By Holly the Assistant
About noon yesterday I got the first note from a college student of my acquaintance, followed very shortly by confirmation from a different student at a different school: Canvas got hacked by a ransom group.
Canvas, for all five of you that have not had to deal with it for a public school, a public charter school, a private school, a college, a university, or any other group that uses it, is a really pretty terrible software platform that lets you read textbooks, download assignments, upload assignments, take exams, check grades, submit grades, etc. It works mostly, depending on the users. Mostly.
Which makes it slightly better than the competition, so many educational entities have signed up. Internationally many.
Almost all the eggs are in one basket, and as those of us who remember the nineties recollect, the tech troublemakers target the biggest basket as much as they can: the payout is better, whether money or chaos.
One friend asked “But what do they think they’ll gain? Who would pay the ransom?”
My answer was “Not everyone is as tech savvy as you are. Think of our local school district, which had to close a school due to declining enrollment, and whose position is ‘we didn’t do anything wrong, it’s home schoolers’. Faced with the ransom message, with a debit card to a slush fund meant to cover paper and toner, and two weeks from final exams, are you absolutely sure that some administrator isn’t going to pay up to avoid more people pulling their kids out angrily and more school closures resulting?”
The policy at the colleges and universities appears to be landing solidly on “We’ll just cancel finals in the affected classes.” So no finals for the kids who waited to the last minute to take the online finals, and the pre-final grade is the grade for the class. Or that’s how it’s playing out for my friends. Colleges I don’t have sources at, or where my sources are busy taking in-person finals right this minute, may be doing other things.
There’s no great answer in the short term.
In the long term, maybe more pen and paper in person exams. I’m old enough to remember blue book exams, and I heard those are coming back in some classes because of AI usage by students, which is a whole other thing, because apparently it’s been found that a number of the students enrolled in online classes and turning in AI essays are not actual people but extraction of loans and grant money fictions who vanish when the funds are gone with no recourse for the government . . . but that’s a different story.
I certainly don’t fondly remember standing in line with the course registration paper in hand, waiting at the registrars’ office to sign up for classes. It worked, but it was obnoxious and a pain. Online WAS quick and easy, comparatively . . . but right now it’s down, so you cannot register.
Link to schools affected, sort of (found not the individual districts but the state department of education for my state):https://privatebin.net/?f8c17bc224cd9f22#F2qrJM6a2juvQjziJTH8Pbwef5Lsa8TzRbCFW5FMg4uW
A good summary article: https://stateofsurveillance.org/news/instructure-canvas-shinyhunters-275-million-students-3-6tb-breach-2026/
If you and your children are affected, time for The Old Freeze Your Credit Song and Dance. Except if you did that two months ago for the Blue Cross Blue Shield hack, you’re probably still frozen. Or one of the many, many other hacks, that have become part of our daily lives.
At the same time, our oh-so-safe-by-obscurity Linux distros have had a couple nasty exploits discovered in the last week. Maybe not-so-safe-by-obscurity anymore.
P.S. Those are not MY eggs pictured: mine are considerably dirtier because my hens are messy creatures. I do believe that eggs are probably safe from computer hackers, but the local magpies are hopeful of successful thievery. The roosters think that magpies look like they might be tasty . . . in any event, there are no computers involved in the production of eggs here, and the highest tech is the whiteboard that holds the daily records.
According To Hoyt 
So there were several things going on with canvas, from what I recall hearing. One, is that there was some redirection going on, and basically your browser might block that based on the certificates not matching. I think there was also some sort of DDOS.
Canvas may be fixed now at some universities.
But, there are definitely more elements of the software world slightly f&cked now.
These are (1) vulnerabilities that were already there, but it has suddenly gotten a lot easier to find them. So the actual competent programmers (unlike me), are racing for the moment, and the white hats are trying to catch up to the technical debt before the black hats can run up the score.
EU has a lot of opinions, and the EU is pretty much at right angles to seeing the most important things. US federal government may also be at right angles.
(Some parts of my opinions and perspectives may be valid, but there is a more than decent chance that the stuff I am focusing on is also not the most important and best understandings. )
(1) in many cases
LikeLike
The EU’s insistence on having back doors into everything (and the US government is only *slightly* more restrained in this regard) is starting to look more and more like civilizational suicide, imo.
