by Felicien | Sep 6, 2018 | Education
What is PMKID?
Pairwise Master Key Identifier (PMKID) is a type of roaming feature in a network. Recent improvements in hacking have been targeting it for exploitation in vulnerable processes, thereby demanding that ongoing security efforts better address it and its affected procedures.
New wi-fi hacking strategies have been using coding and processes that have made it easier for hackers to learn user passwords for a wide range of router types that are commonly used in homes and businesses. Specifically, processes targeting PMKID zero in on internal network protocols with its features enabled, bypassing critical processes. The method was initially discovered by accident, in an assessment of developments in WPA3 security standards, with the exploitations realized to be potentially applicable to existing security systems.
What Security Vulnerabilities Are Concerning?
Online sources including The Hacker News report that hackers have used the approach successfully to gain pre-shared key (PSK) user account login passwords, which they have then used to hack the wi-fi networks of their victims. This has led to hackers penetrating even further into user databases to gain or misuse other information. While earlier methods have demanded that hackers stand by while waiting for their targets to log in to the network and acquire a complete four-way authentication handshake of EAPOL, the PMKID approach does not require this.
This approach, therefore, makes it easier for hackers to access sensitive information, since they can instead use the Robust Security Network Information Element (RSN IE) with a single Extensible Authentication Protocol over LAN (EAPOL) after making a request from their access point. This is also significantly more efficient and with higher potential for multiple attacks from a single point.
Generally, a successful attack occurs in three steps, which may or may not be followed by the subsequent abuse of personal or otherwise sensitive information. In the first step, the hacker uses a tool such as hcxdumptool to make a request to the PMKID. The PMKID is thereby asked, from the hacker’s point, and the hacker can use the tool to prepare to dump information received to a file for future access and misuse.
In the second step, the tool is used to process frame output, converting it to a hash format for future acceptance. In the third step, a tool such as Hashcat can be used to crack the WPA PSK password, at which point the hacker has the potential to access the personal information of users.
Researchers have been vague in terms of the specific routers involved and the extent of routers most vulnerable to PMKID attacks. The general method seems to be most threatening in 802.11i/p/q/r networks with their roaming functions enabled. This, unfortunately, describes most current routers, while WPA3 developments have only recently begun to counter aspects of the fundamental nature of the vulnerabilities.
The Hacker News reports that WPA3 is a new form of security protocol that is required to address previous WPA2 vulnerabilities that have been increasingly exploited despite smaller non-version-specific security developments. Newer developments employ a new framework that includes features that cannot be encompassed by these smaller software and security upgrades, demanding foundational improvements. An example of a foundational technological improvement is the establishment of Simultaneous Authentication of Equals (SAE).
In addition to the nature of the vulnerability, as is common with modern hacking potentials, access to directions in a PMKID attack are readily available online. SecuredYou is an example of one of many online sources that walk users through potential attacks. According to this source, in an optimized approach, users should first request PMKID from the router, install hcxdumptool and hcxpcaptool, and make network requests for recording through additional described steps.
Other online sources, including the Latest Hacking News and The Register, report that such an approach can be currently used for success in 10 minutes or less on most networks, depending on the extent of active network traffic. Hacking has never been so easy for predators.
What’s Been Happening In Research And Development?
Software and security protocol developers have been addressing the issue most directly through WPA3 and network security strategy research and development. One recent patent has attempted to address and improve an aspect of vulnerability by enhancing an extensible authentication protocol re-authentication protocol (EAP-RP) framework in message transition.
Another recent patent has targeted the way network information is configured and authenticated while maintaining PMKID in addition to a basis on a transient identity key pair provided to other access points. Such developments may benefit users more quickly or to greater extents than the implementation of WPA3.
What’s The Bottom Line?
PMKID attacks do not require the same waiting times.
The potential detriment is high.
WPA3 technology can counter the attacks.
Other non-WPA3 patents/developments may work but should be tested first.
by Felicien | Sep 6, 2018 | Education
Those of us who are in the know about artificial intelligence (AI) in medicine no doubt know that IBM’s efforts to use its Watson system in healthcare have been a mixed bag at best and many of the engineers working on the project have been laid off. What went wrong? Watson did so well on Jeopardy.
