An educational and informative presentation by Mr. Scott Wilson Of the Oklahoma State University
What do you do with a careless user, What do you do with a careless user, What do you do with a careless user, Early in th...
The Careless User’s Credo I will never change my password unless forced to do so My password will always be my dog’s name,...
“ All complex ecosystems have parasites.” --Katherine Myronuk Parasites will attack by deception, by making themselves loo...
Perception vs. Deception <ul><li>Kevin Mitnick </li></ul><ul><li>hacker extraordinaire </li></ul><ul><li>Stanley Mark Rifk...
Perception vs. Deception: Mitnick <ul><li>Stage magic </li></ul><ul><li>Bus transfers </li></ul><ul><li>Phone phreaking </...
Perception vs. Deception: Rifkin <ul><li>consultant </li></ul><ul><li>Bank access </li></ul><ul><li>Stole $10,000,000 </li...
Perception vs. Deception <ul><li>-----Original Message----- </li></ul><ul><li>From: okstate.edu support [mailto:support@ok...
Perception vs. Deception <ul><li>-----Original Message----- </li></ul><ul><li>From: okstate.edu support [mailto:support@ok...
Perception vs. Deception <ul><li>Perception requires that we adopt a posture of awareness about our computing environment ...
Barriers to defensive computing <ul><li>1. ENTERTAINMENT ATTITUDE  </li></ul><ul><li>“ The fridge, stove and toaster never...
Barriers to defensive computing <ul><li>ENTERTAINMENT ATTITUDE  </li></ul><ul><li>Sense of being overwhelmed </li></ul><ul...
Barriers to defensive computing <ul><li>ENTERTAINMENT ATTITUDE  </li></ul><ul><li>Sense of being overwhelmed </li></ul><ul...
Barriers to defensive computing <ul><li>ENTERTAINMENT ATTITUDE  </li></ul><ul><li>Sense of being overwhelmed </li></ul><ul...
Overcoming the barriers <ul><li>Education </li></ul><ul><li>Documentation </li></ul><ul><li>ISOLATION </li></ul><ul><li>Ev...
Overcoming the barriers <ul><li>OSU’s steps  </li></ul><ul><li>towards </li></ul><ul><li>A BRIGHTER </li></ul><ul><li>SAFE...
Overcoming the barriers <ul><li>Training </li></ul><ul><li>For users of  </li></ul><ul><li>Facebook, twitter </li></ul><ul...
Overcoming the barriers <ul><li>DEVELOPMENT </li></ul><ul><li>OF AMAZING NEW MATERIALS </li></ul><ul><li>FOR THE EFFECTIVE...
Overcoming the barriers <ul><li>PARTNERING WITH OTHER UNIVERSITIES  </li></ul><ul><li>and  </li></ul><ul><li>INSTITUTIONS ...
Overcoming the barriers <ul><li>THE DAWNING </li></ul><ul><li>of a </li></ul><ul><li>NEW ERA </li></ul><ul><li>of </li></u...
What do you do with a careless user, What do you do with a careless user, What do you do with a careless user, Early in th...
The Careful User’s Credo I understand why password security is important, and will strive to maintain it I can spot phishi...
Suggested reading <ul><li>Mitnick, Kevin  The Art  of Deception </li></ul><ul><li>Mitnick, Kevin  The Art of Intrusion </l...
“ Security is not a product, but a process.” – Bruce Schneier
Upcoming SlideShare
Loading in...5
×

What do you do with a careless user (legacy)

188

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
188
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

What do you do with a careless user (legacy)

