Technology that verifies MOOC test takers on the spot

/in /by

8DEver hear of MOOCs? The acronym stands for massive open online courses: the free online courses taught by professors at leading universities.

MOOC business model problems

  • Cheating: Professors can’t tell just how much students rely on Google for help during an exam. A proposed solution has been that students take exams at regional testing centers, but barriers to this include: access to these centers especially in multiple countries, cost and convenience – after all these are free courses.
  • Student identity: Who’s to say the person taking the test isn’t an imposter and not the person who will actually get the grade?
  • Completion rate: Even something as simple as having skin in the game can make students feel more engaged. Most MOOCs are free, so students don’t feel a financial bite if they drop a course or perform poorly.

Many prominent schools, such as MIT, are investing significant resources in MOOCs; however, the viability and success of MOOCs will be ultimately be determined by the legitimacy of the degrees received—and that goes back to the legitimacy of the identities of the people who study the courses and take the final exams.

Remote proctoring

Just like sitting in a classroom under the supervision of a teacher, students need to be monitored as they are sitting in front of their PC, phone or tablet to ensure that they in fact are the ones that took the test.

How does remote proctoring work?

One proctor can monitor via webcams a maximum of six students simultaneously, keeping on the alert for suspicious behaviors such as suddenly wandering eyes.

Human monitors can track students via screen sharing and webcams, even monitoring students’ typing styles to possibly identify test-taking imposters. Newer technologies can remotely track test takers’ mouse clicks and even keystrokes. What these proctors don’t do is verify the identity of the test taker, read on.

Why webcams and keystrokes fail

It’s possible for a test taker to be a different person than the one who enrolled. One technology to nab this problem matches photo IDs to webcam photos.

The obvious flaw here is that if the test-taking imposter resembles (either naturally or artificially) the enrollee, the scam may work. However, a software program analyzes typing rhythm or keystroke dynamics of the enrollee, which is then compared to typing done during a test—but one of the major problems that keystroke dynamics runs into is that a person’s typing varies substantially during a day and between different days. People may get tired, or angry, or have a beer, or switch computers, or move their keyboard tray to a new location, or use a virtual keyboard, or be pasting in information from another source (cut-and-paste), or working with a voice-to-text converter.

Additionally, many tests/exams use multiple choice questions so keystroke analysis is not useful. The student also needs to enroll their typing pattern initially, so this pattern can be compared to subsequent log ins, adding an extra layer of cost. Additionally, any biometric capture of typing rhythm must be independently tested by a third party lab to prove acceptable (NIST) levels of false positives/negatives. At least one study I know suggests that keystroke analysis did not achieve minimum levels of security making this technology un-acceptable as a true means of verifying identity.

Maybe combining photo matching with typing analysis seems like foolproof technology—but webcams are often grainy, not everyone has one, IDs can be forged and things like makeup, hair dye, hairstyles, glasses and facial hair can all obscure the truth.

Technology will continue to be refined, and as it does it will soon get ahead of the imposters; likewise, more educational institutions will implement this technology, which isn’t airtight yet. However with MOOC’s the need to verify student identity exists and may make a large difference in how well they evolve in the marketplace. We need technology that can snuff out cheaters and identity fraudsters, and will work toward verifying the legitimacy of test takers.

Biometric signature IDs (BioSig-ID) argument:

One of the MOOC’s business models is to have students pay for a “verification” certificate that will establish that the student did attend/take exams/complete gradable events or generally was present for other course content. Personal investment in the process seems to work: Research has found that students who pay to be identified and verified to have taken a course and passed are substantially more likely to finish the course.

However, the MOOC’s typical methods of student verification fall short and don’t sit well with security experts. Different methods of verification are needed in order for the business model to succeed. Employers, to consider whether a “verified ID” certificate has any meaning in the workplace need more confidence that the student was “there” and learned the material- not just they signed up for the course.  To be successful, students need to be “identity proofed” at inception and at various times before accessing gradable events like tests, quizzes, interactive chats etc…Throwing up a photo ID and using keystroke analysis with their obvious limitations described above are just not acceptable in todays’ security world.