How Real Is Real?
One of IBM’s initiatives, Watson Genomics, was focused on using data from lab tests on patient’s cells to recommend treatments, replacing the 10-15 doctor “tumor boards” that do this sort of work. Some aspects of that initiative went very well. But another did not fare well. That initiative ran into real difficulties with patient data, so hypothetical data was used instead together with Watson’s huge intake of oncology textbooks and journal articles. That effort produced treatment recommendations that, in the real world, might have had fatal consequences.
And therein lies the rub. Real-world data is messy. Nothing guarantees that this info is accurate. Hospitals are still oriented towards billing; not excellent outcomes. But even so, this is all the data we have. Not using this information to train AIs, it seems, is not an option.
Current AI systems may use “deep learning” and other techniques to extract patterns from data; the data that they use to discover those patterns is called the “training set.” Once that work is done, the patterns learned are tested against other sets of data to see how well the AI performs. What the Watson experience, in part, indicates is something that AI researchers learned the hard way: it is very difficult to create training sets that mirror the real world. Using actual data is much more effective.
How Current Is Current?
The Watson experience indicates another problem. Medical treatment is constantly advancing, patient populations are changing – if nothing else, they are getting older – and this raises the issue of how the training set used relates to current information. Experts in the field say that so far, very little attention has been devoted to keeping the systems updated with new training set data. This increases the risk that treatment recommendations will no longer reflect the best clinical judgement or the real-world results of using new therapies.
Where Has AI Succeeded?
The success stories of AI applications in health care usually involve a combination of relatively simple questions – “Is this lump in this breast suspicious or not?” – rather than complex ones such as, “What is the best cancer treatment for this tumor in this patient?”
AIs have been proven better than human radiologists at detecting suspicious lesions on several kinds of X-rays. One focus – human eyes are in constant motion, AIs can scan the X-ray pixel by pixel.
What Is Decision Support?
For once, the name of a technology is not misleading – decision support systems act as inputs to medical decisions, and hopefully will improve them. What kinds of decisions? Among them are:
Which antibiotic should I use to cure the patient’s infection and not increase bacterial resistance?
What test should I order next to establish my guessed-at diagnosis?
Which treatment option is the most effective and the cheapest?
Can I safely discharge this patient? If not now, when?
Should I have another radiologist look at this MRI?
Doctors face questions like these every day, and have to make decisions in real time, often without the luxury of contemplation or research. They also suffer from “cognitive overload.” Even with sub-sub-specialties, there is too much information for one doctor to carry in his or her head.
Decision support systems have the advantage of being able to handle huge amounts of data, process it in ways that a single human never could, and they do not suffer from fatigue. The combination of a human doctor and an AI ought to be a winning one. (Provided, of course, that the AI is kept current and retrained when things change.)
What’s The Next Big Thing?
Current decision support systems are notorious for generating “alert fatigue.” They hit the clinician with so many recommendations and warnings that the clinician tunes them out. They also are not well-integrated into the clinical workflow and electronic health record (EHR) operations.
The Holy Grail, of course, is for decision support to be driven by the EHR, with recommendations driven by what is happening to the patient in near real time.
“Clinical pathways” is ripe for innovation. Every patient is unique, but the course of care is in some ways highly predictable. An AI has the potential to automate orders, verify from the EHR that appropriate care has been delivered, flag deviations from the ideal pathway, and recommend corrective actions.
The key focus on AI development in the future should be on “the human use of human beings.” Maximizing outcomes for the patient while at the same time reducing the burden on caregivers—that’s the best case scenario.
by Felicien | Sep 6, 2018 | Education
Experts agree that the legal sector is not really on the cutting edge when it comes to adopting the latest technology trends. In fact, with the long-standing history of traditional values, it is rare to see widespread use of information technology (IT) in the industry. Even in current years, many law firms prefer to stick with hard copies (paper-based) including books, letters, and legal journals. However, as technology advances, this trend may be a contributing factor in keeping the “slow wheels of justice” at the reduced pace for which it is known.
