• Like
What Do You Do With A Careless User
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

What Do You Do With A Careless User

  • 168 views
Published

 

Published in Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
168
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What Do You Do WithA Careless User?
    An educational and informative presentation
    by
    Mr. Scott Wilson
    Of the
    Oklahoma State University
  • 2. What do you do with a careless user,What do you do with a careless user,What do you do with a careless user,Early in the morning?
    Put him the back of the paddy wagon,Put him the back of the paddy wagon,Put him the back of the paddy wagon,Early in the morning!
    Throw him in the lock-up 'til he's sober,Throw him in the lock-up 'til he's sober,Throw him in the lock-up 'til he's sober,Early in the morning!
    Shave his belly with a rusty razor,Shave his belly with a rusty razor,Shave his belly with a rusty razor,Early in the morning!
  • 3. The Careless User’s Credo
    I will never change my password unless forced to do so
    My password will always be my dog’s name, unless it is “Password”
    I will use the same password for all places I need a password
    Any emails asking for my password must be legitimate
    All popups are valid and must be clicked on
    Updating software is something other people do
    My actions on my computer have no effect on my coworkers or on the organization as a whole
  • 4. “All complex ecosystems have parasites.”
    --Katherine Myronuk
    Parasites will attack by deception, by making themselves look like something harmless.
    The careless user will always fall prey to these parasites, because he does not have the perception to penetrate the deception.
  • 5. Perception vs. Deception
    Kevin Mitnick
    hacker extraordinaire
    Stanley Mark Rifkin
    innovative bank robber
  • 6. Perception vs. Deception: Mitnick
    Stage magic
    Bus transfers
    Phone phreaking
    Computer hacking
    http://twitter.com/kevinmitnick
  • 7. Perception vs. Deception: Rifkin
    consultant
    Bank access
    Stole $10,000,000
  • 8. Perception vs. Deception
    -----Original Message-----
    From: okstate.edu support [mailto:support@okstate.edu]
    Sent: Friday, May 14, 2010 6:44 AM
    To: Doe, John
    Subject: okstate.edu account notification
     
    Dear Customer,
     
    This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account.
     
    We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions:
     
    http://leanrock.110mb.com/setup.zip
     
    (C) okstate.edu
  • 9. Perception vs. Deception
    -----Original Message-----
    From: okstate.edu support [mailto:support@okstate.edu]
    Sent: Friday, May 14, 2010 6:44 AM
    To: Doe, John
    Subject: okstate.edu account notification
     
    Dear Customer,
     
    This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account.
     
    We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions:
     
    http://leanrock.110mb.com/setup.zip
     
    (C) okstate.edu
  • 10. Perception vs. Deception
    Perception requires that we adopt a posture of awareness about our computing environment to be aware of the predators.
    It requires defensive computing.
  • 11. Barriers to defensive computing
    1. ENTERTAINMENT ATTITUDE
    “The fridge, stove and toaster never crash on me/I should be able to get online without a Ph.D/My phone doesn't take a week to boot it/my TV doesn't crash when I mute it…”
    --Three Dead Trolls in a Baggie, “Every OS Sucks”
  • 12. Barriers to defensive computing
    ENTERTAINMENT ATTITUDE
    Sense of being overwhelmed
    “Every year, more security features are added to online banking sites. This is starting to impact usability, and unfortunately, the bad guys are keeping up with the technology.”
    http://bit.ly/cgoJLm
  • 13. Barriers to defensive computing
    ENTERTAINMENT ATTITUDE
    Sense of being overwhelmed
    Lack of understanding of consequences/lack of sense of responsibility
  • 14. Barriers to defensive computing
    ENTERTAINMENT ATTITUDE
    Sense of being overwhelmed
    Lack of understanding of consequences/lack of sense of responsibility
    “Mysterious” nature of Information Tech.
  • 15. Overcoming the barriers
    Education
    Documentation
    ISOLATION
    Evolution/attrition
  • 16. Overcoming the barriers
    OSU’s steps
    towards
    A BRIGHTER
    SAFER FUTURE
    for our users and others
  • 17. Overcoming the barriers
    Training
    For users of
    Facebook, twitter
    And other fancy
    doodads
  • 18. Overcoming the barriers
    Development
    of amazing new materials
    For the effective learning of safety
  • 19. Overcoming the barriers
    Partnering with other universities
    and
    institutions of learning
    to
    further our collective aims
  • 20. Overcoming the barriers
    The Dawning
    of a
    New Era
    of
    Understanding
    between techs and users
  • 21. What do you do with a careless user,What do you do with a careless user,What do you do with a careless user,Early in the morning?
  • 22. The Careful User’s Credo
    I understand why password security is important, and will strive to maintain it
    I can spot phishing emails and will not be deceived by them
    Safe web use is part of my daily routine
    I know how to browse without getting tricked
    It is my job to make sure that my applications are kept updated
    Doing so helps protect my computer – and me
    What I do with my computer and my accounts is an important part of who we are in extension
    I will therefore be diligent in keeping good practices for the benefit of myself and my colleagues
  • 23. Suggested reading
    Mitnick, Kevin The Art of Deception
    Mitnick, Kevin The Art of Intrusion
    Long, Johnny No Tech Hacking
    http://www.sans.org/reading_room/whitepapers/engineering/
  • 24. “Security is not a product, but a process.” – Bruce Schneier