Interesting People mailing list archives
Re. An DDoS attack seems to have taken down California's (and maybe Nevada's) Common Core tests this week
From: "Dave Farber" <dave () farber net>
Date: Wed, 03 May 2017 17:05:53 +0000
---------- Forwarded message --------- From: Jeremy Epstein <jeremy.j.epstein () gmail com> Date: Wed, May 3, 2017 at 12:57 PM Subject: Re: [IP] An DDoS attack seems to have taken down California's (and maybe Nevada's) Common Core tests this week To: Dave Farber <dave () farber net>, Karl Auerbach <karl () cavebear com> Cc: ip <ip () listbox com> Risks of online testing are unsurprisingly and disappointingly common. For example, I wrote about a similar problem in Fairfax County VA back in 2015. The companies that create the tests aren't addressing the risks, and the buyers of test services aren't sufficiently technically savvy to demand that the vendors provide resilient services - until they get caught as in this case. http://catless.ncl.ac.uk/Risks/28/65#subj10.1 On Wed, May 3, 2017 at 12:20 PM, Dave Farber <dave () farber net> wrote:
---------- Forwarded message --------- From: Karl Auerbach <karl () cavebear com> Date: Wed, May 3, 2017 at 11:49 AM Subject: An DDoS attack seems to have taken down California's (and maybe Nevada's) Common Core tests this week To: Dave Farber <dave () farber net> An DDoS attack seems to have taken down California's (and maybe Nevada's) Common Core tests this week http://sanfrancisco.cbslocal.com/2015/05/01/cyber-attack-on-california-common-core-testing-shuts-down-access-for-hours-state-denies-deliberate-tampering/amp/ From what I hear from techies at an affected school was that it was a TCP SYN flood attack. Apparently a lot of schools had to abandon the tests - which is going to have a large impact in terms of lost time and money, and schools already don't have enough of either. The responses given in the article seem very lame: What ning ning would schedule a system upgrade on the day and time when 350,000 students are scheduled to take an online test? That "lack of sever capacity" excuse could easily have been answered "buy as many server cycles as you need from AWS". And why did they design the tests so that online connectivity was required? Have they never heard of a download of the test and upload of the results? Of course there is the still widespread problem that edge network providers often do not do sufficient blocking of customer traffic that is sent with a purported source IP address that is not part of (or reachable through) that provider's address space. Given the controversies around Common Core and standardized testing one could suspect that this attack had political motivations. --karl-- Archives <https://www.listbox.com/member/archive/247/=now> <https://www.listbox.com/member/archive/rss/247/26467166-6f333f48> | Modify <https://www.listbox.com/member/?&> Your Subscription | Unsubscribe Now <https://www.listbox.com/unsubscribe/?&&post_id=20170503122022:65E4E810-301C-11E7-9834-9A42F4BD7821> <http://www.listbox.com>
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170503130619:CC5AFBE2-3022-11E7-864D-B5276FBC64BD Powered by Listbox: http://www.listbox.com
Current thread:
- An DDoS attack seems to have taken down California's (and maybe Nevada's) Common Core tests this week Dave Farber (May 03)
- Message not available
- Message not available
- Message not available
- Message not available
- Re. An DDoS attack seems to have taken down California's (and maybe Nevada's) Common Core tests this week Dave Farber (May 03)