Fortunately, it is evident that the benefits of legal IT technology outweigh the detriments. In fact, it is equally apparent that implementing the deployment of information technology is possible without disrupting the business. That is key to a successful transformation.
What Prompts Hesitation in the Legal Industry?
In the 2016 State of Digital Transformation Report, Brian Solis and the Altimeter Group conducted a survey of 500 executives. The general consensus was that the main issues included the following:
Dangers to breached data
Unsure of return on investment (ROI) to justify the value of increased IT
Risk management compliance
Managing potential legal complications
Resources required for all employees at the office
An additional challenge law firms face is the necessary functionality of the space. In other words, digital upgrades would need to be implemented and perhaps piloted while the regular business continues on. No law firm these days can afford to just close its doors for a few months. These time constraints make it difficult for IT to be introduced and utilized in the legal sector.
Law offices often have a somewhat conservative approach to change, a lack of collaboration, and a tendency to be “set in their ways.” Also, many practices are partner-owned and operated, making the financial risk more personal than it would be for corporations. Lawyers are more likely to take a “wait and see” approach to adding cutting-edge technology.
Why Are the Trends Changing?
Although change is rarely immediate, an increasing number of law firms are acknowledging the need to modernize. Adapting to the digital age is gradual for many attorneys. Perhaps they’re dragging their feet for a few good reasons:
The extreme amount of paper-based processes means the legal firm might spend years working to move all records to digital formats.
Since the legal sector exchanges large amounts of data and information with many individuals and organizations, their technology upgrade could be a pain point for staff, clients, attorneys and even third-party vendors.
Generally, legal professionals are intelligent, educated, and highly skilled. This means the move to embracing new technology should be an easy one. However, they may be reluctant to take that first step.
Perhaps a gradient approach, using a pilot group would help initiate the process. With a small team of informed individuals, the steps to introducing stronger legal IT to the remainder of the office would be much smoother.
How Would This Work?
It would likely require a process of educating the potential users about the benefits of digital technology. This would focus on how much time and money it would save. Explain how this advancement could be accomplished without disrupting the day-to-day business.
Furthermore, the top IT Directors or CIOs should understand how the evolution of their existing method of delivery would save money. It would also allow them to provide better service.
Additionally, by moving away from a paper-based system and using an automated self-service portal for IT support, legal professionals can avoid calling a support engineer when something goes wrong. Users can learn from tutorials and self-help articles to fix devices themselves. As law staff become more familiar with the equipment, they develop confidence to interact with new services and equipment. They learn modern skills and a willingness to experiment with what digitalization can do for them.
At the same time, it frees up IT engineers as law staff benefit from learning how to interact with new services. As the law firm moves forward embracing technology, they become open to further changes in the future for a more connected workforce. It has to start somewhere.
What Would Come Next?
A possible next step would be to employ a chatbot, such as Tawkto, which allows legal professionals to communicate with one another, as well as their clients. This enables real-time communication to occur at any time. By engaging their clients outside of scheduled hours, attorneys provide a more satisfying experience.
This would also help law firms that switch to charging their clients based on successful final results, rather than by billable hour. Since they aren’t being paid by the hour, it makes sense to maximize their time. Digital approaches to communication streamline this process.
In Conclusion
With a sector that is known for preferring a traditional, more conservative operation, it is even more important to take a gradual, phased approach. The right IT Director can plan accordingly to ensure the comfortable adaptation to increasing legal technology. Though the legal team may never be as adept as the IT technicians themselves, this will help the entire law office, as they attempt to improve their digital resources. With the best legal IT tools, the law office should be able to provide better services for their clients and improve their bottom line.
by Felicien | Sep 6, 2018 | Education
Microsoft Teams is a great way to schedule meetings, especially if the participants don’t all work in the same geographic area. It seamlessly integrates scheduling, invitations, updates, and access to virtual meetings. This might sound a bit complicated, but once you know the basics of scheduling in Microsoft Teams you’ll find it to be, not just a powerful tool, but an easy to use one too.
