computer security seminar: protect your internet account information

Online Safety & Security

April-May 2014Epiphany Technology CommitteeJeff Squyres, Jim Cabral

Clickable links to additional information are included at the end

of this presentation

Agenda

● Why Should I Care About Security?● Who Is Attacking Me?● What Do I Need to Protect?● What Can Happen?● What Increases My Risk?● How Can I Protect Myself?● What If I Get Hacked?

Disclaimer

● We’re Just Trying to Help● Don’t blame us if things go bad● We’re volunteers (with day jobs)

Why Should I Care About Security?“Just like any other public environment, the Internet requires awareness and caution. Just as you use locks to keep criminals out of your home, you also need safeguards to secure your computer. Many of the crimes that occur in real life are now done - or

at least facilitated - through the Internet. Theft, abuse, and more can be and are being done online. Many scammers target older Americans via emails

and websites for charitable donations, dating services, auctions, health care, and prescription

medications.”US Department of Homeland Security.

The “Heartbleed” bug

The “Heartbleed” bug: Fun facts

● Only 38% of users have changed their passwords○ 6% have changed all○ 16% changed “some”○ 16% changed “a few”


● The Internet depends on encryption○ “https” → S = secure (encryption)○ Encryption between computers

Encrypted connection


● This encryption is known as “SSL”○ “Secure Sockets Layer”

SSL encrypted connection


● ⅔ of web sites use the same software for SSL○ OpenSSL

SSL encrypted connection OpenSSL

● Software bug in OpenSSL since March 2012


OpenSSL


It’s like walking through a crowded restaurant with a video camera.

Joe Smith: your total is $98.17Here’s my

credit card

Please log me in; my username is “bobcat371”, my password is “LouCardsRule”You catch snippets of

conversations and images.

Most aren’t important.

But some are.

● Most web sites have fixed the problem○ It is now safe to go change all your

passwords

● You can’t know if your password was stolen○ (there was no way to track the guy

with the video camera)


Who Is Attacking Me?

Albert Gonzales: stole 170M credit / ATM cards from TJ Maxx


Nigerian (“419”) scammers

Also related:● Guaranteed loan/credit scams● Lottery scams● Overpayment / refund scams● Disaster relief scams● Travel scams● Tech/computer help scams


Dating, foreign bride, sex scams


State-sponsored

“I’m not important”

● “No one cares about my Facebook account…”

● Wrong○ They care a lot


● They’ll use the same username / password to login elsewhere

● They’ll impersonate you

What Do I Need to Protect?

What Can Happen?

Identity and Data Theft

Surveillance/Spying

Inappropriate Content

Source: http://feminspire.com/cyberbullying-a-new-age-in-teenagers-quest-for-power/

What Increases My Risk?

Poor Passwords

● Simple passwords● Old or reused

passwords● Lack of 2-factor

authentication

“Do I really need a different password on every web site?”

Yes(sorry)

“But I can’t remember all those passwords!”

● Use a password-keeper program● Two good ones:

○ LastPass○ DashLane

● Both are“Freemium”

Sidenote: What is 2-factor authentication?

1. Something you know○ Your password

2. Something you have○ Your cell phone


Login: bobcat371, LouCardsRule


Text bobcat371’s phone: code is 998321

This code changes every time




What’s the code?



bobcat371, code is 998321



You’re logged in!

Why is that useful?


Login: bobcat371, LouCardsRule

Why is that useful?


What’s the code?

Why is that useful?


Uh...

Who supports 2-factor?

Who supports 2-factor?

These are only a few

Many more support 2-factor authentication

Check your favorite web sites to see if they support 2-factor authentication

Back to:What Increases My Risk?

Unpatched Software

● Windows and MacOS● Applications (PDF, Office)● Mobile phones, tablets● Web Servers

(Heartbleed)● Others (Java)

Insecure Configurations

● Software not set to auto-update

● Open home WiFi


● “No one cares about my home wifi network”

● WrongThey care a lot

Wifi reaches outside of your home

With protected wifi

Your home / wifiBad guy

can’t get in your network

With protected wifi

Your home / wifiBad guy connects

from the street -- he’s in your network!

Unprotected wifi

“Unprotected wifi is not only like leaving your front door unlocked; it’s like leaving it wide open with a ‘Welcome’ mat out front.”

How Can I Protect Myself?

Use Safe Online Behaviors

● Change ALL your passwords now○ Use complex, unique

passwords for each site● Avoid suspicious emails,

messages, websites and public WiFi○ If it’s too good to be true, it

probably is● Monitor your credit cards

Get Help to Setup Security

● Set phones, tablets and computers to auto update

● Back up critical information

● Encrypt your home WiFi (use WPA2)


Everyone’s setup is

different; we can’t help you in this seminar

Get personalor

professional help

What If I Get Hacked?

Good Response Better Response

Recap

● The internet is a dangerous place○ BUT IT IS

MANAGEABLE!○ Be sensible, be safe○ Stop. Think. Connect.

Recap

● You can take actions NOW to protect yourself○ Change ALL your passwords

■ Use good passwords■ Get a password keeper■ Setup 2-factor where possible

○ Ensure your firewall / anti-virus is up to date○ Upgrade away from Windows XP○ Set all your software to auto-update○ Protect your home wifi○ Setup off-site backups

Questions?

Helpful links● STOP. THINK. CONNECT.: From the Dept. of Homeland Security

○ http://stopthinkconnect.org● Malwarebytes: Handy PC software to remove viruses

○ A good second line of defense○ https://www.malwarebytes.org/

● Lastpass: Password keeper○ https://lastpass.com/ ○ They also run a Hearbleed checker: https://lastpass.com/heartbleed

● Free annual credit report: From the US government○ https://www.annualcreditreport.com/

● XKCD: Simple cartoon showing how Heartbleed works○ http://imgs.xkcd.com/comics/heartbleed_explanation.png

Helpful links● OpenDNS: Parental controls for filtering web sites at home

○ http://www.opendns.com/● Microsoft Family Safety:

○ https://familysafety.live.com/● Reporting Computer Crime:

○ http://www.justice.gov/criminal/cybercrime/reporting.html

Thank you!