1. PROTECT YOUR PRIVACY:
SAFETY & SECURITY IN AN ONLINE WORLD
Marcos Lopez-Carlson
marcos.lopezcarlson@gmail.com
@marcoscopic
2. TWIN CITIES MEDIA ALLIANCE
The Twin Cities Media Alliance began in the
winter of 2005 with the mission of bringing
together media professionals and engaged
citizens to improve the quality, accountability
and diversity of the local media, and giving the
public the tools they need to become more
active participants in the emerging media
environment.
3. WHAT WE WILL COVER
What is privacy & security?
What are the risks?
Encryption; data security
Password Management; access security
Browser Controls; surfing security
Multifactors & Wifi protection; mobile
security
4. WHAT IS PRIVACY & SECURITY
Privacy is a changing idea and a reflection of the
times
What was once considered public is now private,
and vice versa
What do you think of when I mention privacy?
5. WHAT ARE THE RISKS?
Man in the middle attack: a third-party gets between two
online sites, and impersonates both parties
Password theft: stealing passwords with a dictionary
attack, wifi sniffing or recycled passwords from a
compromised site
WiFi Sniffers: intercepts information packets between your
computer and the network
Ransomware: malware which locks down your computer or
files, demands a ransom in order to release the files
Malicious apps: malware which disguises itself as a
legitimate app, often as a free version
6. WHAT IS ENCRYPTION?
Encryption is the process of encoding information
so that only authorized parties can read it.
Unencrypted data is called plain text
Encrypted data is called cipher text
Encryption is not new. It has been around as long as
humans have been communicating privately…
7. HOW DOES ENCRYPTION WORK?
Information is encrypted using a key
That key turns the plain text into cyphertext
The encrypted message is transported
The message is decrypted at the destination
128 bit encryption has 2128 possibilities or 1 in…
9. HOW IS ENCRYPTION USED?
For safe browsing
Preventing man-in-the-middle attacks
Online purchasing
SSL keeps credit card information safe
Bank access
SSL keeps bank account information secure
Data storage
Use to keep offline, online and cloud files from being
legible
10. PASSWORD MANAGEMENT
Understanding weak vs strong passwords
Weak passwords are simple and unimportant, use
them for websites which DO NOT have access to
important information
Strong passwords are complex, use them for
websites which have access to money and
personal information (this includes Facebook!)
11. PASSWORD MANAGEMENT
What makes a good password?
Avoid simple substitutions and words
hint: p@ssw0rd is a terrible password
Do not use common words and phrases
12. PASSWORD MANAGEMENT
One idea: Use a Password recipe-
A simple recipe to turn URLs into passwords
Ex. google.com
1. Number of letters in the URL 9
2. Multiply by 2 18
3. Add the vowels ooeo
4. Capitalize the first letter G
5. Add symbol !
1. Google.com = 918ooeG!
13. PASSWORD MANAGEMENT
One thing to remember, length is the most important
attribute!
https://blog.kaspersky.com/password-check/
14. PASSWORD MANAGEMENT
Password managers create and store your
passwords. They also sync across devices.
Cloud based
LastPass
Dashlane
Locally available (with a USB)
KeePass
1Password
Password Safe
15. PASSWORD MANAGEMENT
Do NOT store your passwords in your browser. They
are not encrypted, they are plain text
To store your passwords locally, use an encrypted file
17. BROWSING SAFELY
Best browsers for security
#1 Firefox
#2 Chrome
#3 Opera
#4 Safari
#5 Internet Explorer
If possible, try to stick with one of the first three.
18. BROWSING SAFELY
Extensions, add-ons & tools:
Privacy Badger: blocks banner ads, pop-up ads, rollover ads,
and more. It stops you from visiting known malware-hosting
domains, and also disables third-party tracking cookies and
scripts.
HTTPS Everywhere: automatically shunts your connection
to a SSL when possible.
19. BROWSING SAFELY
What about private mode (or incognito mode)?
Prevents your browser from remembering what you
have done…
Hence the name porn mode
Does NOT keep your ISP (internet service provider)
from knowing your traffic, nor does it protect you
from “man in the middle” attacks
20. MULTIFACTOR & WIFI SAFETY
Multifactor authentication requires MULTIPLE
FORMS of identification
PIN numbers
Memorized, like an ATM, or sent via text messaging per
login
Biometrics
Fingerprint scanner, facial recognition, voice scanners
Security keys (Yubikey, et al)
An encrypted USB key which confirms identity
Google Authenticator
Secure key generated on your mobile device
21. PUBLIC SAFETY
When using public WiFi, protect yourself from WiFi
sniffers, man-in-the-middle attacks and malicious
snooping
Verify the name of the network you are using
Turn off file sharing
Use https
Turn off WiFi if you are not using it
Keep the private stuff (like banking) for home
22. MOBILE SECURITY
Use a PIN or other multifactor authenticator
Use a device locator
iPhone, Find My Phone
Android, Device Manager
Back up your phone data
Consider encrypting your phone
Using a PIN or screen pattern decrypts phone
iPhone screenlock automatically encrypts the phone
Turn it on in Android Settings
23. BEST PRACTICES
Be Password Smart
Think twice before entering your password
Don’t recycle passwords
Consider a password manager & multifactor
authentication
Browse like a Pro
Use https by default
Turn off browser password & form autofilling
Be Safe in Public
Use encryption
Turn off file sharing
Spartan generals used SCYTALE, wooden cylinders with paper wrapped around it to write messages
http://computer.howstuffworks.com/encryption.htm
three unvigintillion, four hundred two vigintillion, eight hundred twenty three novemdecillion, six hundred sixty nine octodecillion, two hundred nine septendecillion, three hundred eighty four sexdecillion, six hundred thirty four quindecillion, six hundred thirty three quattuordecillion, seven hundred forty six tredecillion, seventy four duodecillion, three hundred undecillion
Weak vs strong passwords are based on the reality that people reuse passwords.
You do not need a unique password to create an account to pot a comment. You DO NEED a unique password for banking or credit cards.
Dictionary attacks
Recycling is good for the environment, bad for passwords
Dictionary attacks
Dictionary attacks
Most have a free option, but using them across devices usually require a premium subscription
Insert image of encrypting in Word
Old versions of Internet Explorer cannot browse safely!
Use Chrome, Opera or Firefox
Old versions of Internet Explorer cannot browse safely!
Use Chrome, Opera or Firefox
Old versions of Internet Explorer cannot browse safely!
Use Chrome, Opera or Firefox
Old versions of Internet Explorer cannot browse safely!
Use Chrome, Opera or Firefox