Some Biometrics like BioSig-ID use gestures such as length, speed, direction angle, and height of each stroke to define one’s unique pattern and can positively identify users as they log in from any PC, mobile or tablet.

These patterns are unique, and BioSig-ID software can distinguish the user from all others. Only a user who has successfully authenticated himself or herself against a previously created enrollment profile can access the device, exam, bank account, health information or other digital asset. What’s more they have created a robust audit trail that captures and compares the IP addresses and other history of behaviors over time. This forensic tool has even been helpful in catching student cheaters.

BioSig-ID’s “Missing Link” creation is patented software-only biometric that complies with the new gold standard for identity verification required by the Reauthorization of the Higher Education Act. It’s the strongest form of identity verification on the market today.

And there’s a twist: No additional hardware is required. This software biometric measures the unique way a user moves his or her mouse, finger or stylus when logging in with a password (consisting of a few simple strokes) created with BioSig-ID.

The BioSig-ID technology already used in over 55 countries for student verification, must have something going for it as it was chosen for the White House based initiative -National Strategy for Trusted Identities in Cyberspace (NSTIC) to create a new solution to verify user identity over the Internet before they can access a digital asset. Check them out at www.biosig-id.com.

Robert Siciliano, personal security and identity theft expert and BioSid-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

ATMs and student numbers rise across the UAE

/in /by

The network of ATMs criss-crossing tourist hot-spots Dubai, Abu Dhabi and other popular destinations in the United Arab Emirates (UAE) is obvious testament to the huge strides taken in recent years by the Gulf country’s dynamic and expanding banking industry. However, there’s another sector that has rapidly grown, too, and it’s a success story that’s almost gone unnoticed. The sector in question is education.

A recent report forecasts that the number of ATMs – let’s call them cash machines – across the world is set to rise over the next few years by some 40 percent, up from 2.6 million last year to and estimated 3.7 million by 2018. Much of the growth will be driven by the Middle East and Africa and Asia Pacific regions, says the report.

Meanwhile, the number of students enrolling in UAE universities and other higher educational institutions has risen by 31 percent in the last five years, according to a report issued earlier this year by Dubai’s Knowledge and Human Development Authority (KHDA). The KHDA says that in Dubai alone, student numbers were up 11 percent in 2012.

And there’s more positive news. The UAE is now the fourth most attractive education destination in the world for students looking to pursue their studies abroad. The claim was made in an article in business magazine Gulf Business which cites the findings of a survey carried out by Dubai International Academic City (DIAC) and Deloitte.

The survey of 2,400 students and a number of companies across the Middle East, Africa and Asia found that the UAE was recognized particularly for its strength in science, finance, economics and management. The students identified Dubai as likely to be their educational destination of choice while the majority of companies described the city’s position as a centre for higher education as good or excellent.

The article says that according to the corporates surveyed within the study, there were 64 skills in high demand across sectors such as tourism and telecoms. There was potential to address some of the skill gaps identified by creating bespoke academic programmes and collaborating with existing academic partners to offer courses within the UAE or in the students’ home countries.

DIAC has been quick to respond to the findings, announcing in August that its universities will be increasing the number of courses on offer by more than 10 percent for the 2013/14 academic year. In direct response to industry demand, universities including Amity, Heriot-Watt and IMT will add an additional 35 degrees in tourism and hospitality, engineering and accounting to their existing portfolio, bringing the total number of degrees to 355. Of the new courses, 11 will be undergraduate, 17 postgraduate and 7 PHD programmes.

News of the new programmes follows a record year at DIAC, which has seen the likes of the University of Wollongong Dubai, Middlesex University and Amity University significantly increase their presence in Dubai – growth that is, in part, due to increased student numbers (20,000) and student enrolment numbers (26%).

