Information is power!
Tech is very good today… even for hackers
John the Ripper & GPUs
Hacking effected 48% of Americans in 2014 & cost businesses nearly $500mil in losses
3.1 million Americans had their phones stolen in 2013 (1.4 million lost their phones)
2. Information is power!
Tech is very good today… even for hackers
John the Ripper & GPUs
Hacking effected 48% of Americans in 2014 & cost
businesses nearly $500mil in losses
3.1 million Americans had their phones stolen in 2013
(1.4 million lost their phones)
Not all hackers are evil (black hat)
White hats find and help fix problems
Nations are also in the game
Stuxnet worm
PRISM program
Bugs (Heartbleed)
3. Brute force hacking
John the Ripper
Social engineering
Con men
Packet sniffing
WireShark
Robbery
3.1 million
Viruses/worms
Bugs
4. PGP
AES
RSA
PBKDF2: Password-Based Key Derivation Function 2
WPA 2 (WiFi ProtectedAccess)
WiFi encryption
TLS (https)
Internet communication encryption
5. Print scan (Touch ID / hand)
Mostly safe from everyone but the police
Eye scan (retina / iris)
Odor sensor (breath)
Voice recognition
Face recognition
6. The best password is a semisensical passphrase
th3Qu!ckBr0wnf0XjumP3d.
Minimum 9 characters including both upper &
lowercase letters, numbers, and specials
Here’s a strong/unique passcode: !sWt^%vTR]/9
Two-factor authentication (2FA) can also be
used for additional security
Sadly, some sites restrict passcodes to 15
characters and/or do not allow specials
7. Something you know & something you have
Apple
Google
Microsoft
Facebook
Yahoo
Evernote
Cloud storage (Tresorit)
E*Trade,Vanguard, PayPal, etc…
Amazon
8. 80% of top security experts use one!
1Password
LastPass
Dashlane
KeePass
Norton Identity Safe
iCloud Keychain
Google Synch
Browsers
Computer / Device specific
9. Change the router nameASAP
Change the admin password ASAP
Change the gateway’s IP address
UseWPA2 withAES encryption!
10. Quantum computing
Massively parallel
Current passwords snap like a twig
Quantum encryption
Unbreakable
The act of intercepting it breaks it
11. VPNs
Route users through multiple IPs masking their
identity and location
TOR *
Browser based
Uses proxies
12. Always use HTTPS for commerce & utilize the
EFF’s HTTPS Everywhere extension
Use 2FA on password recovery email accounts
Do not underestimate the physical security of your
computers & mobile devices (use a PIN)
Social engineering is a powerful tool
▪ As is dumpster diving
Encrypt your PC’s hard drive (VeraCrypt)
Use PayPal – Keep payment info. in one place
If you’re not using a password manager, write your
passcodes down and keep them in a safe place.
That said, use a password manager!
Editor's Notes
There are always tradeoffs between security & convenience…
ashleymadison.com hack – 37 million users (10% of U.S.)
Identity theft effects about 15 million Americans each year
JtR = password cracker / can run through thousands/sec (potentially billions)
Kevin Mitnick, king of hackers (con man)
Cell industry: Only 47% of users use PINs to secure their phones
Device kill switch was killed by Congress (Find My iPhone – find, lock, wipe / Send Last Location)
Ransomware has even targeted police
Firewall all routers and PCs, use virus protection (Avast), & keep your software updated!
Pretty Good Privacy (PGP)
Advanced Encryption Standard (AES)
Rivest, Shamir, Adleman (RSA)
Transport Layer Security (TLS)
Not as secure as passcodes, but way more convenient. Hopefully more people will lock their devices now
With Touch ID, turn phone off before dealing with police as iPhones require PIN on restart
“Diceware” is the most effective (random) method to generate strong/unique passcodes without using a password manager
16 character+ passcodes are mostly secure from brute force attempts
LIE for the answers to security questions & note the lies in your password manager!
*Usernames can also be varied from site to site and changed like passwords if allowed
REQUIRES cell phone. The “real” way is to use a 2nd phone…
Good as an ALERT for when someone does attempt unauthorized access
Authorize least two different devices & store backup codes someplace safe!
Evernote can also encrypt notes internally via desktop client
Tresorit : Only you hold key & servers operate under Swiss law
Mention Vanguard’s device specific login option
The ONLY easy way to implement both strong & unique passcodes
1Password can backup to iCloud, Dropbox, or Wifi & never stores your master key!
Change password for Google Synch
Recommend 2FA if backing-up to the cloud for extra security
Default brand names, passwords, and gateway IPs are online so don’t use them!
For extra security limit admin acess to Ethernet only or by MAC address
From hundreds of millions/sec to thousands of trillions/sec
Researchers recently got five atoms to factor the number 15, and they say it is scalable!
Bonus! While you’re at it, why not browse the Internet anonymously too? Also the Signal messaging & voice app!
Mention EFF’s new Privacy Badger extension for blocking unwanted tracking cookies
Cracked by Carnegie Mellon for the Government (irony)
Lock your devices with passcodes! iPhones can be set to wipe after 10 failed attempts
Windows Vista+ can auto encrypt hard drive (BitLocker)
Using 2FA on PayPal isn't a bad idea either...
Be cautious around (unknown) open & ad hoc networks / Disable Java extension when unnecessary / Don’t use IE / Tape over webcams when not in use
Apple users should also change their iCloud security key!
*The secret to digital security is random characters, lies, and a password manager!