The FBI calls and tells you your web site has been breached! Millions of customer records are being sold online …

I’m speaking at Penn State University in June

The title of this blog post is the same as my session for Web Conference. Following the recent security headlines at Penn State, the title of my session is either ironic or prophetic. I think I’ll go for ironic, since the security issue at Penn State encountered was not really like my title, but the FBI really did call!

If you have not already gathered, I work for FireEye, the company that owns Mandiant, the company that the FBI introduced to Penn State to perform incident response. This blog post is not going to be about the Penn State’s security breach. I just wanted to establish some context.

I have been working at FireEye for close to three years. I joined as an instructional designer, and now I am a manager running a team of 7 instructional designers. In the time that I have been at FireEye I have learned the most incredible things about network security, and the lengths that threat actors (the generic name we use for all the bad guys, be they nation state, criminal gangs, lone hackers, or groups like Anonymous) will go to in order to steal your data or interfere with your network.

I expect that if you are interested in security you are still reading. Rather than talk specifically about my session, I thought I could share with you some tidbits that could come up in any presentation of mine, or dinner conversation after I’ve had half a glass of wine. I’ll include links for further reading for the motivated learners among you.

Target

Did you know that Target was breached through their HVAC contractor? Brian Krebs, a well known security researcher and blogger, published this report that goes into significant detail of how the breach occurred and unfolded. In short – the HVAC contractor was pwned when one of their employees fell for a phishing email that enabled the threat actors to steal credentials to Target’s network. Once the bad guys had that access, they were able to scan the network, learn the topology of the full network, and set about exploring servers, workstations and, most importantly, the POS (Point of Sale) terminals where millions of credit/debit card swipes occur daily. The most remarkable thing about this breach was it was the first time that our researchers had seen malware read card data direct from memory, thus bypassing any need to decrypt the data!

APT1 – The Comment Crew

In 2012, Mandiant published APT1: Exposing One of China’s Cyber Espionage Units. This explosive report describes, in great detail, the activities of a threat actor group that they codenamed APT1. The report tells the history of four main characters in the group, outlining their background and talking about their specific roles. It also pictures the building were 3,000 of China’s army are housed and perform worldwide hacking activities full time. And goes on to describe how China employs a total of around 300,000 soldiers in hacking activities. When I first read this report, the first thing I thought was “If this is what they are willing to disclose publicly, what else does Mandiant know that they cannot share?”

Why are they called the Comment Crew Steve?

Oh yeah – because they posted comments in online forums that were used by their malware to self-configure. So they installed malware on a victim machine, and the malware would at some point connect to the internet to discover its instructions for what to do next – download additional files, for instance.

Interestingly, this tactic has been used more recently: Chinese Snoops Hid Malware Commands on Microsoft Technet Site. Clearly the notion of ‘hidden in plain sight’ is not lost on the bad guys.

Clandestine Fox

Operation Clandestine Fox, as it was named by FireEye when it was discovered, is a fascinating case study, and one that shows the importance of keeping your security patches up to date. In brief, users could be attacked through a crafted web page that contained a specific set of files, including a Flash file that exploited a vulnerability in Internet Explorer. The vulnerability actually existed in all versions of IE from 6 to 11, and was considered so serious that Microsoft issued a patch within 24 hours of FireEye discovering Operation Clandestine Fox, and patched IE6 in Windows XP, even though official support for XP was long-ago ended.

Back to the Presentation

What is the likelihood that something that you develop or admin becomes the vector for an attack on your future employer? We can’t say for sure.

What’s the likelihood that something you develop or admin has a vulnerability that could be exploited? Probably 100%!

Is there anything you can do to mitigate such a possibility? Well there’s lots, and that’s what I’ll talk about. Since this is a Web conference, not a network security/admin conference I’ll keep it fairly light and talk about some of your considerations for web and app development, with some general dos and don’ts, best practices and a few little stories thrown in. If you want to learn more about the kinds of things the bad guys do, and what you, as a web developer, can do to defend against them, then come and see my session.

Adobe Presenter 8 video production

Justin Mass demonstrates how quickly you can produce a demo video with Adobe Presenter 8 – 2 minutes to record, and 7 minutes to edit:-

Dr Allen Partridge to demonstrate the new eLearning Suite in Atlanta

eLearning Suite Launch Party!

Join the Atlanta chapter of the ASTD and the Adobe Users Group of Atlanta for an Informative and Amusing Evening to celebrate the launch of Adobe Captivate 6.  Adobe eLearning Evangelist, Dr. Allen Partridge will share all the latest news and information about Adobe Captivate 6, the yet to be released Adobe Presenter 8, and the Adobe eLearning Suite 6, released on July 18th.