DIAC managing director Dr Ayoub Kazim said he was delighted to see the universities expand the number of programmes on offer, particularly in STEM subjects (science, technology, engineering and mathematics), along with tourism and hospitality and accounting. This was a sure sign the higher education sector in the region was responding to the demands of local industry.

Check out the DIAC website here.

Against the Odds — Do’s and Don’ts for Configuring a Secure PIN Number

/in /by

Against the Odds — Do’s and Don’ts for Configuring a Secure PIN Number

We all know that someone who’s waiting for their ‘numbers to come up’ is hoping for a lottery win. However, to fraudsters your PIN number is the jackpot, and depending on the methods that you use to configure and protect your PIN number, they have a greater or slimmer chance of hitting it than winning the lottery.

Here are some of the mistakes that people make when devising their PIN number, and what you should do instead to create your own and avoid become a victim.

Writing down your PIN number

Some people take the risk of writing their PIN number on their debit and credit cards or keeping it in a compartment of the same wallet or purse as the cards themselves. Keeping both together is never a good idea. Both can fall into the wrong hands easily.

Of course, some people use the same number for every single credit card they own as they’re out and about on their travels. Again, that’s a bad idea. You should use a different one for each card.

If you really must jot it down somewhere, write it in an obscure place such as in the chapter of a book. No one would think to look in page 421 of War and Peace. Don’t tell anyone your PIN number, either— not even to your best friend (some do!).

Consecutive numbers or words

123456 is a common PIN that can be cracked with a “dictionary attack” program. Princess and Password are common too. It’s always best to mix things up, use phrases  combine letters, words and numbers and use upper and lower case.

Using a date with words

A popular way to remember one’s PIN number is to choose a date (or dates) that’s easy to remember. For most people, of course, that’s their birthday or wedding anniversary. But in the age of social media, this is risky, even with good antivirus protection. Many people publish their date of birth in their Facebook profile, unaware that they’re exposing themselves to potential fraud should (identity) thieves visit their profile.

A better use of the date method is to combine years (like when you and your spouse were born) or months (like when two of your kids were born) that you remember easily but which are obscure to others. Then choose a code word or phrase that links the two and will remind you of both dates. Like BrattyKiDs200708 or HappyMarried196566. Toss some upper case in there and your pretty secure.

Workplace Violence Red Flags, Prediction and Prevention

/in /by

Every school shooting, workplace shooting and even the Navy Yard shooting could have been prevented if we crowdsourced our security. The fact is that when someone’s about to “go postal,” that person tells the world in many obvious ways. Organizations that do nothing and say it can’t happen to them are next in line when it comes to being unprepared.

In the workplace violence prevention program, you will learn the red flags that at-risk students and employees exhibit and know how to best educate and inform front-line employees, managers and supervisors. When you recognize what methods to use, you will create an observant and security-conscious company culture.

You Learn How To:

  • Identify resources to reduce workplace risks.
  • Conduct an overview of workplace hazards.
  • Develop a policy plan to reflect company culture.
  • Screen potential employees.
  • Decipher the best high and low-tech options.
  • Secure the worksite premises.
  • Incorporate non-violent means of de-escalating violence.
  • Respond to crises, including rape and domestic violence.
  • Identify the signals and characteristics of potential offenders.
  • Intervene to assist overly stressed employees.

Top 11 Workplace Violence Red Flags by Robert Siciliano ©

Studies of workplace violence have built enough data to psychologically profile someone who is most likely to commit a potential act of violence. Any one or combination of the following traits should be reason for concern.

