For those who skip the intro, the biggest security news this week was the passage of CISA, Oracle’s… interesting.. security claims, more discussion on encryption weirdness from the NSA, and security research getting a DMCA exemption. All these stories are linked down below.
Yesterday I hopped in the car, drove over to the kid’s school, and participated in the time-honored tradition of the parent-teacher conference.
I’m still new to this entire “kids in school” thing, with one in first grade and another in kindergarten. Before our kids ever started school I assumed the education system would fail to prepare them for their technological future. That’s an acceptance of demographic realities, not any particular criticism. Look around your non-IT friends and ask how many of them really understand technology and its fundamental underpinnings? Why should teachers be any different?
As large a role as technology plays in every aspect of business and technology, our society still hasn’t crossed the threshold to a majority of the population knowing the fundamentals, beyond surface consumption. That is changing, and will continue to change, but it is a multigenerational shift. And even then I don’t think everyone will (or needs to) understand the full depths of technology like many of us do, but there are entire categories of fundamentals which society will eventually fully integrate – just as we do now with reading, writing, and basic science.
Back to the parent-teacher conference.
During the meeting one teacher handed us a paper with ‘recommended’ iPad apps, because they now assume most students have access to an iPad or iPhone. When she handed it over she said “here’s what our teachers recommend instead of ‘Minecraft’”.
This was a full stop moment for me. Minecraft is one of the single best screen-based tools to teach kids logical thinking and creativity. And yet the school system is actively discouraging Minecraft. Which is a particularly mixed message because I think Minecraft is integrated into other STEM activities (they are in a STEM school), but I need to check. The apps on the list aren’t terrible. Some are quite good. The vast majority are reading and math focused, but there are also a few science and social studies/atlas style apps and games, and everything is grade-appropriate. There are even some creativity apps, like video makers.
On the upside, I think providing a list like this is an exceptionally good idea. Not every parent spends all day reading and writing about technology. On the other hand, nearly all the apps are, well, traditional. There’s only one coding app on the list. Most of the apps are consumption focused, rather than creation focused.
I’m not worried about my kids. They have been emerged in technology since before birth, with an emphasis on building and creating (and sure, they also consume a ton). They also have two parents who work(ed) in IT, and a ridiculously geeky dad who builds Halloween decorations with microcontrollers. As for everyone else? Teachers will catch up. Parents will catch up. Probably not for must of my kids’ peers, but certainly by the time they have children themselves. It takes time for such massive change, and it’s already better than what I saw my 20-year-old niece experience when she ran through the same school district.
I still can’t help but think of some major missed opportunities. For example, I was… volunteered… to help teach Junior Achievement in the school. It’s a well-structured program to introduce kids to the underpinnings of a capitalist society. From participating in Hackid, it looks like there is huge potential to develop a similar program for technology. Some schools, especially in places like Silicon Valley, already have active parents bringing real-world experience into classrooms. It sure would be nice to have something like this on a national scale – beyond ‘events’ like the annual Hour of Code week.
And while we’re at it, we should probably have a program so kids can teach their parents online safety. Because I’m pretty sure most of them intuitively understand it better than most parents I meet.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- David Mortman is giving a talk on DevOps security next week.
- Dave Lewis over at CSO Online on Groundhog Day security. He also mentions LEGOs and Munich.
- Mike claims some video of him talking about some security thing will be on the web sometime soon. All I know is it will be at Dark Reading, and he isn’t always great on the details.
Other Securosis Posts
- The Economics of Cloud Security.
- Hybrid Clouds: An Ugly Reality.
- How I got a CISSP and ended up nominated for the Board of Directors.
- Chewie, We’re Home.
Favorite Outside Posts
- Adrian Lane: OMG, the machines are breeding! Mankind is doomed! DOOMED!!! Robert Graham offered a little tidbit on how his Tesla’s WiFi behaves while trolling the security press. And we’re glad he got a new car.
- David Mortman: Josh Corman and John Willis on containers and supply chains at the DevOps Enterprise Summit.
- Rich: Telecom companies track everything about you, and sell it. This is why I care so much about privacy. Even the NSA has to go through some nominal process before they can stick a location tracker and packet sniffer in your friggin’ pocket.
- Mike: Porn websites are the top mobile infection vector, 2015 report shows. With porn, mobile, and infection in the title, how could this not be my favorite link this week?
Research Reports and Presentations
- Pragmatic Security for Cloud and Hybrid Networks.
- EMV Migration and the Changing Payments Landscape.
- Network-based Threat Detection.
- Applied Threat Intelligence.
- Endpoint Defense: Essential Practices.
- Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications.
- Security and Privacy on the Encrypted Network.
- Monitoring the Hybrid Cloud: Evolving to the CloudSOC.
- Security Best Practices for Amazon Web Services.
- Securing Enterprise Applications.
Top News and Posts
- CISA Passes Senate Without Addressing Privacy Concerns.
- New DMCA Exemption is a Positive Step for Security Researchers. Two regulatory stories this week. One good (this one), and one bad (CISA).
- The NSA is abandoning elliptic curve crypto. That is a huge deal, and this paper is very worth reading, especially the conclusions.
- Oracle makes some bold security (and cloud security) claims. Basically, put more security in silicon, and then trust Oracle. But it has very little entropy (1 in 16), and as this other piece shows, they aren’t actually best at security
- Google Requires Symantec To Adopt ‘Certificate Transparency’ Following Rogue Certificate Discoveries. This is a pretty big deal; it seems big yellow has some serious internal control and audit issues.
- 15-Year-Old Arrested For TalkTalk Attack. Using a vuln I think is older than he is.
- The UK enforces mandatory porn filters over the entire domestic Internet. Aren’t we Yankees supposed to be the sexually uptight ones?
- Why ad fraud continues to thrive.