Slide 1

Slide 2

Survey results: why this stuff matters Case study: Mat Honan hacking case Social Networking safety Examples Tech demo

Slide 3

Social Media Form of communication in which users create online communities to share info, ideas, personal messages, etc.

Slide 4

Slide 5

Slide 6

Slide 7

Your lives are only going to get more complicated. Now is the time to build good habits and learn to be safe and secure.

Slide 8

Mat Honan hack Customer service transcript Prevention

Slide 9

Mat Honan Wired.com

Slide 10

Add a fake credit card number to account Call back, tell them youre locked out of account Use that fake CC number to verify your identity Lets you see last 4 digits of all credit cards on account Which is all you need to reset your account with

Slide 11

Gained access to Apple account Remote device wipes Use @me.com email to reset passwords. Like

Slide 12

Another password reset Entire account deleted What was their final goal?

Slide 13

Twitter account: @mat Load up wall with racist, homophobic tweets Deleted Gmail and wiped devices to keep Mat from regaining access to Twitter

Slide 14

One weak link can let someone into your entire digital life. And often that weak link is convenience.

Slide 15

People really do this.

Slide 16

DONT

Slide 17

SecurityConvenience and are not friends.

Slide 18

Convenience will always betray security.

Slide 19

Apple: Can you answer a question from the account? Name of your best friend? Hacker: I think that is Kevin or Austin or Max. Apple: None of those answers are correct. Do you think you may have entered last names with the answer? Taken from a January 2012 live chat between Apple online support and a hacker posing as a real Apple customer Source: http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/2/

Slide 20

Apple: The last four of the card are incorrect. Do you have another card? Hacker: Can you check again? Im looking at my Visa here, the last 4 is 5555. Apple: Yes, I have checked again. 5555 is not what is on the account. Did you try to reset online and choose email authentication?

Slide 21

Apple: You want to try the first and last name for the best friend question? Hacker: Here, Im back. I think the answer might be Chris? Hes a good friend. Apple: I am sorry, Brian, but that answer is incorrect. Hacker: Christopher A********h is the full name. Another possibility is Raymond M*******r. Apple: Both of those are incorrect as well.

Slide 22

Slide 23

Hacker: Im just gonna list off some friends that might be haha. Brian C**a. Bryan Y***t. Steven M***y. Apple: How about this. Give me the name of one of your custom mail folders. Hacker: Google Gmail Apple I think. Im a programmer at Google. Apple: OK, Apple is correct. Can I have an alternate email address for you?

Slide 24

Hacker: The alternate email I used when I made the account? Apple: I will need an email address to send you the password reset. Hacker: Can you send it to toe@aol.com? Apple: The email has been sent. Hacker: Thanks!

Slide 25

What can prevent this sort of hack? Two-factor authentication (as of March 22, 2013)

Slide 26

Password Managers LastPass1PasswordRoboForm

Slide 27

Lock down your cell phone! Passcode lock Use remote tracking/wiping

Slide 28

Find my iPhone (or iPador MacBook)

Slide 29

Cerberus SeekDroid

Slide 30

Slide 31

Dont overshare Remember your audience Crime + Facebook = BAD

Slide 32

Sharing Too Much Personal Information Address, Phone Number, Password Social Plans Negative Attitude Complaints, Criticism, Threats

Slide 33

Fired because of Facebook Woman blasts her boss with Facebook post Turns out her boss was a Facebook friend She was immediately fired

Slide 34

Fired because of Facebook Waitress fired for complaining about customers Ashley Johnson, a former waitress at Brixx, a pizza restaurant, claims she was fired from her job for complaining about customers on her Facebook account.

Slide 35

Self-Incrimination

Slide 36

Choose your friends wisely Never be online friends with someone you dont know in real life Online predators Cyber-stalking Cat-fishing

Slide 37

COMMON SENSE

Slide 38

Phishing Malicious advertising Scareware

Slide 39

Phishing Email pretending to be from legitimate companies to trick you into revealing personal information

Slide 40

Slide 41

Slide 42

Bad grammar

Slide 43

False sense of urgency

Slide 44

http://www.daycomsolutions.com

Slide 45

Slide 46

Slide 47

Fake Ads Common on piracy/warez/porn sites Try to mine your personal information or install malware

Slide 48

Slide 49

Suspicious Websites Offer free downloads Many Annoying Ads and Pop-ups Tacky Appearance Asks you to download plug-ins

Slide 50

Live TV Cafe

Slide 51

4Shared

Slide 52

Softonic

Slide 53

Slide 54

Use Sites Like These:

Slide 55

Hulu

Slide 56

Scareware Pretends to be system messages or antivirus programs. Takes advantage of less savvy users.

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

DEMO Sub7 remote administration tool Worst-case malware