As if the EU isn’t already engaging in enough of these.
LikeLiked by 1 person
Yes, I remember the ’90s and hacking.
Yet Another Smug Mac Owner: “If you owned a Mac, you wouldn’t have to worry about hackers or computer viruses!”
Irritated Me: “That’s because not enough people own Macs to make hacking them worthwhile!”
LikeLiked by 1 person
More like Macintosh were the ones with total control over your computer.
LikeLike
c4c
LikeLike
Don’t feel TOO smug about the whiteboard – while there may be no electronics involved, the material science that makes a whiteboard work is definitely advanced tech. You’re literally writing on a liquid, which isn’t the easiest thing to accomplish.
Canvas used to have a major competitor Blackboard, so of course one bought the other, and now there’s only one major course management system remaining. There are open soure aternatives to parts of the experience, but nothing that encompasses everything in one place.
LikeLike
Canvas people say They Have Fixed Things.
Both Blackboard and Canvas are still in the business; Blackboard’s parent Anthology just emerged from Chapter 11 bankruptcy.
Never used Canvas; CSU Eastbay/Hayward had Blackboard when I was there.
LikeLike
It will always remain Cal State, Hayward. That is where it is. On the hill above the Hayward fault, ready to slide downhill when the fault awakens. We are just about out of the earthquake shadow when the hills will come alive.
Graduate back in the dark ages after i got out of the army in 69. More than 50 years, it seems like yesteryear. May have been some changes since.
LikeLike
Yeah, some. You probably remember Warren Hall, the big building on the south end, parking on east and west.
Wasn’t earthquake safe; imploded it in 2013. Originally thought to be replaced, now just parking. My wife was still teaching there, but mostly on the Concord campus.
Couple other new buildings – Business, Student Union. I was a Nursing student, hung out in Science.
LikeLike
I am retired from a career in financial services. I am an “emeritus member” of the CFA Society (Chartered Financial Analyst) – both the national and local organizations – on of the premier professional certification organizations in the world.
I received an email today that the Canvas system which is the basis of their “Learning Ecosystem” was hacked and they shut down access. Access has now been restored but there is not information on what information may or not have been stolen.
So far, according to the organization, there appears to be no unusual activity on CFA sites.
Bottom line, this may have hit more than just schools and educational sites – any site that offers professional or other learning as just one aspect of their activities.
Be vigilant out there.
Mark
LikeLike
I am retired from a career in financial services. I am an “emeritus member” of the CFA Society (Chartered Financial Analyst) – both the national and local organizations – on of the premier professional certification organizations in the world.
I received an email today that the Canvas system which is the basis of their “Learning Ecosystem” was hacked and they shut down access. Access has now been restored but there is not information on what information may or not have been stolen.
So far, according to the organization, there appears to be no unusual activity on CFA sites.
Bottom line, this may have hit more than just schools and educational sites – any site that offers professional or other learning as just one aspect of their activities.
Be vigilant out there.
Mark
LikeLike
I am retired from a career in financial services. I am an “emeritus member” of the CFA Society (Chartered Financial Analyst) – both the national and local organizations – on of the premier professional certification organizations in the world.
I received an email today that the Canvas system which is the basis of their “Learning Ecosystem” was hacked and they shut down access. Access has now been restored but there is not information on what information may or not have been stolen.
So far, according to the organization, there appears to be no unusual activity on CFA sites.
Bottom line, this may have hit more than just schools and educational sites – any site that offers professional or other learning as just one aspect of their activities.
Be vigilant out there.
Mark
LikeLike
Lovely. Eldest took a community college course last fall, received the textbook for free through Canvas, now we’ll have to put a hold on his credit.
LikeLike
So, I have been providing IT services to small businesses in my local area for 30 years now. I have not had, knock on wood, a major penetration or service outage at any of them other than pure hardware failure in that time. Nowadays we do a lot of redundant hardware also.
