Monday, July 8, 2013

Internet Accounts Hacked in Bangkok

This blog serves as a warning to any computer users, who use a public internet connection at coffee shops, restaurants, hotels, and libraries. Hackers can use clever methods to gain access to internet accounts. When I visited Bangkok, someone hacked into most of my accounts, except Skype and my bank accounts. The hacker gained access to my accounts for Hotmail, Yahoo, Facebook, Netflix, Amazon, Orbitz, Kohls, etc.

Hacking into internet accounts is extremely difficult, especially if users use strong passwords, such as "Conway@579#." The password is a mixture of numbers, upper and lower case letters, and symbols. Hackers are not likely to deduce the password correctly because it has too many variations. Thus, they steal passwords by relying on phishing and keyloggers. Phishing is a hacker tricks a user by directing the user to a fake webpage that looks genuine. The user enters his personal information, thinking he/she is at the correct website and sends the information to the hacker. The fake website then logs into the correct website , so the user suspects nothing is wrong. A keylogger is a hacker tricks the user into installing a program that records keystrokes from the keyboard. Then the program sends the keystrokes to the hacker. Of course, a relative, spouse, or friend could install a keylogger on the user's computer, joking around, stealing information, or creating mischief.

While in Bangkok, I inadvertently discovered another method hackers can use to gain control over internet accounts. Someone hacked into the hotel's computer network. The first day in the hotel, I checked my Hotmail, Facebook, Yahoo, and my private email accounts using the hotel's wi-fi and my personal laptop. When I returned later in the afternoon, someone changed the passwords to Hotmail, Facebook, and Yahoo. My private email accounts were fine because these accounts require an administrator password, and I never logged on as administrator. Thus, the hacker could not change this password, or at least, I thought he could not.

I recovered all my accounts immediately, using the hotel's wi-fi. Later towards evening, I checked some of my accounts again, and the hacker changed my passwords again. Consequently, I thought someone hacked into the wi-fi network, circumventing the signal's security. Usually people use WPA or WPA2 to encrypt their internet communications as their computers send information through the air. However, encryption fails if someone has hacked into the network.

I made a severe mistake. I should have left the hotel and gone to a computer club to recover my accounts. Instead, I used the public computers in the hotel's lounge that connected to the internet through a line connection. Thus, I recovered my accounts with no problems. I thought I was safe because I did not transmit anything through the air via wi-fi. Nevertheless, the hacker had access to the hotel's network including the computer I used in the lounge.

The next morning, I logged onto several email accounts, using the hotel's public computer, checking my emails. Everything was fine. Then an hour later, I started losing all my internet accounts, including my important account for managing my website. Although I never logged onto my personal website using my administrator password, the hacker found information in my Yahoo email account. The hacker changed the password to my personal website by doing a password reset – the user requests a new password by sending a confirmation email to Yahoo (that he controls, of course). Similarly, the hacker changed all my accounts for Kohl's, Orbitz, Netflix, Amazon, etc. by using the password reset.

I approached the hotel staff and complained to them. I explained someone has hacked into the hotel computer network, and he had changed my passwords. They thought I was crazy. Then I showed them my laptop, and I logged onto Facebook, where it showed someone changed my password by using my laptop or by accessing through the hotel's network. The staff refused to believe me as if I were wasting the staff's time with incredible stories.

After walking around, seeing the sights, I went to a computer club and created a new email account, using Hushmail. First, I recovered my Hotmail account and sent the reset link to Hushmail. Hotmail allows users to recover their email accounts by answering personal questions and sending a confirmation to a new email account. Some questions were subject lines of emails, folder names, and email contacts. Second, I reclaimed Facebook and Yahoo because I already linked those accounts to Hotmail. After recovering Yahoo, I reset all my passwords to my other accounts including the important account for managing my website.

What did the hacker gained by doing this? He did not delete anything or did not attempt to steal money from my bank accounts, but I did cancel my old debit cards and applied for new ones before I left the United State. I never updated the debit card information on most of the internet accounts. Luckily, I did not log onto my bank's website; otherwise, the hacker would have information to these accounts. Consequently, I am careful about checking internet accounts. I use the ATM for account balance inquiries and check one email account using a public wi-fi.

Unfortunately, I was an email hoarder and retained all my vital emails. The hacker read my emails and knew which websites to visit to reset and change my passwords. I still have a potential problem. If the hacker can remember enough account details, then he can recover accounts. After two weeks, all my internet accounts were fine, but I deleted emails that contained too much information to other internet accounts. I also used a different password for every internet account.

After some research, I deduced the method the hacker used. He used a program that identified my computer on the hotel network, and then he rerouted all communications between my computer and the network through his computer. I did notice the internet slowed down as he rerouted communications. Then the hacker saw all the websites I visited. He accessed the websites as if he were me, and he circumvented the encryption. Encryption only works when we send information onto the internet, sending pieces of information over time that travels through thousands of different channels randomly. An eavesdropper only would capture a nugget of encrypted information while the hacker has access to all information. Then he has access to your account and change the password. I was shocked by this method's ease because the programs are available freely in Linux, the choice for computer hackers. Thus, all you users out there, beware!

