Security…what is it and why do we need it?• Kizza defines security as “…a means to prevent unauthorized access, use, alteration, and theft or physical damage to property.” (Kizza, 2010)• only “6 incidents in 1988” (Kizza, 2010).• it is estimated that “34,754 incidents’ of computer crimes reported between Q1-Q3” (Kizza, 2010)• That’s a 5792 percent increase in 13 years!
Protecting yourself• Most common types of security: – Passwords – Anti-virus/spyware/malware – Social engineering the new threat!
HATE MALWARE?• Have you ever encountered viruses, Trojan Horses, hacked backgrounds, malware and false positives, or scare ware.• If you haven’t heard of these terms give your wallets/purses to a stranger• Consequences of ignorance: – Identity theft – Corrupted files – Theft of personal data
Is this your password?• If for any reason you see your • Nicole password here please change • Daniel it: • babygirl• 123456 • monkey• 12345 • Jessica• 123456789 • lovely• password • Michael• i love you • 654321• princess • Ashley• rockyou • Qwertz• 1234567 • Source: (Stine1, 2010)• 12345678, • These are one fifth of all• abc123, passwords in use
Complex passwords: How To• “An ideal password is long and • “Complex passwords are has letters, punctuation, symbols, and numbers.” safer. (Microsoft) • Complexpasswordsaresafer.• “Start with a sentence or two.• Remove the space between • ComplekspasswordsRsafer. the words in the sentence. • ComplekspasswordsRsafer2• Turn words into shorthand or 011.” intentionally misspell a word.• Add length with numbers. Put numbers that are meaningful to you after the sentence.” (Microsoft)• Personal recommendation add special characters: &*%#*
Why do we need Anti-Virus?• Kizza defines a computer virus as “A computer virus, defined as a self-propagating computer program designed to alter or destroy a computer system resource…” (Kizza, 2010).• It gets worse according to PRLog “… in 2008, it was estimated the number of known computer viruses stood at in excess of 1 million, an increase of 468 per cent on the previous year…” (PRLog, 2011)
Why do we need Anti-Virus? (cont.)• How bad is it really?• “Figures suggest at least five malware samples emerge on the Internet every two minutes and 15 to 20 new Trojans are released every half an hour.” (PRLog, 2011)• That’s 3600 new malware samples and 720 to 960 Trojans in one day!
Financial Help• Anti-virus is very cheap• “30-50 dollars (basic) to 60-80 dollars (comprehensive)” (CostHelper, 2011)• Cost effective• “Virus & Spyware Removal: $199.99” (Geek Squad).• 120 dollar savings
Social Engineering or how to hack a human• “We define it as the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action.” (Social Engineer)• “Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.” (Search Security, 2011)
Social Engineering or how to hack a human cont.• http://www.social-engineer.org/
The myth of cyber security• "The only thing you can do is build the fence higher and higher so that eventually its not worth it to climb over." (Goldman, 2011).• Basically don’t make it easy the harder a target you are the less they’ll want to try
Notable Attacks• This is not meant to scare you however• NASDAQ computers have been penetrated• "So far, [the perpetrators] appear to have just been looking around," said one person involved in the Nasdaq matter. Another person familiar with the case said the incidents were, for a computer network, the equivalent of someone sneaking into a house and walking around but— apparently, so far—not taking or tampering with anything.” (Barrett, 2011)
CA Hacking• A CA (certification authority) was hacked by an independent Iranian student loyalist.• Certification authorities are organizations that certify if a site is trustworthy or not so you can ensure your data is safe, secure, and confidential
Hard to say goodbye• After such an eventful and exciting presentation this report leaves you with one last thought• If we go forth with a vigilant, aware, and renewed spirit in security we can hopefully one day take back the privacy of our data and end this age of fear and uncertainty.
Questions• Do you feel we will ever be 100% secure?• Do you think companies are doing enough to protect data?• What security measures/software do you employ?• What do you think of social engineering
Works Cited• Barrett, D. (2011, February 5). Hackers Penetrate Nasdaq Computers. Retrieved November 13, 2011, from WSJ.com: http://online.wsj.com/article/SB10001424052748704709304576124502351634690.html• Bright, P. (2011, March 28). Independent Iranian Hacker Claims Responsibility for Comodo Hack. Retrieved November 13, 2011, from Wired.com: http://www.wired.com/threatlevel/2011/03/comodo_hack/• CostHelper. (2011, June). Anti-Virus Software Cost. Retrieved November 6, 2011, from CostHelper: http://www.costhelper.com/cost/computers/anti-virus-software.html• Geek Squad. (n.d.). Virus & Spyware Removal . Retrieved November 6, 2011, from Geek Squad: http://www.geeksquad.com/services/computers-networking/virus-and-spyware-removal.aspx• Goldman, D. (2011, August 5). Online security doesnt exist . Retrieved November 13, 2011, from CNNMoney.com: http://money.cnn.com/2011/08/05/technology/cybersecurity_myth/index.htm?source=yahoo_quo te• Kizza, J. M. (2010). Ethical and Social Issues in the Information Age. London: Springer.• Microsoft. (n.d.). Create Strong Passwords. Retrieved November 6, 2011, from Microsoft.com: http://www.microsoft.com/security/online-privacy/passwords-create.aspx
Works Cited• PRLog. (2011, July 24). Number of known computer viruses exceeds 1 million. Retrieved November 6, 2011, from PRLog: http://www.prlog.org/10814398-number-of-known-computer- viruses-exceeds-1-million.html• Search Security. (2011, March). What is Social Engineering. Retrieved November 6, 2011, from Search Security: http://searchsecurity.techtarget.com/definition/social-engineering• Social Engineer. (n.d.). The Official Social Engineering Portal. Retrieved November 2011, 6, from Social Engineering: http://www.social-engineer.org/• Stine1. (2010, November 3). 20 Worst and Most used Passwords. Retrieved November 6th, 2011, from Computer Sight: http://computersight.com/communication-networks/security/the- 20-worst-and-most-used-passwords/