  1. Unreasonable: They constantly make slighting references to others. They are never happy with what is going on. They are consistently unreasonable.
  2. Controlling: They consider themselves as being superior. They feel a need to constantly force their opinion on others. They have a compulsive need to control others.
  3. Paranoid: They think other employees are out to get them. They think there is a conspiracy to all functions of society. They are essentially paranoid.
  4. Power Freaks: They may own firearms and have interests in military, law enforcement or underground military groups.
  5. Irresponsible: They don’t take responsibility for any of their behaviors or faults or mistakes, it is always someone else’s fault.
  6. Litigious: They may take legal action against the company, constantly filing one grievance after another. They blow everything out of proportion.
  7. Angry: They have many hate and anger issues on and off the job, whether it is with co-workers, family, friends, or the government.
  8. Violent: They applaud certain violent acts portrayed in the media such as racial incidences, domestic violence, shooting sprees, executions, etc. They may have had trouble with the law, even just a minor incident.
  9. Vindictive: They make statements like “he will get his” or “what comes around goes around” or ” one of these days I’ll have my say”.
  10. Odd: They very well can be good at what they do, paying attention to the details, but lack people skills. Their presence makes others feel uneasy.
  11. Unhealthy: They might be experiencing sleep disorders, fatigue, sudden weight loss or gain, or other health related problems. They might be addicted to alcohol, prescription or street drugs.

Sometimes a combination of these traits including job loss is enough to lead to workplace violence. Further studies show that in addition to these traits, in days or weeks prior to a violent act, certain significant emotional events will push the employee over the edge.

Most Burglarized Cities in the U.S

/in /by

Surprisingly, burglaries happen more often during the day. Burglars wait for the home owners to leave for work, usually attempting to break in between the hours of 10 in the morning and 3 in the afternoon. The FBI has stated that burglaries were the reason for a loss of $4.8 billion in 2011, meaning that the cost of each burglary at that time was $2,185.

Obviously, there are cities that are more crime-obsessed than others. Here are the top three most burglarized cities in the United States:

Highest Burglary Rates

1. Houston

The humid Texan city is known for many things, including great entertainment and fun, but it also has seen its fair share of crime recently. Houston climbed to the number one spot after seeing an astounding total of 27,459 burglaries in one year alone. Lack of security equipment is one of the biggest issues for burglarized homes.

2. Chicago

Unfortunately, Chicago is no stranger to being in the news and obtaining national media attention for being one of the most dangerous cities in the country. The amount of burglaries the Windy City has seen in one year adds to rough crime stereotype, documenting 26, 420 burglaries.

3. Dallas

The central Texas city, which provides the state with a substantial amount of income, saw a total of 18,727 burglaries in one year. While the total is significantly lower than its fellow Texan city, the amount of money Dallas generates along with the wealth of its residents, leaves the burglars with much to desire and be curious about.

States and individual cities, especially the most crime infested ones, encourage their residents to take measures that help prevent burglaries. One of the ways is home owners receiving discounts on their home owner’s insurance when they add safety features to the home, such as motion detectors. Many of the tips residents are given include always locking your vehicle, making sure you do not leave any valuables such as phones, a GPS or iPad in your vehicle at any time, locking your windows and doors of your house, installing monitoring systems, motion detectors and house alarms. Another great place to get tips is to check home security blogs with reputable authors.

Help decrease the number of burglaries in your city by following the aforementioned tips in order to do what you can to protect your house, family and belongings.

Security System Control Panels & Apps

/in /by

An electronic home security system can provide peace of mind when it comes to protecting your home and your loved ones.

The nerve center of any home security system is the control panel. It handles all the functions of the system; monitoring the sensors placed on the doors and windows of your home and communicating with the security company if an alarm is triggered. It can also have panic buttons to sound alarms or summon police, the fire department, or emergency medical services. Home security systems can also be outfitted with smoke detectors, water sensors, and carbon monoxide sensors to protect your home against more than just intruders. The panels also have a twenty four hour back-up battery in order to maintain protection of your home even in the event or a power outage. The GE Home Security System control panel, used by security providers in their security systems, can connect to up to forty sensors and perform all of these functions wirelessly. (1)

The security system panels can be programmed with multiple codes for arming and disarming. If your children are expected to get home from school before you do, you can give them their own security code for the alarm system that lets you know when they have entered the house. You can also, if you wish, provide access codes to anyone who might be working in your home, such as a baby sitter or housekeeper. The alarm system’s control panel can also alert you to anytime a door or window is opened, thus keeping anyone from sneaking in or out of the house.

