Its summertime and your little hackers need something to keep them busy! Let look at some of the options for kids to try out. Ive tried out each of these programs and have had good luck with them. Please post in comments any site you have been successful with your kids in teaching them STEM or IT Security. Ill keep this list up on my github https://github.com/tcw3bb/ISC_Posts/blob/master/Kids_Coding_Security_Resource.

Coding Options (4-7)

Scratch jr (app) http://pbskids.org/learn/scratchjr/

  • Is a gui application that easy to use building blocks to make programs. You will need to help your kids as there is no walk through within the app.

Coji (Robot and App) http://wowwee.com/coji

  • Coji is a robot where you use an app to move him around your house. The app also has games to teach you coding basics. A about half of the puzzle are too hard for him, but its fun.

Coding Options (7 and 12)

Scratch (PC) https://scratch.mit.edu/

  • Scratch is a application that allows you to code using building block. This version has more complex logic options.

Hour of code(PC). https://code.org/learn

  • Learn coding basics using a browser in about an hour per section. Lots of different themes to keep kids interested.

Made with code(PC) http://Madewithcode.com

  • Similar to hour of code but more slanted towards girls. Great for all thought.

Minecraft modding (PC) http://learntomod.com

  • They use building blocks like scratch to make Minecraft Mods. They have lots of options to play and learn watching videos for each learning objective and earn badges.

Scratch Books

Coding Games in Scratch (Jon Woodcock)

20 Games to Create with Scratch (Max Wainewright)

Scratch Coding Cards (Natalie Rusk)

  • These cards can be done on at a time, to do coding in little bites.

Electronics

Snap Circuits http://www.snapcircuits.net/

  • These are the replacement for the ScienceFair 150-in-1 projects I grew up with. Build simple electronics by snapping together electronic parts.

Makeblock http://www.makeblock.com/

  • Arduino kit that plugs into scratch . There a lots of cools project depending on what kits you have. I bought several when radio shack was closing in my area.

--

Tom Webb

@twsecblog

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Enlarge (credit: F-Secure)

Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network. That's according to a 12-page report released Wednesday by security firm F-Secure.

Researchers at F-Secure documented 18 vulnerabilities that the manufacturer has yet to fix despite being alerted to them several months ago. All of the flaws were confirmed in a camera marketed under the Opticam i5 HD brand. A smaller number of the vulnerabilities were also found in the Foscam C2. The report said the weaknesses are likely to exist in many other camera models Foscam manufactures and sells under other brand names.

F-Secure researchers wrote:

Read 5 remaining paragraphs | Comments

 
Cisco TelePresence Endpoint CVE-2017-6648 Denial of Service Vulnerability
 
 

About a week ago, a reader asked for help with a nasty typo squatting incident:

The site, yotube.com, at the time redirected to fake tech support sites. These sites typically pop up a message alerting the user of a made-up problem and offer a phone number for tech support.

Investigating the site, I found ads, all of which can be characterized as deceptive. In addition to offering tech support, some of the ads offered video players for download or even suggested that the user has to log in to the site, offering a made up login form. If a user clicks on these ads, the user is sent to a number of different redirects. For example:

For example: (URL parameters removed to make this more readable)

hxxp://inclk.com/adServe/feedclick (URL the ad linked to)
hxxp://p185689.inclk.com/adServe/adClick
hxxp://wkee.reddhon.com/d7477cb3-70f0-4861-a578-a5b6ef73a167
hxxp://www.rainbow-networks.com/RBN3seB
hxxp://critical-system-failure8466.97pn76810224.error-notification-3.club/ (fake tech support page)

hxxp://inclk.com/adServe/banners
hxxp://inclk.com/adServe/banners/findBanner
hxxp://service.skybrock.com/serving/
hxxp://cdn.glisteningapples.pro/lp/

At the time, the ads were hosted at inclk.com. width:300px" />

Below this dialog, a hard to read disclaimer is displayed (I left the colors as is. width:300px" />

Virustotal identifies the resulting download as Adware. I didn width:300px" />

Now, these ads were after all displayed on my page, and I had an account set up with RevenueHits. So I decided to inquire about the deceptive ads I received:

I just started testing revenue hits, and all the ads I receive are downloads of fraudulent media players. Is there a way to filter these ads? Do you have a way to flag ads as inappropriate? thx.

The moment I submitted this request, I received the following (obviously automated) response:

JohannesUllrich

Your account was automatically banned by our system, due to fraudulent traffic sources.

Please notice that once our system mark your traffic as fraud, there is nothing I can do to change it

Please check again all you traffic sources.

Regards

Support team

The ads continued to be displayed on my site. A business day later, I received a manual reply to my initial question:

HiJohannes
Thank you for reaching out to us.

Our Design team is working these days on the diversity of our ads.

We are committed to achieve the highest performance as possible for you. Therefore, the ads you see today are the best performing ones on your traffic.

You can remove some of them from your site butnote that it might affect your results.

I still receive exclusively deceptive ads from RevenueHits. However, at least the results are not that bad. RevenueHits would pay me $0.36 for the one click through it counted. I haven-)

---
Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute
STI|Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Linux Kernel CVE-2017-8063 Local Denial of Service Vulnerability
 
Google Android Kernel Trace Subsystem CVE-2017-0605 Privilege Escalation Vulnerability
 
FreeType 2 CVE-2017-7857 Multiple Out of Bounds Write Heap Buffer Overflow Vulnerabilities
 
Wireshark CVE-2017-6014 Denial of Service Vulnerability
 
Wireshark BGP dissector Infinite Loop Denial of Service Vulnerability
 
Google Chrome Prior to 59.0.3071.86 Multiple Security Vulnerabilities
 
Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities
 
Sophos Cyberoam Cross-site scripting (XSS) vulnerability
 
Internet Storm Center Infocon Status