What Do You Do With A Careless User

314 views
267 views

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
314
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

What Do You Do With A Careless User

  1. 1. What Do You Do WithA Careless User?<br />An educational and informative presentation<br />by<br />Mr. Scott Wilson<br />Of the<br />Oklahoma State University<br />
  2. 2. What do you do with a careless user,What do you do with a careless user,What do you do with a careless user,Early in the morning?<br />Put him the back of the paddy wagon,Put him the back of the paddy wagon,Put him the back of the paddy wagon,Early in the morning!<br />Throw him in the lock-up 'til he's sober,Throw him in the lock-up 'til he's sober,Throw him in the lock-up 'til he's sober,Early in the morning! <br />Shave his belly with a rusty razor,Shave his belly with a rusty razor,Shave his belly with a rusty razor,Early in the morning!<br />
  3. 3. The Careless User’s Credo<br />I will never change my password unless forced to do so<br />My password will always be my dog’s name, unless it is “Password”<br />I will use the same password for all places I need a password<br />Any emails asking for my password must be legitimate<br />All popups are valid and must be clicked on<br />Updating software is something other people do<br />My actions on my computer have no effect on my coworkers or on the organization as a whole<br />
  4. 4. “All complex ecosystems have parasites.”<br />--Katherine Myronuk<br />Parasites will attack by deception, by making themselves look like something harmless.<br />The careless user will always fall prey to these parasites, because he does not have the perception to penetrate the deception.<br />
  5. 5. Perception vs. Deception<br />Kevin Mitnick<br />hacker extraordinaire<br />Stanley Mark Rifkin<br />innovative bank robber<br />
  6. 6. Perception vs. Deception: Mitnick<br />Stage magic<br />Bus transfers<br />Phone phreaking<br />Computer hacking<br />http://twitter.com/kevinmitnick<br />
  7. 7. Perception vs. Deception: Rifkin<br />consultant<br />Bank access<br />Stole $10,000,000<br />
  8. 8. Perception vs. Deception<br />-----Original Message-----<br />From: okstate.edu support [mailto:support@okstate.edu]<br />Sent: Friday, May 14, 2010 6:44 AM<br />To: Doe, John<br />Subject: okstate.edu account notification<br /> <br />Dear Customer,<br /> <br />This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account.<br /> <br />We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions:<br /> <br />http://leanrock.110mb.com/setup.zip<br /> <br />(C) okstate.edu<br />
  9. 9. Perception vs. Deception<br />-----Original Message-----<br />From: okstate.edu support [mailto:support@okstate.edu]<br />Sent: Friday, May 14, 2010 6:44 AM<br />To: Doe, John<br />Subject: okstate.edu account notification<br /> <br />Dear Customer,<br /> <br />This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account.<br /> <br />We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions:<br /> <br />http://leanrock.110mb.com/setup.zip<br /> <br />(C) okstate.edu<br />
  10. 10. Perception vs. Deception<br />Perception requires that we adopt a posture of awareness about our computing environment to be aware of the predators.<br />It requires defensive computing. <br />
  11. 11. Barriers to defensive computing<br />1. ENTERTAINMENT ATTITUDE <br />“The fridge, stove and toaster never crash on me/I should be able to get online without a Ph.D/My phone doesn't take a week to boot it/my TV doesn't crash when I mute it…”<br />--Three Dead Trolls in a Baggie, “Every OS Sucks”<br />
  12. 12. Barriers to defensive computing<br />ENTERTAINMENT ATTITUDE <br />Sense of being overwhelmed<br />“Every year, more security features are added to online banking sites. This is starting to impact usability, and unfortunately, the bad guys are keeping up with the technology.”<br />http://bit.ly/cgoJLm<br />
  13. 13. Barriers to defensive computing<br />ENTERTAINMENT ATTITUDE <br />Sense of being overwhelmed<br />Lack of understanding of consequences/lack of sense of responsibility<br />
  14. 14. Barriers to defensive computing<br />ENTERTAINMENT ATTITUDE <br />Sense of being overwhelmed<br />Lack of understanding of consequences/lack of sense of responsibility<br />“Mysterious” nature of Information Tech.<br />
  15. 15. Overcoming the barriers<br />Education<br />Documentation<br />ISOLATION<br />Evolution/attrition<br />
  16. 16. Overcoming the barriers<br />OSU’s steps <br />towards<br />A BRIGHTER<br />SAFER FUTURE<br />for our users and others<br />
  17. 17. Overcoming the barriers<br />Training<br />For users of <br />Facebook, twitter<br />And other fancy<br />doodads<br />
  18. 18. Overcoming the barriers<br />Development<br />of amazing new materials<br />For the effective learning of safety<br />
  19. 19. Overcoming the barriers<br />Partnering with other universities <br />and <br />institutions of learning <br />to<br /> further our collective aims<br />
  20. 20. Overcoming the barriers<br />The Dawning<br />of a<br />New Era<br />of<br />Understanding <br />between techs and users<br />
  21. 21. What do you do with a careless user,What do you do with a careless user,What do you do with a careless user,Early in the morning?<br />
  22. 22. The Careful User’s Credo<br />I understand why password security is important, and will strive to maintain it<br />I can spot phishing emails and will not be deceived by them<br />Safe web use is part of my daily routine<br /> I know how to browse without getting tricked<br />It is my job to make sure that my applications are kept updated<br />Doing so helps protect my computer – and me<br />What I do with my computer and my accounts is an important part of who we are in extension<br />I will therefore be diligent in keeping good practices for the benefit of myself and my colleagues<br />
  23. 23. Suggested reading<br />Mitnick, Kevin The Art of Deception<br />Mitnick, Kevin The Art of Intrusion<br />Long, Johnny No Tech Hacking<br />http://www.sans.org/reading_room/whitepapers/engineering/<br />
  24. 24. “Security is not a product, but a process.” – Bruce Schneier<br />

×