I have had several customers get sold by quick talking salesmen on the idea of using cloud services and 3rd party cloud versions of of the industry software that they might be running. When I can I talk them out of it I do. I also warn them that if they do they need a ready to go paper system to operate their business when their internet goes down, or the infrastructure the cloud software stops working (Microsoft’s Azure Cloud at least a couple times a year), the service provider turns off your account or slows or turns off your virtual servers in favor of larger clients in a crunch (amazons AWS during COVID) some small businesses lost their services they depended on for up to 6 weeks if I remember right. AWS prioritized the big fortune 500 and larger customers at the expense of the you and me customers when everyone started moving stuff to the cloud for COVID. Your shit will get hacked in the cloud and your just SOL until someone else fixes it if they can. I have multiple examples in the last 6 years that have shut entire industries down for days to weeks at the time.
Not to say that some of this can’t happen if your running locally but with a decent design it can be mostly avoided.
My impression is that because of several reasons the reliability and usability of software in general has decreased drastically in the last decade. First reason is that almost all of our last generation coder’s who created most of what we use today or at least the foundations of it are retired or dead now. The people following them don’t truly understand what they are maintaining and or extending and it has led to a lot of fucked up software. Microsoft products come to mind very strongly here. Second reason is that I don’t think most of the coders of today are that good. They are part of the last few generations without great work ethics or pride in what they do. I’m not saying that everyone is like that but the average number is higher. I decided to downsize and run a one person shop with a smaller customer base from the 13 employees I had in 1999 because trying to find good employees even paying a premium for our area at the time was horrible. We were constantly having issues even with the technically competent in customer service and having any loyalty to the company in actually doing their jobs. I don’t know the number of people we let go because they would tell customers that they could get stuff cheaper somewhere else. Which was true as you could order from online vendors at our wholesale costs. However we had a retail business and could install a part that day rather than a week or so then if they ordered a part themselves. At most our markup was only 25%. I really didn’t care where the part came from but dealing with a customer accusing me of cheating them over 25 dollars on a part I could install today got old when it was my tech that created the problem. Telling the tech that “you do realize those margins are part of what pay your salary and don’t do that again” just didn’t work.
I have a friend that is part of a start up writing a new software product and is the head of the software development team. You wouldn’t believe the issues he has getting developers to do their jobs and code what they are asking them to. out of a team of about 10 him and one other are the only ones that seem to be able to troubleshoot problems in the code. Everyone else just hits a bug and comes to them to to fix it. It drives him nuts. These are guys being paid 100,000+ a year in freaking SC, i dont think any of them have less than a decade of experience and most 20+ years.
sigh i could write a book on all this stuff. The end result is that the software and OS’s your using are not getting better they are getting worse. I’m going to give BSD, and LInux a pass on this as it is passionate volunteers contributing most of the code there. It’s what I use daily and it mostly just works for me. My family use windows and it is the bane of my life fixing shit all the time. I make a lot of money with customers fixing windows shit, outlook shit, office 365 shit. sigh. 20% of the time I make money just telling them after trying to fix it that it’s not fixable after researching it. I have to tell them that everyone is having this issue and until Microsoft fixes their end of it it won’t work.
For the guy that loves apples, there are bugs in the apple os more than 15 years old that have never been fixed. For most people just wanting a basic desktop apples work better than windows. If you start truly pushing them in networking and such there are serious issue you can run into unless you pony up serious money for third party software fixes. Been there done that.
Maybe AI can pick up the slack in coding eventually, maybe, I do know it isn’t their yet. Company my friend works for keeps trying it and it produces code but its buggy. Once they fix the bugs the next problem is that even though it works the code is very clunky and inelegant. That means it runs slower than it should and is confusing to troubleshoot. They are trying to write a quality program and it’s not easy, for sure AI isn’t there yet to do so.
A lot of companies just don’t care and put out the buggy code and thats another thing that is degrading user experience for a lot of software.
LikeLiked by 1 person
I’m a few years out of the gossip cycle for the last company I worked for. When I retired, the company had hired five more people. OTOH the company had been running short of programmers. Last I’d heard, four of them had moved on, and two others had retired (they were 70). I don’t know that the newcomers coding or work ethic were bad. But I suspect it was the programmer/phone-user-support, that is the problem. Even with the addition of being able to remote connect to most to see what is going on, one needs the patience of a saint. The pay, for the area, is comparable, even for most positions in Portland. Doubt it has changed. One of the reasons I stayed there 12 years. Everything else would have been at best a lateral move, with little extra benefit. Working with end users, with no between actual support department, was not new for me. In fact, rather rare.
LikeLike