Virtual Meetings Through Microsoft Teams
Not only does Microsoft teams allow you to schedule meetings, but it provides everything you need to conduct virtual meetings. The virtual meetings in Microsoft Teams are made possible via Skype, which provides the audio and video capabilities. In addition, using Teams also allows you to track, join, and document meetings. Access to all these tools begins with scheduling a meeting.
Basics of Setting Up a Meeting
While in Microsoft Teams, click on Meetings and then Schedule a Meeting. This opens up the options you need to get a meeting set up. Your first option is Team/Channel. This allows you to select a team to meet with and a channel to meet in so that an entire team can participate in the meeting. Note that the Team/Channel option will list all the teams you are a member of so you can easily select the right one.
You can also invite individuals alone, or individuals in addition to a team. This works well if you need to invite participants outside of the team or need to hold a private meeting with just one or two participants. If you want to create a private meeting, select the None option under channels and then invite the individuals. On the right-hand side of the screen, you’ll find the options for inviting individuals.
Next, enter an informative title for your meeting. Make it descriptive enough so that it doesn’t get mixed up with other meetings the attendees might have scheduled. For example, calling it “Widget Sales Meeting” is much more helpful than simply calling it “Sales Meeting” or “Tuesday’s Meeting.”
After you’ve determined who will be involved in the meeting, you can set up the date and time. If you need to find a time that works for everyone involved, then click on Scheduling Assistant. This tool will show you everyone’s availability, and it’s a great way to quickly find a mutually optimal time for everyone to meet.
Next, schedule the date, start time, and end time for the meeting. You can also click the Repeat box if this will be a regularly scheduled meeting, and then indicate how often the meeting will take place.
Don’t forget to pay special attention to the time zone used for scheduling the meeting time! Microsoft Meeting will update the time to the correct time zone for each person involved in the meeting when they receive the meeting information.
There is also a section for providing additional details about the meeting. This section supports basic formatting, like bulleted lists, different fonts, and including images or files.
After the Meeting is Scheduled
Once you’ve scheduled the meeting, it will post to the Conversations in the channel you selected and in the general channel for the team involved. In the channel, it will show who scheduled the meeting along with a concise summary of the meeting details. Additional meeting details can be viewed by clicking the ellipsis menu that pops up. This same ellipsis menu also allows you to join the meeting once it starts, via the Join Online button.
The agenda, notes, content, and recordings will be captured in the Team’s channel, which can be very helpful after the meeting is completed. Note that once a meeting has been scheduled, you can cancel it if you are the meeting’s organizer.
Holding Meetings via Chat
You can start a meeting, video, or voice call with others from within a channel. At the bottom of the screen where the Chat prompt is, you would click the video camera icon, located at the far right of the Chat entry box. Your camera will be activated and you will be able to see your camera view. On the right-hand side of the screen, you will have the option to add people. You can also adjust your camera and microphone settings (and disable them, if you need to). You can then assign a subject to the chat and start a meeting. From chat, you can also schedule a meeting – there is a Schedule Meeting option that will appear on the screen.
Conclusion
Microsoft Teams has some very powerful tools to support virtual meetings. It can help you schedule the meeting, announce it to the individuals involved, keep them updated on any changes to the meeting, and even start the meeting once it is time. Taking the time to learn how to use this tool effectively will save you time and frustration.
by Felicien | Sep 5, 2018 | Education
Tablets aren’t just digital babysitters for young kids or fancy versions of ereaders. They offer real value as educational tools. Their versatility, portability, and ease-of-use make them an excellent conduit for learning. Below are seven benefits of using tablets in the classroom.
Seven Solid Benefits of Tablets in the Classroom
1. Portability
Lightweight, easy to carry, and durable if they have screen protectors and cases, the tablets can be picked up and taken on field trips, used in group projects, even taken home. A distinct advantage over desktops and easier to transport than laptops. Bonus: Students with unreliable or no internet at home can potentially be given devices that have broadband subscriptions.
