to fill. It was great! A connected device that cost a fraction of what a full function laptop cost. I remember getting some pushback from others in education for jumping on the Chromebook train.  At that time, districts were buying iPads like they were going out of style. I have no problems with iPads, we even have quite a few in our district, but I have just always felt that tablets should be a secondary device (unless it is for a specific use-case, such as special need or very young students). I vividly remember saying that Chromebooks could never work for a take home 1:1 program at the middle/high school level- They don’t have the functionality, and we have too many kids without internet access at home. Don’t get me wrong, I have always loved Chromebooks, but I have always somewhat questioned their lack of offline functionality.

In the last year, I have changed my stance on this. We started a 1:1 pilot this year in our 5th and 6th grade classrooms with Macbook Airs. Everyone was on board with this large investment, and I was excited, because I thought we were picking the best device for the problem we faced. We were giving the kids a fully functioning device, that would allow the students without WiFi access at home the same advantages as those with access. Don’t get me wrong, the pilot was a huge success. Teachers and students have done a great job with it. However, the number one complaint I received was still regarding students with no internet access at home. The teachers reminded me that many of the most powerful edtech tools that they are using in the classroom are free web-based applications, especially our Google Apps for Education Suite. Here I was trying to solve the problem of no WiFi with a device that still isn’t fully functional without WiFi.

Then it hit me. The solution isn’t the device. Instead, we need to change our approach. We need to focus on making internet access ubiquitous. Here are some of our ideas for making access a priority moving forward. If you want to add any ideas to the list, leave a comment and I will happily add it. Pair that change in thought with the fact that Chromebook offline support has been greatly improved in the last year, and Chromebooks now seem like a no-brainer for us (right now). The tool you choose is up to you, but my advice- the tool is less important than the environment it will be used in. Focus on fixing the underlying problems first.

Thank you,

J

TCEA 2015

IMG_0299

The 2015 TCEA Conference has come and gone. I absorbed tons of EdTech knowledge and met some great people. I always feel recharged after a conference and  ready to hit the ground running when I get back to my district. This year felt more empowering. After a week of networking and learning, I feel compelled to make a conscious effort to better myself, personally and professionally, daily. I want to read more books and blogs, write my own thoughts down, grow my professional learning network, and start working on my Master’s degree.

OK, enough about me. What can I take back to my district? While there were tons of new applications that I can show my teachers, I have decided that my biggest takeaway is that I want to simplify our Professional Development. I want to focus on using two tools (sort of).

Tool number one- Twitter. I realized last week just how powerful Twitter is as a professional learning network. I have been using it as such for years, but never really realized how much I relied on it for professional growth. I want to empower my teachers to start building their own PLN. Having a network of support is invaluable.

Tool number two- Google Apps for Education (not really one tool, but the suite has easily proven to be one of the most powerful free tools for EdTech.) We have been using Google Apps for about 3 years now, and many of our teachers are well versed in many of its applications. But, I want to begin bridging the gap between those that are power users and those that are not.

My hope is that teaching our teachers to connect and collaborate with Twitter and Google will translate into them using those tools to better themselves on a daily basis. We have some great teachers at City View ISD. Hopefully, I can give them some resources that make their jobs a little easier and more efficient. At the end of the day, we should all just be striving to be a little better than we were yesterday. Right?

It’s a start…

IMG_0157

My name is Jeff St. Andre. I am the Technology Director at City View Independent School District in Wichita Falls, Texas. I have a beautiful wife, Whitney, and a soon-to-be 2-year-old son named Crue.

I have spent countless hours consuming information on the internet. Now, I think it is time for me to create some content. I can’t promise that it will always (or ever) be “good” content, but I can promise that it will be based on subjects I care about. Technology, education, family, sports, maybe even a zombie here or there.

Pull up a chair. If you like something I post, let me know. If I write about something, there is a good chance that I enjoy that subject and would love to have a conversation about it. If you dislike something I post… You are probably on the wrong site.

Thanks for visiting!

J