Tuesday, July 2, 2013

The University of Phoenix’s Crazy Hiring Practices

The University of Phoenix (UoP) revamped its hiring procedures for part-time faculty for 2011, making it much longer while it expropriates an applicant’s free time. I documented the UoP hiring stages to show the idiocy that infects universities and colleges. The current hiring stages apply to ground courses (actual classroom) and online learning courses.

Stage 1: I submitted a resume to a recruiter. They were interested in me, and a recruiter scheduled a telephone interview.

Stage 2: The telephone interview was simple and straight forward, and I passed with flying colors. Then the recruiter sent several documents via email for a written interview. I filled these forms and returned to the recruiter. The questions asked hypothetical situations such as rising tension and conflicts between workers and colleagues, managing difficult students, and the methods I used to resolve these conflicts.

Stage 3: The UoP was still interested in me, and the recruiter requested an official transcript to be mailed to their corporate headquarters in Phoenix, Arizona from my alma mater.

Stage 4: Now, the UoP wanted a campus interview that spanned four hours. I prepared a 15-minute presentation that UoP staff evaluated. After I had passed the interview, UoP pulled my credit report from TransUnion. You must be kidding? I guess a professor with bad credit translates into a terrible teacher. I could argue a worker with bad credit may need the job more than someone with good credit does.

Stage 5: If the interview process stopped here, then UoP would be reasonable. However, I have just started. Now, UoP required me to attend a four-week Faculty Certification course that meets four hours on Saturday morning. The UoP did not pay me to attend his course. The two facilitators, UoP speak for a professor or teacher, taught the class well at the Little Rock campus. I completed reading and writing assignments every week and passed the exam before the last class. The exam had 12 multiple-choice questions and 18 short essay questions.

Stage 6: After I had passed the certification, the recruiter requested the standard documents - bank deposit form, W4, and proof of your right to work in the United States. The UoP also does a criminal background search. I guess an applicant’s credit report was not good enough.

Stage 7: I did not make it to this stage because this stage was not clear to me. At this stage, UoP assigns the courses to the facilitator, but he or she is not a faculty member. The facilitator has a mentor who reviews your syllabus, assignments, lectures, etc. The facilitator must meet with the mentor before the course begins. A mentor is not bad because he or she advises and guides the facilitator, but this last point was fuzzy. As I understood, if the facilitator taught the class poorly and UoP did not want to hire the facilitator, then UoP does not pay the facilitator for teaching this course. Unfortunately, the undergraduate courses are five weeks long, and the facilitator must devote a time segment daily to this UoP online learning system, where the facilitator inputs all assignments, grades, questions, and feedback.

Once an applicant passes all seven stages, then they become a PHOENIX! However, faculty members must participate in annual development seminars without pay. I have never seen an employer expropriate an employee’s free time, just to have the privilege at teaching part time for UoP. The Little Rock campus director commented they needed PhDs, especially for the business school. I have a PhD in agricultural economics, and I stopped at Step 6. I thought I could teach two courses before I left the United States to teach in Malaysia. Ironically, I would earn far more in Malaysia than at UoP teaching full time. My credentials impressed the university in Malaysia that they skipped the interview and sent me an appointment letter and contract immediately.

Just to traverse from Steps 1 to 5 required three months and possibly another three weeks for Step 6. I would expect UoP to have faculty recruitment problems for PhDs for a while, unless UoP revamps it recruitment practices. I know colleagues who want to teach part time, but no way in hell he or she would dedicate large blocks of time for a part time job.

The sad news is I worked for UoP between 2003 and 2006 at the Houston Campus, and UoP did not exempt me from this long, drawn out hiring process. If a facilitator switches teaching from one campus to another, or transfers from a ground course to its online degree program, then he or she must start at Step 5 with the Faculty Certification, which seems terribly inefficient. Why does UoP require its faculty to repeat the same course continuously because they had changed campus or learning environment?

I believe this long drawn out process indoctrinates the applicants into UoP’s clique, and an excited applicant has completed another stage. Then they become part of the team, where UoP can pay low wages to its part-time teaching faculty, even though the founder, John Sperling, is a billionaire. Furthermore, UoP terminates all difficult, complaining applicants, ensuring they do not complete a stage. UoP cannot have independent-thinking faculty that questions the administration.

Some applicants should complete the UoP training. The rumor is the other for-profit schools do not have this long, time intensive certification program, and they hire UoP faculty who passed this certification. Thus, the certified UoP facilitators are valuable to UoP’s competitors, and the competitors pay better.

Finally, I read an interesting fact about UoP. It reported a 42% enrollment drop for 2011. Which organization would hire workers if they lost 42% of their customers? Furthermore, if the U.S. economy continues to stagnate and college students cannot find jobs, then the student loan program will take a huge financial hit. UoP relies heavily on student loans with student debts often exceeding $40K per student. UoP charges the students high tuition, pays faculty low wages, and has the lowest graduation rates of all universities. It sounds as if UoP is sinking faster than the Titanic. Once the U.S. government revamps the student loan program, then say farewell to the University of Phoenix.