2. Easy To Use
Even elderly parents and grandparents take to touchscreen technology pretty well thanks to the work of developers who’ve studied human behavior to put out the most intuitive devices possible. Elderly people who may have had trouble figuring out the mouse or who had to two-finger hunt-and-peck on keyboards have much less trouble learning to use voice commands or use their fingers to scroll through Instagram. So much easier for younger people whose brains are primed for new information already. Remember … these kids are the future, the ones who will be picking up the tech ball and running with it before you can say Instagram for eyeballs.
3. Great Apps Abound!
There are a TON of high-quality, low-cost educational apps out there. Many are even free. Check out Edshelf.com to see lots of great apps with reviews from teachers. You can build different “shelves” of apps that fit under a certain category. For instance, you could create a shelf where you save adaptability apps that are specifically designed for children on the autism spectrum. Cough Drop is an AAC app for people who have trouble speaking and could easily be downloaded to an iPad. Many other apps may not be specifically meant for differentiated instruction, but have options that make it easier to reach every student. The trick is in finding something that is easy to use but also worthwhile. Using Edshelf.com can help teachers discover the most effective tools because other teachers will post information about how they used the app, whether or not they had any trouble, and how effective it was at enhancing the lesson in a genuinely valuable way.
4. Digital Libraries At Your Fingertips!
No more heavy backpacks! No more waiting for college before being allowed to write in their textbooks!
With tablets (and other computers) students can use digital textbooks like Geography Alive! They’re not only lighter, in the long-term they are cheaper. Most tablets are pretty affordable, and digital textbooks are typically less expensive than their paper counterparts. They have the added bonus of interactive features, annotation, dyslexic-friendly font options, audio features (the textbook reads itself!), and study materials. Even if digital textbooks were only available on desktops, they seem a lot cooler than printed books. However, with a tablet, you can carry all of your textbooks, plus digital libraries in the form of apps like Hoopla and Libby. For this benefit, alone tablets look like a sweet deal.
5. Good Training For Real Life
Touchscreens are ubiquitous. Tablets are the only computing devices right now (apart from smartphones) that offer the user interface and experience that prepares students for the type of digital experiences they will have into their adulthood. They allow teachers an opportunity to demonstrate for students how to live in a digital age. This is perhaps the most important advantage of all. The reason? Because the fact of the matter is, short of an apocalyptic event that thrusts civilization back into the Stone Age, the technological advances will keep coming. Educators need to properly prepare students to know the differences between good and bad information, to keep themselves safe online, and to use these technologies in a responsible way. Students will learn netiquette at earlier ages.
6. Versatility
With the proper accessories, tablets can be used as a slate, artist’s canvas, worksheet, journal, handwriting sheet, whiteboard, camera, laptop, and more! Kids can go through a scavenger hunt on a field trip, edit video, or just revise their papers on the tablet using the extremely intuitive UI/UX that’s only getting better every day.
7. Nearly Instant Assessment
The answer to every ADHD kid’s prayers, and the balm for every secondary teacher’s overloaded arms! Students can take quizzes and tests, run lab simulators, and turn in homework online. No more messy papers, no more shuffling through stacks of grading. Grade papers and immediately switch screens to record the grades. How cool is that?
The Final Grade?
With the ease-of-use, intuitive design, and relatively low price point, these versatile little devices belong in the classroom. It’s even better than some of the sci-fi dreams of super-powered desktops. These portable gadgets fit even into the pudgy hands of preschoolers who, given proper guidance and limits, show more engagement and improved literacy skills when tablets are included in their lessons. Tablets will never replace real human interaction, nor should they, but used thoughtfully, they’re a great tool.
by Felicien | Sep 5, 2018 | Education
We all know about Food and Drug Administration (FDA) food recalls. Remember the ban on romaine lettuce from Arizona? That was finally tracked down to a contaminated irrigation pipe. Quite a bit of tainted lettuce was eaten or discarded before that happened.
The FDA is in charge of more than just food. It also regulates and recalls medical devices. It is little appreciated that many medical devices nowadays either are essentially computers or contain subassemblies that are computers. So, they have all the issues that computers do: bugs, hardware failures, and cybersecurity risks.