Your security system control panel can also be connected to your homes’ lights, heating and air conditioning, and even appliances. Being able to control all of these functions from one location is what’s known as home automation.

The majority of home security systems today are compatible with free downloadable apps that can control the system remotely. Not only can you arm and disarm the system from anywhere but the app will alert you to any alarms while you are out of the house. If you have provided multiple access codes to your family or people who will be working in your home, the app can alert you to who has entered the home and when. Any home automation features can also be activated with the home security app, allowing you to turn on lights, climate control, and appliances to have your home just the way you like it by the time you get home.

An electronic home security system with a remote control app can offer you peace of mind and protection whether you’re at home or away.

5 Mobile Security Tips

/in /by

Cybercrime is one of the most lucrative illegal businesses of our time, and it shows no signs of slowing down. Over the last decade, cybercriminals have developed new and increasingly sophisticated ways of capitalizing on the explo­sion of Internet users, and they face little danger of being caught. Meanwhile, consumers are con­fronted with greater risks to their money and information each year.

The proliferation of mobile devices has provided a new opportunity for cybercriminals. With mobile shipments now outpacing PC shipments, there is now a large enough pool for the cybercriminals to start to leverage this base to make money.

Here are 5 quick tips to help you protect your mobile device and your data on the device.

Put a PIN on it – As a first basic step make sure you use a PIN code or password to lock your device and make sure it is set to auto-lock after a period of time.

Think before you click: Being on the go is convenient, but in our rush to respond, we don’t always take the time to look carefully at texts, email and social posts to make sure they are valid. Always be careful when clicking on links that you receive from anyone.

Don’t be app happy: Be careful what apps you download and where you download them from. Most malicious software for mobile devices is distributed through “bad” apps.

Be careful where you search: Double-check a website’s address and make sure that it appears legitimate by reviewing the URL or rather than doing a search for a site, type in the correct address in the URL bar to avoid running into any phony sites.

Secure your device:  Make sure all your mobile devices have comprehensive security software, likeMcAfee Mobile Security or McAfee LiveSafe (for all your devices) that protects you from threats, helps you avoid risky websites and malicious apps, and in the event of loss or theft, lets you remotely backup, lock and if necessary, wipe all the data from your mobile device.

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Do You Know What Your Kids Are Hiding?

/in /by

Many of you as parents may think, “not much” when asked this question. But in reality, it’s probably a lot more than you think. So it should come as no surprise to anyone that McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kidswhich examines the online habits and interests of tweens, teens, and young adults, finds there is a significant disconnect between what they do online and what their parents believe they do.

The phrase “liar liar, pants on fire” comes to mind when I hear this topic and the phrase applies to both parents and kids. Parents are lying to themselves if they think they know what their kids are doing online, since 80% said they would not know how to find out what their kids are doing online and 62% do not think that their kids can get into deep trouble online. As for our kids, let’s face it – kids sometimes lie. The study found that 69% of kids say that they know how to hide what they do online from their parents and disturbingly 44% of them cleared their browser history or used private browsing sessions to hide their activity from their parents.

While youth understand the Internet is dangerous, they still engage in risky (and sometimes illegal) behavior. Not only are they hiding this activity from their parents in a variety of ways, but almost half (46%) admit that they would change their behavior if they knew their parents were paying attention.

86% of youth believe that social sites are safe and are aware that sharing personal details online carry risk, yet kids admit to posting personal information such as their email addresses (50%) and phone numbers (32%)

48% have viewed content they know their parents would disapprove of

29% of teens and college aged youth have accessed pirated music or movies online

Adding to this problem is how clueless parents are regarding technology and their kids’ online lives. 54% of kids say their parents don’t have time to check up on the kids’ online behavior and 42% say their parents don’t care what the kids do online. And even worse, only 17% of parents believe that the online world is as dangerous as the offline world and almost 74% of parents just admit defeat and claim that they do not have the time or energy to keep up with their kids and simply hope for the best.