The release of Adobe Captivate 6 has been heralded by eLearning professionals as the most significant upgrade to Captivate in history and the other Adobe eLearning products aim to match that sentiment.  You won’t want to miss seeing for yourself the latest mobile, video and out-of-the-box solutions in Adobe’s hot new eLearning software.

Register here!

Dr. Allen Partridge is the eLearning Evangelist for Adobe. In addition to his work for Adobe Systems, he serves on the doctoral faculty in the Communications Media and Instructional Technology program at Indiana University of Pennsylvania. Allen has written several books and a host of articles on topics ranging from 3D game development to Instructional Design for new technologies. He is active in explorations of Immersive Learning as well as traditional multimedia enhanced eLearning and rapid eLearning. Allen works closely with the eLearning Suite and Captivate teams at Adobe, providing a channel to customer needs and concerns and helping facilitate communication among team members.

Adobe eLearning Suite 6 released

Before the sun was even up here in Atlanta, Adobe released eLearning Suite 6 today. Of big interest to me is the new Multi-SCO packager which has been significantly improved. Check it out in the sneak video below!

 

 

The Ruin of Education in Our Country – a Positive Thing

I was amused by this blog post – Ballpoint pens… the ruin of education in our country – that Jane Bozarth shared on Twitter. It points out some absurdities from educational resistance to change over the last couple of centuries.

Quoting the book Rethinking Education in the Age of Technology: The Digital Revolution and Schooling in America the Nick Sauers has the following list:

• From a principal’s pub­li­ca­tion in 1815: “Students today depend on paper too much.  They don’t know how to write on a slate with­out get­ting chalk dust all over them­selves.  They can’t clean a slate properly. What will they do when they run out of paper?”
• From the jour­nal of the National Asso­ci­a­tion of Teach­ers, 1907: “Stu­dents today depend too much upon ink.  They don’t know how to use a pen knife to sharpen a pen­cil.  Pen and ink will never replace the pencil.”
• From Rural Amer­i­can Teacher, 1928: “Students today depend upon store bought ink.  They don’t know how to make their own.  When they run out of ink they will be unable to write words or ciphers until their next trip to the set­tle­ment.  This is a sad com­men­tary on mod­ern education.”
• From Federal Teach­ers, 1950: “Ball­point pens will be the ruin of edu­ca­tion in our coun­try.  Stu­dents use these devices and then throw them away.  The Amer­i­can val­ues of thrift and fru­gal­ity are being dis­carded.  Busi­nesses and banks will never allow such expen­sive luxuries.”
• From a sci­ence fair judge in Apple Class­room of Tomor­row chron­i­cles, 1988: “Com­put­ers give stu­dents an unfair advan­tage.  There­fore,students who used com­put­ers to ana­lyze data or cre­ate dis­plays will be elim­i­nated from the sci­ence fair.”

It’s fun to note that the book could have continued much further into the past, to Socrates who is often cited as lamenting that writing causes forgetfulness, and thus permanently harms the value of education.

For extra giggles, as a constant reader you will remember all the hoohaa a couple of years ago about how Google makes us stupid. There were so many copycat articles, I’m not even sure I could find the original if my life depended on it  🙂

The fact of the matter is that humans are very resourceful, and somehow we keep fumbling along, learning stuff, making stuff, inventing new stuff, in spite of our seemingly constant efforts to destroy education as we know it and make our children stupid. What do you mean we don’t? It must be true, because I read it a thousand times.

So anyway, Nick Sauers‘ blog post inspired me to write the following on Facebook, and I thought it was worthwhile sharing here – it’s high time I stuck with my occasional promises to blog more consistently anyway!

I remember being told that if I didn’t learn to write as beautifully as my sister, then I would never get a decent job.

Thank goodness for computers, phones, tablets!

I think the only thing I regularly write these days are cheques, and my writing is still horrible 🙂

More seriously, it seems that many of us agree that we do have some deep-seated issues with eduction that need to be addressed. Education in America gets constant bad press for being more expensive and less effective than in other industrialized nations.

IMHO, at least some of the cause, as suggested above, is with teachers and their resistance to change. The trouble with many teachers (not all – I am well aware that there are many great teachers!) is that, on average they are an ‘older’ generation, they were taught by an even older generation and they don’t have time or motivation to truly learn, master and integrate new-fangled technologies and techniques into their workflow.