What Are Some Examples of Medical Device Error?
Some medical devices, like bone screws, get recalled because they break before their intended end-of-life. Or because their sterile packaging does not protect them until the product’s expiration date. There are many others like this.
With medical devices involving computers, the reasons for recall are countless. Below are just a few:
One recall was due to a device that was intended to generate radiation for cancer treatment giving too high a dose without warning.
Another included anesthesia carts that go into failure mode and shut off the flow of anesthetics and oxygen unexpectedly.
Still another, automated blood testing equipment, was giving false results.
IV infusion pumps were giving the wrong dose or shutting off unexpectedly.
Implantable insulin pumps were delivering the wrong dosage.
Any of these could have results that are fatal.
Why Is Security An Issue?
Many medical devices are part of the “internet of things” (IoT) and communicate with each other or medical records systems via wires or wireless technology. Unfortunately, this means they are potentially “hackable.”
An intruder could say, cause an anesthesia cart to stop delivering an oxygen/anesthetic mixture and deliver only the anesthetic gas. This could kill the patient, while at the same time displaying results on the monitor that would indicate to the anesthesiologist that there was nothing wrong.
An implantable insulin pump could be wirelessly told to deliver a fatal overdose of insulin. Any device that is connected to a medical records system could be hacked to deliver false data. The possibilities are literally endless. And they are scary.
What Is the FDA Doing About Safety and Security?
The FDA has a plan in place to dramatically improve its current surveillance of medical device problems. Obviously, this will involve a lot of infrastructure and database development and will involve all the usual privacy and security issues.
The FDA has in place a system of post-marketing surveillance that is designed to provide early warnings when problems arise in medical devices. Of course, there will be a wide learning curve. Checking the incoming data for indications of device problems is potentially an ideal application for artificial intelligence (AI).
The FDA has also issued guidance on cybersecurity to manufacturers of medical devices. That advice will strike cybersecurity experts as behind the curve:
Give different users different levels of authority
Require strong passwords
Make sure users are notified of software and firmware patches
Many similar recommendations
So far, none of them address one of the most fundamental security flaws that repeatedly show up in software: elevation of privilege. Once a hacker has control of processes in the operating system (and even the most primitive devices have analogues of them), the hacker can create a Super-user who has control of the entire system and can bypass any security measures that are in place.
The software industry as a whole has no solution to this, because the concept of user privilege is fundamental to almost any operating system. The only way around it is to have “locked down” systems in which changes can be made only by the physical replacement of a chip. But that defeats all the advantages of the IoT and connectivity in general.
Medical Devices For Consumers: What’s Good Enough?
Medical device makers whose target market is medical professionals have focused on “more” –more accuracy, more graphics, better resolution, more connectivity, and so on – all of which translates into more expense.
With an increasing focus on costs in healthcare and with more devices aimed at consumers, the market will begin to ask, “What is good enough?”
Consumer-oriented blood glucose meters for diabetics are not as accurate as those designed for use in hospitals –but they are faster, far easier to use, and the newest designs do not require a fingerstick. Instead, they are read from a sensor stuck to the skin. Some newer hearing aids can be adjusted with a smartphone app, sparing the patient a visit to the audiologist.
The Holy Grail of consumer-focused medical devices might be this: an implantable device that will capture data on all critical physiological parameters and transmit warnings to the patient’s physician when something is out of line, or, in a real emergency, summon an ambulance. Smartphones can already broadcast locations to emergency medical services, adding the capability to transmit the patient’s physiological data.
This means that paramedics would arrive knowing what is wrong (heart attack, trouble breathing, severe blood loss) rather than having to assess the situation from a standstill. Of course, if the machine malfunctions or is hacked, it could send the wrong data to paramedics. Those dangers do exist and are very real. The hope for medical professionals is that we will find solutions to these problems so that medical devices can be counted on for accuracy and are oblivious to hackers.
Before we get to that place, we will need to find ways to ensure that our systems and medical devices are much more secure than they are at present, or we will widen the possibilities for disasters.