So how do you bridge this divide?
Parents, you must stay in-the-know. Since your kids have grown up in an online world, they may be more online savvy than you, but giving up isn’t an option. You must challenge yourselves to become familiar with the complexities of the online universe and stay educated on the various devices your kids are using to go online.

Here are some things you can do as parents to get more tech savvy:

Get device savvy: Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless, or software, learn it. No excuses. No more, “My kids know more than I do,” or “All I know how to do is push that button-thingy.” Take the time to learn enough about the devices your kids are using.

Get social: One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich, but it is a good way to learn a key method that your kids communicate.

Manage your/their online reputation: Whether you are socially active or not, whether you have a website or not, there are plenty of websites that know who you are, that are either discussing you or listing your information in some fashion. Google yourself and your kids to see what’s being said. Teaching your kids what is and is not appropriate online is a must these days. And as a good rule of thumb, you should teach your kids that things posted online stays there forever.

Get secure: There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in comprehensive security solutions that include antivirus, but also protects your kids, identity and data for ALL your devices like McAfee LiveSafe.

Or you can be like me and tell your kids that once they turn 10 they will be locked in a box in my basement until they turn 30. Just kidding (maybe). But seriously, parents – it’s time to make this a priority, for you and your kids. For more information, click here or follow McAfee on Facebook and on Twitter at @McAfeeConsumer.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Gold Farming A Chinese Full Time Job

/in /by

Gold farmers play massive multiplayer online games, not for fun, but to accumulate virtual currency, or “gold,” which can then be sold to other players, despite the fact that most game operators explicitly ban the exchange of in-game currency for cash. Gold farming is so lucrative, people in China and other developing nations can support themselves by working full-time operating gold farming rings.

About.com reports “most gold farmers are from developing countries such as China and Vietnam. According to World Bank estimates, there are currently over 100,000 people working as full-time gamers in China. They toil away for 12 or more hours a day in internet cafes, abandoned warehouses, and small offices, making about 25 cents an hour, or roughly $75 a month. There are quotas in place and work performances are heavily evaluated. The workforce is dominantly made up of migrant teenagers and young adults who come to the cities looking for work. These “virtual sweatshops” resemble the thousands of toy and appliance factories that have opened in China in the past several decades to take advantage of China’s abundance of cheap labor.”

Many leading MMOs are finding it increasingly necessary to deploy a layered defense to protect against gold farming, chargebacks and increasingly, account takeovers within gaming environments.  By leveraging the power of device reputation, which looks at the computer, smart phone or tablet connecting to the games, the gaming publisher can easily connect together players working together and shut down entire rings in one sweep.  In one case, a major gaming publisher saw the marvel of Oregon-based iovation’s fraud protection service and took action against 1,000 fraudulent accounts shortly after implementing the SaaS-based service.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

What is mCommerce and how do you keep transactions safe?

/in , /by

mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present. In other words, “present” might mean your mobile is equipped with an application that you use to make a purchase in person, such as to buy a cup of coffee or a train ticket. “Not present” could be when you use another application or your mobile browser to make a remote purchase over the Internet or another type of mobile network.

There are several different forms of mobile commerce:

Mobile shopping: You comparison shop or purchase something online using your mobile device (and its browser or a mobile app)

Mobile banking: You interact with your bank account (actions such as check the balance, transfer between accounts, make payments) using your mobile device

Mobile wallet (mobile payments): The mobile device itself is used to authorize payment (via a stored credit card)

Mobile point-of-sale (POS): Specialized card swiping attachments let your mobile device be used to collect payment from a credit card

All of these forms of mobile commerce require a wireless connection to the internet over Wi-Fi or your carrier’s 3/4G connection. Always use a like Hotspot Shield when engaging in mCommerce. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop or iPhone and your Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.