Therefore I think teaching is about to go through a painful revolution as a few things converge, particularly here in America:-

• The personal cost of higher education, and the return on that investment is just not equating to value.
• There is a loud hubbub about moving to something akin to an apprenticeship model in education – teaching to a career rather than teaching to a square peg and rarely-used specialities.
• The Internet means everyone knows they can get great learning resources for free, so why pay $60,000+++?
• Technologies like tablets really are changing how we interact with information and technology, making learning more instant, and critical thinking more important than Industrial Age teaching methods require (the flaws of Industrial Age teaching wonderfully explained by Sir Ken Robinson, full version here ).
• Classrooms make less and less sense.
• As does the rigid timetable of formal education. More parents work from home these days, so why can’t kids ‘school from home’? I use this phrase as a distinction from ‘home schooling’.
• It might just require a revolution in education to keep unemployment below 10%. It seems like too many young people leave education without being able to turn their schooling into employment.

I’m not saying anything new here. In the eLearning, Teaching and Business worlds, people are saying similar things and have been for a while.

I really have enjoyed the bloom of technology over the last two decades, and the effect of it in our learning solutions, in particular how we can all now be constant and instant learners. I am excited by the changes that are ahead of us, even as I recognize that for many of us, these changes will bring all sorts of trauma as our view of learning gets turned upside down, inside out and spat out as something new and (hopefully) effective for at least a couple of generations before our next learning revolution.

Do share your thoughts in the comments. This is a subject that fascinates me, and affects us all!

What do you think of Windows Surface tablet?

Frankly, I’m getting pretty excited about it. I’ve read in a few places that the Surface tablet will be like the Surface ‘table’ computer in that it will be able to ‘see’ what it placed on it. If you’ve never seen any of the Surface demos on YouTube, you should go peek now.

I showed this iPad vs Windows 8 (beta) tablet to a colleague and some friends. There are some pretty compelling new features, reminiscent of a conglomeration of WebOS and other tablets that make my wallet nervous …

Techsmith Camtasia Studio 8

Techsmith quietly released Camtasia Studio 8 last week.

Camtasia Studio 8 gains a more complex interface as great new features are added.

I am a big Camtasia fan, so I’ve just downloaded Studio 8 and taken a quick look and I see several things that are exciting:-

• Grouping objects on the timeline
• The ability to replace video on the video layer with an image and then zoom the image, same as zooming video (Used to be able to do this with video or image, but not both combined in the same project)
• Motion animations
• Smartplayer – bringing interactive Camtasia projects to iOS at last

Since Captivate and Camtasia are close competitors, it is easy to see why certain features are similar in each, but until now I thought that Captivate 6 was going to be an easy choice for video-only demos. However, this latest release from Techsmith has me certain that I will still want to use both products.

Exciting Times

But I suspect I will not be saying this for long. With Captivate’s new subscription model allowing more regular updates, I hope to see new features in CP6 dot releases that enable Captivate to quickly leapfrog Camtasia.

It has been a few years since Adobe/Macromedia’s software releases have generated such a buzz in the Community. The new subscription model has the potential to be both disruptive and stimulating for software users in all sorts of industries.

Camtasia for Mac

Confession: I have been aware of Camtasia 2 for Mac for some time, and even own a license for it but I did not install it until now. It looks like Camtasia Studio 8 for Windows and Camtasia 2.2 for Mac do not have feature parity right now, though I have to do some more research to be certain.

Adobe has released Captivate 6

On Friday June 15th, Adobe released Captivate 6. This latest version of Captivate has some major new features, including the ability to publish to HTML 5 (concurrently with Flash publishing), a new Video Project, massively improved PowerPoint import and integration, interactive widgets, powerful themes and much more.

If you are heading out for mLearnCon in San Jose on June 19th, I’ll be there talking about the Video Demo workflow with Pooja Jaisingh, one of Adobe’s eLearning Evangelists.

Adobe has published a lot of Captivate 6 feature demos on AdobeTV, and I recommend you take a few minutes to browse them.

Here are some quick Captivate 6 resources:

AdobeTV: What’s new in Adobe Captivate 6

Leive Weymeis (Lilybiri): Captivate 6 – Advanced Actions

 

Adobe Course Companion for Captivate, online demo

Are you interested in Adobe Course Companion?
http://blogs.adobe.com/captivate/2012/01/course-companion-for-adobe-captivate.html

Adobe Systems will give a demo of “Course Companion for Adobe Captivate 5.5” on Wednesday 1st February 2012.

Here are the details.

Date – Wednesday 1st February
Time – 8:00 AM PST (Pacific Standard Time)
11:am Eastern
Duration – 1 hour
Connect meeting URL – https://my.adobeconnect.com/giliyaru

In a week of change, are you wondering about the future of Adobe Flex?

Adobe will continue to develop Flex Builder. Adobe Flex SDK is going open source. Check out this blog post from Adobe for more info:

Your Questions About Flex