Information Security

Who Are We? We work at Sandia labs We are graduate students at UNM Our goal? To reach out to the youth

What devices can get hacked? Game time What devices can get hacked?

(Clue) What Tech Do You Use? Choices: Laptop Desktop Cellphone Tablet Fitbit/Smart Watch Bluetooth Speaker Smart TV Other

Survey Analysis The introduction paragraph was meant to bore you. Similar setup to many terms and conditions. The first question was optional.

What is considered sensitive information? Any way to uniquely identify you. High risk (1 identifier): Social Security Number (SSN) Identification card License, Passport, School ID, etc. Credit Card information Medium Risk (multiple identifiers): First Name, Last Name, Date of Birth, Address Phone Number Login information (username & password)

What is considered sensitive information? Any way to uniquely identify you. High risk (1 identifier): Social Security Number (SSN) Identification card License, Passport, School ID, etc. Credit Card information Medium Risk (multiple identifiers): First Name, Last Name, Date of Birth, Address Phone Number Login information (username & password) Medium/High Risk High Risk Low Risk

Don’t Give Out Your Personal Information Why? Companies that collect data such as your name, address, phone number, and other data about you can be compromised. Don’t give out your real information unless you completely trust the source/company. Personal information is Sensitive Information.

The Cloud Companies own the cloud. Applications use the cloud. Companies own your data Applications use the cloud. Your login, photos, about sections, credit card info are saved on the cloud. The cloud needs an internet connection to store data Ever tried logging into YouTube or uploading anything without the internet?

DEFCON Hacking is social engineering DEFCON Example https://www.youtube.com/watch?v=fHhNWAKw0bY

Hacking Benefits: Downfalls: Companies can learn entry points. Increase our skills at protecting information There are professional jobs that pay you to find security vulnerabilities. (professional hackers exist) Downfalls: Hackers sell your information Hackers use your information against you Hackers steal from you if there is a way to make money

Types of Hackers White Hat – Ethical Hacker Black Hat – Stereotypical Hacker Red Hat – Vigilante Hacker

What are we really downloading? Downloading apps that seem secure may not be the case Remember the required terms and conditions? Not everything is required. Some apps have a legitimate reason to access your files, some don’t. Use logic and reason. Pay attention to your downloaded files to see if it appears familiar.

Mobile Security Android Security issue It may not be your fault When mobile players downloaded Fortnite it allowed the phone to become vulnerable to outside entities. A rogue app had access to the device’s settings and other areas for malware to be installed. It may not be your fault Sometimes a friend or relative can expose your sensitive data. link

Social Media TIKTOK Formally known as musical.ly. Was the most downloaded application (globally) in Sept. TIKTOK compilations are posted on YouTube Are Vine complications still on YouTube? Your posts from popular apps doesn’t actually get deleted even when they are no longer available.

Guess this Screenshot Who is this? How do we recognize this screenshot? Details: December 31, 2017 Maverick Apparel lawsuit Why does it matter what we post on the internet?

Phishing Phishing is the fraudulent attempt to obtain sensitive information, (such as usernames, passwords, credit card details, etc.), by disguising as a trustworthy entity in an electronic communication.

Phishing Fake websites False logins Authentication Emails

Phishing Email Sender’s email address is not consistent to the content of the email. Contain a generic introduction. Pay attention to grammar If there is a link hover over it and verify the URL. . fake.LinkhasMalware.uk/948ur93u Ctrl + Click to follow link

Encryption Companies that store sensitive information about you should have the data encrypted. Encryption Example. risky clicky

Be More Paranoid Open networks Online Shopping Hackers use open networks Online Shopping Be careful where you input data such as credit card information, SSN, etc. Hack occurs every 39 seconds!!

Password Game Rules: Groups of 5 Group decide on a secure password Most secure password gets a prize! Consists of letters, numbers, etc.

Game results Password Cracking Password Generator

Password Tip: Try to remember your passwords as phrases WOO!TPwontSB 2ChnzL!k$Pbj chZp!@7St230 DuMbLd0R!s@w7D #iHt3hsHtg$2018 Woo! The Packers won the Super Bowl! 2 Chainz likes PB & J Cheese pie at 7th street, 2:30pm Dumbledore is a wizard #I hate hashtags 2018

Conclusion Be careful what you download in the first place Understand your privacy settings on all your devices and how you secure those devices Be weary of what information you give out to others Pay attention to what you post in the long run Conclusion