Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Education Security

Code.org Will Teach 'Cybersecurity Hygiene' to Millions of Students 29

Long-time Slashdot reader theodp writes: Mr. President," Code.org founder Hadi Partovi told President Joe Biden and tech CEOs from Microsoft, Amazon, Google, Apple, and IBM at Wednesday's Presidential Summit on Cybersecurity, "America's cybersecurity problem is an education problem. I loved [Microsoft CEO] Satya Nadella's wonderful analogy to the car industry, and like Satya said, we need standards for seatbelts in every car for sure. But if none of the drivers took a course in basic safety skills, our roads could never, ever be safe. That's the current state of affairs on the roads of the internet. Without proper education, we can't address our nation's weakest link. If you look around, every CEO is nodding their head because they know we need a plan to educate every American on basic cyber security hygiene, and also a plan to staff up our cyber defense workforce. This needs to start early, in K-12, and reach everybody."

A newly-released White House Fact Sheet announcing "Ambitious Initiatives to Bolster the Nation's Cybersecurity" notes that tech-bankrolled "Code.org announced it will teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years, to teach a diverse population of students how to stay safe online, and to build interest in cybersecurity as a potential career."
This discussion has been archived. No new comments can be posted.

Code.org Will Teach 'Cybersecurity Hygiene' to Millions of Students

Comments Filter:
  • by Fly Swatter ( 30498 ) on Saturday August 28, 2021 @03:14PM (#61739391) Homepage
    Teach them about the value of security first, they appear to need it.
  • by Dorianny ( 1847922 )
    "basic cyber security hygiene" is mostly just simple common sense. I'm not sure you can teach that.
    • Common sense like "don't put your hand in a hot stove"?
      I've taught two people that. It's common because pretty much all of our parents taught us these things.

      I've discovered that MOST people don't actually know how to pick a good password. When I've posted my method here it's been mod +5, apparently because a lot of people reading didn't already know.

      So yeah the cerebral teaching needs to be done - not everyone knows how to be safe.

      Even more, I think what people do know intellectually, they haven't internal

      • by theCoder ( 23772 )

        In a recent pentest, the red team (attackers) took advantage of two mess-ups by one of our senior network engineers. He was quite cavalier about having config files containing passwords all over his hard drive. We had to spend six weeks going through every file in his drive to find all of the secrets, and change the passwords on every switch and router (hundreds or thousands of them).

        You bet your ass he learned something from that experience. He's not reckless with passwords anymore! In fact he's becoming t

        • That's a good question, and I'm sure it's you on the PKI - and Pizza Hut.

          For the config files backups / copies, two things were supposed to be done and have been done now. Either of these two commands make it so the password isn't visible in the config files:

          # enable algorithm-type scrypt secret cisco
          # enable algorithm-type sha256 secret cisco

          The "sha256" in the last command doesn't actually mean it uses a sha256 hash. It's actually pdkf2 using sha256

          That way he can save the configuration, and reuse it, wit

          • by raymorris ( 2726007 ) on Sunday August 29, 2021 @08:41AM (#61741139) Journal

            By the way, if you don't have a password vault, there is something you can do quickly and easily that is a great improvement vs the typical Excel spreadsheet.

            Click File > Info > Protect Workbook > Encrypt with a password

            That encrypts the spreadsheet with AES256, so that's 90% of the way to turning that spreadsheet into a half decent password manager. It only takes ales maybe 30 seconds and it's a big improvement in security.

            • by theCoder ( 23772 )

              Thanks for the great information! I had no idea that routers and such had these better management functions (I don't actually manage any). But it's great to hear that the state of the art can provide much better security than I thought!

            • Pretty good advice, I think one of the biggest problems with cybersecurity is that the majority of people are either in the "don't care/ won't affect us" or the "anything but best practice is garbage" camps. It's like SMS 2-factor, yes is broken but it is one hell of a lot better than nothing.
              • Yeah there are a few things to keep in mind in terms of security. The first is that security consists of THREE pillars:

                Confidentiality
                Integrity
                Availability

                When you say "security" most people think about confidentiality. Availability is just as important.

                You might think that the job of a security person to to fend off attacks. That's true. One important category of attack we want to protect against is the DOS attack, or Denial Of Service. A denial of service is when the people who are supposed to be able to

        • First you said "You can bet those passwords are written down, because in 2.5 months when I make a new random one, I need to the one to change it". Then a little later you said "I do use Keepass, which at least is encrypted, but many my browser knows, too".

          First - what the actual fuck? You have Keepass yet you write passwords down? Why?

          Second, why do you let your browser store passwords? I sure hope they aren't important ones such as online banking!

          • by theCoder ( 23772 )

            Sorry, maybe that was confusing. I consider storing things in Keepass to be writing them down. I very rarely (maybe never?) actually physically write a password!

            No, I don't keep financial passwords in my browser. A lot of financial websites try to thwart that anyway by having a two step login process.

  • by TheNameOfNick ( 7286618 ) on Saturday August 28, 2021 @03:39PM (#61739461)

    That isn't on the curriculum, is it?

  • by Retired ICS ( 6159680 ) on Saturday August 28, 2021 @04:06PM (#61739533)

    The primary reason that the state of "Cybersecurity" is what it is today is precisely because there sorts of incompetent shitheads pretend that they are capable of teaching the modern children how to generate "safe and secure" systems.

    The copy & paste crowd that is output by these sort of lunatic organizations are not only incapable of doing anything that is "safe and secure", the output copy & paste morons are even completely incapable of understanding what it is they are doing or trying to accomplish.

  • by theodp ( 442580 ) on Saturday August 28, 2021 @04:28PM (#61739591)

    Joining Code.org in the White House initiative is tech-backed K-12 nonprofit Girls Who Code, which announced it will "establish a micro credentialing program for historically excluded groups in technology. The program will make scholarships and early career opportunities more accessible to underrepresented groups."

  • But if none of the drivers took a course in basic safety skills, our roads could never, ever be safe.

    Quite obviously he hasn't driven a day in his life on American roads because it is clear the vast majority of drivers never took a course in basic safety skills. Between talking on the phone while driving, talking on the phone while turning a corner, failing to signal or yield when entering the highway, driving too fast for conditions [9cache.com], driving at speed into a fog bank [usatoday.com], ghetto driving, ghetto driving while l

  • ...will 'teach' whatever's currently fashionable or in the news so it'll be out of date by the time its students are applying for college or university.
  • Code.org FINED teachers for teachng boys

    BOYCOTT SEXIST CODE.ORG

  • This'll definitely improve cybersecurity awareness and among students who are female, black, or 'Latinx'. That's what code.org states as their target audience.

    Nice to see the government throw its weight behind an initiative that sees children primarily by sex or skin colour.

    • by guruevi ( 827432 )

      At least it's anti-racist, they never declared themselves to be non-racist, as Ibram X. Kendi declares, you have to fight racism with more racism.

  • by gweihir ( 88907 )

    Understanding code security issues and being able to properly avoid them is something that takes real skill and experience. code.org will at best make the matter worse because it will make people think they have skills they very much do not have.

  • First problem: the internet/web/etc. was never designed with security in mind, and the hundreds of different solutions duck-taped on haven't fixed that yet.
    Second, and more glaring problem: YCFS

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...