  1. 1. An educational and informative presentation by Mr. Scott Wilson Of the Oklahoma State University
  2. 2. What do you do with a careless user, What do you do with a careless user, What do you do with a careless user, Early in the morning? Put him the back of the paddy wagon, Put him the back of the paddy wagon, Put him the back of the paddy wagon, Early in the morning! Throw him in the lock-up 'til he's sober, Throw him in the lock-up 'til he's sober, Throw him in the lock-up 'til he's sober, Early in the morning! Shave his belly with a rusty razor, Shave his belly with a rusty razor, Shave his belly with a rusty razor, Early in the morning!
  3. 3. The Careless User’s Credo I will never change my password unless forced to do so My password will always be my dog’s name, unless it is “Password” I will use the same password for all places I need a password Any emails asking for my password must be legitimate All popups are valid and must be clicked on Updating software is something other people do My actions on my computer have no effect on my coworkers or on the organization as a whole
  4. 4. “ All complex ecosystems have parasites.” --Katherine Myronuk Parasites will attack by deception, by making themselves look like something harmless. The careless user will always fall prey to these parasites, because he does not have the perception to penetrate the deception.
  5. 5. Perception vs. Deception <ul><li>Kevin Mitnick </li></ul><ul><li>hacker extraordinaire </li></ul><ul><li>Stanley Mark Rifkin </li></ul><ul><li>innovative bank robber </li></ul>
  6. 6. Perception vs. Deception: Mitnick <ul><li>Stage magic </li></ul><ul><li>Bus transfers </li></ul><ul><li>Phone phreaking </li></ul><ul><li>Computer hacking </li></ul><ul><li>http://twitter.com/kevinmitnick </li></ul>
  7. 7. Perception vs. Deception: Rifkin <ul><li>consultant </li></ul><ul><li>Bank access </li></ul><ul><li>Stole $10,000,000 </li></ul>
  8. 8. Perception vs. Deception <ul><li>-----Original Message----- </li></ul><ul><li>From: okstate.edu support [mailto:support@okstate.edu] </li></ul><ul><li>Sent: Friday, May 14, 2010 6:44 AM </li></ul><ul><li>To: Doe, John </li></ul><ul><li>Subject: okstate.edu account notification </li></ul><ul><li>  </li></ul><ul><li>Dear Customer, </li></ul><ul><li>  </li></ul><ul><li>This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account. </li></ul><ul><li>  </li></ul><ul><li>We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions: </li></ul><ul><li>  </li></ul><ul><li>http://leanrock.110mb.com/setup.zip </li></ul><ul><li>  </li></ul><ul><li>(C) okstate.edu </li></ul>
  9. 9. Perception vs. Deception <ul><li>-----Original Message----- </li></ul><ul><li>From: okstate.edu support [mailto:support@okstate.edu] </li></ul><ul><li>Sent: Friday, May 14, 2010 6:44 AM </li></ul><ul><li>To: Doe, John </li></ul><ul><li>Subject: okstate.edu account notification </li></ul><ul><li>  </li></ul><ul><li>Dear Customer, </li></ul><ul><li>  </li></ul><ul><li>This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account. </li></ul><ul><li>  </li></ul><ul><li>We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions: </li></ul><ul><li>  </li></ul><ul><li>http://leanrock.110mb.com/setup.zip </li></ul><ul><li>  </li></ul><ul><li>(C) okstate.edu </li></ul>
  10. 10. Perception vs. Deception <ul><li>Perception requires that we adopt a posture of awareness about our computing environment to be aware of the predators. </li></ul><ul><li>It requires defensive computing. </li></ul>
  11. 11. Barriers to defensive computing <ul><li>1. ENTERTAINMENT ATTITUDE </li></ul><ul><li>“ The fridge, stove and toaster never crash on me/I should be able to get online without a Ph.D/My phone doesn't take a week to boot it/my TV doesn't crash when I mute it…” </li></ul><ul><li>--Three Dead Trolls in a Baggie, “ Every OS Sucks ” </li></ul>
  12. 12. Barriers to defensive computing <ul><li>ENTERTAINMENT ATTITUDE </li></ul><ul><li>Sense of being overwhelmed </li></ul><ul><li>“ Every year, more security features are added to online banking sites. This is starting to impact usability, and unfortunately, the bad guys are keeping up with the technology. ” </li></ul><ul><li>http://bit.ly/cgoJLm </li></ul>
  13. 13. Barriers to defensive computing <ul><li>ENTERTAINMENT ATTITUDE </li></ul><ul><li>Sense of being overwhelmed </li></ul><ul><li>Lack of understanding of consequences/lack of sense of responsibility </li></ul>
  14. 14. Barriers to defensive computing <ul><li>ENTERTAINMENT ATTITUDE </li></ul><ul><li>Sense of being overwhelmed </li></ul><ul><li>Lack of understanding of consequences/lack of sense of responsibility </li></ul><ul><li>“ Mysterious” nature of Information Tech. </li></ul>
  15. 15. Overcoming the barriers <ul><li>Education </li></ul><ul><li>Documentation </li></ul><ul><li>ISOLATION </li></ul><ul><li>Evolution/attrition </li></ul>
  16. 16. Overcoming the barriers <ul><li>OSU’s steps </li></ul><ul><li>towards </li></ul><ul><li>A BRIGHTER </li></ul><ul><li>SAFER FUTURE </li></ul><ul><li>for our users and others </li></ul>
  17. 17. Overcoming the barriers <ul><li>Training </li></ul><ul><li>For users of </li></ul><ul><li>Facebook, twitter </li></ul><ul><li>And other fancy </li></ul><ul><li>doodads </li></ul>
  18. 18. Overcoming the barriers <ul><li>DEVELOPMENT </li></ul><ul><li>OF AMAZING NEW MATERIALS </li></ul><ul><li>FOR THE EFFECTIVE LEARNING OF SAFETY </li></ul>
  19. 19. Overcoming the barriers <ul><li>PARTNERING WITH OTHER UNIVERSITIES </li></ul><ul><li>and </li></ul><ul><li>INSTITUTIONS OF LEARNING </li></ul><ul><li>to </li></ul><ul><li>FURTHER OUR COLLECTIVE AIMS </li></ul>
  20. 20. Overcoming the barriers <ul><li>THE DAWNING </li></ul><ul><li>of a </li></ul><ul><li>NEW ERA </li></ul><ul><li>of </li></ul><ul><li>UNDERSTANDING </li></ul><ul><li>BETWEEN TECHS AND USERS </li></ul>
  21. 21. What do you do with a careless user, What do you do with a careless user, What do you do with a careless user, Early in the morning?
  22. 22. The Careful User’s Credo I understand why password security is important, and will strive to maintain it I can spot phishing emails and will not be deceived by them Safe web use is part of my daily routine I know how to browse without getting tricked It is my job to make sure that my applications are kept updated Doing so helps protect my computer – and me What I do with my computer and my accounts is an important part of who we are in extension I will therefore be diligent in keeping good practices for the benefit of myself and my colleagues
  23. 23. Suggested reading <ul><li>Mitnick, Kevin The Art of Deception </li></ul><ul><li>Mitnick, Kevin The Art of Intrusion </li></ul><ul><li>Long, Johnny No Tech Hacking </li></ul><ul><li>http://www.sans.org/reading_room/whitepapers/engineering/ </li></ul>
  24. 24. “ Security is not a product, but a process.” – Bruce Schneier
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×