Unit 4 Protecting Your Information Section C

Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 2 Phishing, trojans, key loggers, and other identity theft scams get lots of media attention But sometimes hacking into someone’s data takes nothing but time and persistence Twitter was the target of a persistent attacker No sneaky software tools were used Little in-depth knowledge of security was needed All it took was time, research, and trial & error How do you guard against this type of attack?

Chapter 1, Slide 3Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 3 Web sites use two common methods to assist users who have forgotten their password Send password to alternate already on file Ask one or more “secret questions” Or use both… ask a “secret question” and send the password to an alternate address The password may or may not be changed in the process What could go wrong?

Chapter 1, Slide 4Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 4 Alternate address might be compromised Security is only as strong as the weakest link “Secret question” might be guessed by others Your Mother’s maiden name can be readily found Kindergarten teacher’s name is much more difficult Can strengthen “secret questions” by: Asking multiple questions Limiting number of guesses Locking account after guesses exceeded

Chapter 1, Slide 5Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 5 Once Twitter is targeted, online sources are then used to build a company profile Employee names, addresses, role in company Research personal data about employees Birth dates Spouse, children’s, parent’s and pet’s names Addresses and schools attended Hobbies Commonly used user names Social networks can provide much of this data

Chapter 1, Slide 6Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 6 Search for an individual with poor habits Uses passwords that are easy to guess Consistently uses the same password everywhere Uses a Web application with a known security flaw Mixes business and personal data When business and personal data are mixed, a personal weak point may offer access to business data Just need one weakness… one entry point… and security can fall like a house of cards

Chapter 1, Slide 7Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 7 Locates an employee’s personal Google Uses the “password reset” feature of Gmail Uses research of personal data about employees to successfully answer the challenge questions Gets a message that reset was sent to the user’s secondary account Logical assumption is this is a Hotmail account, a common provider of web-based This was just one of many attempts to break into various accounts of many individuals

Chapter 1, Slide 8Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 8 Makes educated guess of Hotmail user name Attempts another password reset at Hotmail Finds Hotmail account deactivated for lack of use So this user name is now available to anyone Creates new Hotmail acct with this user name Performs another password reset in Gmail New Gmail password sent to Hotmail account, which is now owned by the hacker This one flaw compromises Twitter’s entire security

Chapter 1, Slide 9Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 9 Hacker now has access to a Twitter employee’s personal provided by Google Goes through Gmail looking for more passwords Sees the same password used over and over Resets Gmail password back to this password Since Gmail password now set back to the original password, the user has no reason to suspect Employee’s Twitter uses same password! Hacker now has access to Twitter corporate

Chapter 1, Slide 10Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 10 Twitter makes heavy use of Google Apps Google Apps stores data on public web servers This makes a wealth of sensitive Google corporate information available if you have the password Hacker has a Google Apps password... it’s the same as employee’s password Twitter documents now available to the hacker include more user names and passwords Hacker now has enough information to take over the accounts of senior Twitter executives

Chapter 1, Slide 11Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 11 Don’t use the same password over and over Do change your passwords Don’t use “secret questions” that can be guessed by doing some research Don’t allow a secondary account used for password reset to expire due to lack of use Don’t place sensitive corporate documents on public web servers, even if password protected Do remove s that contain passwords

Chapter 1, Slide 12Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 12 How many messages contain your passwords? Some web sites send the user name and password you select to your when you register Or your own use of the “password reset” feature Do you use those same passwords elsewhere? When did you last change your passwords? An attacker getting access to your can often gain access to very sensitive accounts Consider online banking, credit cards, etc.

Chapter 1, Slide 13Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 13 Use a password that is not a defined word Use both upper and lower case Use an acronym of a phrase you can remember Base the phrase on the web site in some way Substitute at least one number and one symbol for particular characters in your phrase

Chapter 1, Slide 14Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 14 Use the phrase “I look at my Facebook page every day” as a password for Facebook Turn this into an acronym by taking the first character of each word… IlamFped Change the “a” for the word “at” to sign Change the “l” for the word “look” to the digit 1 This gives you a very strong password… that’s also easy to remember

Chapter 1, Slide 15Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 15 Use the phrase “The first stock I ever bought was Microsoft” as a financial account password Turn this into an acronym by taking the first character of each word… tfsIebwM Change the “ f ” for the word “first” to a 1 Change the “ s ” for the word “stock” to a $ This gives you another very strong password… t1$IebwM … to use for financial accounts

Chapter 1, Slide 16Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 16 You don’t necessarily need a different password for every single web site you use Many web sites contain no vital data Discussion boards Online newspapers or magazines Online gaming Breaking into your account on these sites will not accomplish anything Using the same password for these sites is fine

Chapter 1, Slide 17Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting Your InformationSlide 17 The strongest possible passwords are vital for: accounts These contain a great deal of personal data Any sort of banking or financial service A successful break-in could be very costly Any site where you use a credit card number Social networking - a hacker can possibly: Damage your reputation And even get you fired Protect yourself and protect your personal data!