SlideShare a Scribd company logo

Heartbleed Explained & LastPass Demo

Download as PPSX, PDF
William Mann
William Mann

The document discusses the Heartbleed vulnerability and explains how password management tools like LastPass can help improve online security. It describes what the Heartbleed bug is, how it allows theft of sensitive information, and why unique, strong passwords are important to prevent attacks. The bulk of the document demonstrates how to set up a LastPass account and vault, generate secure passwords, organize accounts into folders, and access passwords across devices for a more secure digital life.

Technology
1 of 26
Technology Training Special Training - Session #13 Heartbleed Explained Getting Your Digital Security in Order with LastPass May 8, 2014 William Mann, Borough of West Chester - CIO
Securing Your Digital Life
What is Heartbleed? The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). SSL = Secure Sockets Layer TLS = Transport Layer Security definitions
What is Heartbleed? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What is Heartbleed? With a Heartbleed infected server, information like you see here can be captured by an attacker. This may not look like much, but if your logon or account information is exposed in this way are data is at risk.
What is Heartbleed? Why it is called the Heartbleed Bug? The Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
Explaining Heartbleed First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies. Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.
Protecting Your Information Heartbleed is a reminder that securing your information is more important then ever before. And it’s going to get worse. As we continue relying on technology for conducting business, communicating through email, social media and shopping online cybercriminals are going to continue getting smarter and more aggressive in how they try to steal personal information. So we need to be even smarter….
Password Management Password Management is becoming one of the best defenses for security flaws. Passwords today need to be taken very seriously. This means having a good, efficient password management plan for every account you have online. Password Management in days past could be very complicated, time consuming and difficult. However today there are many solutions out there that are easy to use, secure and either free or very inexpensive. Each of your accounts should have a strong and unique password.
Password Management with LastPass Last Pass has both a free account and a paid account. The paid account is $12 / year and provided mobile app support which is alone is well worth the cost. With this password management tool you will be able to organize, manage and use unique secure passwords easily. In fact I use LastPass and I actually do not even know what the majority passwords are. Now – that’s security!
Introducing LastPass What I really like about LastPass is that you actually do not need to know all those passwords and their app is available on every device you may choose to use. You just need to know one password…. Your LastPass password.
Introducing LastPass With this in mind, even before you sign up for LastPass be sure to think about a good, secure password that you will never – ever forget.
Simple Passwords are so Yesterday Passwords as we know them are going to change in a big way very soon. Gone will be the time when simple words like… “password” will be used or accepted. Now I may be getting ahead of myself but… A better password strategy is using key phrases that only you would know and no one else could guess or that a cyber criminal could hack.
Passwords are Changing Here are a couple of examples of using “phrases” for your password. Ex: 1 is “Captain Kirk and Mr. Spock are best friends!” Your typed password would be: Captain_Kirk_&_Mr._Spock_are_best_freinds! Ex: 2 is “My favorite Place on Earth is Disney World!” Your typed password would be: My_Favorite_Place_on_Earth_is_Disney_World! Passwords using phrases can be long, complex and easily remembered!
Embrace Password Management This is important before we continue. Make sure you pick a good password or phrase that you will not forget. It will also be a good idea to print and save this password is a secure location like a safe in your home or another secure location. This will be the only password you will need if you use LastPass (or similar password managers) regularly. If you forget your LastPass password there is NO reset mechanism.
Signing up with LastPass Go to www.lastpass.com to sign up. Either choose “Download Free” or “Go Premium”. Passwords are very important and your security is probably worth $12 / year.
Creating Your LastPass Account I recommend that when you sign up with LastPass you use your primary computer or laptop. When you go to create an account you will be prompted to “Download LastPass”. Do this. You will then enter your email address, a master password (the really – really good one you already decided on) and a Password Reminder that will only help you remember it – just in case.
Getting to Know Your LastPass Vault The LastPass Vault is where you will store, organize and manage all of your passwords. This vault will be also available to you on all of your mobile devices if you sign up for the Premium account ($12/year).
Organizing Your LastPass Vault I recommend organzing all of your accounts into folders. You can see by my example I have all of my accounts in catergorized folders that I created. Within each folder are my specific accounts.
Organizing Your LastPass Vault By creating an organized folder structure for your accounts you quickly realize....
Creating Strong Passwords with LastPass With LastPass installed you will now notice an (*) next to all of you logon fields for websites. If an account has already been setup you can simply select login because all of the fields will be completed for you. You can also setup an account for “autologin” which will of course automatically log you in. I recommend this only a secured PC that is passworded to access you Windows account or one that only you have access to. Make sure that when you install LastPass on your PC that you install the “plug in” for all of the browsers that you use.
Creating Strong Passwords with LastPass Creating secure & unique passwords for each account is the point here so you will want to take the time to change any passwords you have. LastPass makes this very easy with the “password generator”. You can do this by selecting the * and the “Generate” button.
Creating Strong Passwords with LastPass If you use the default settings you will see it will generate for you a strong 12 character password using several types of characters. Select Use Password then “Yes, Use for this Site”.
Going Mobile with LastPass On your mobile device you will open the LastPass app first, copy the password and then paste it into account the that you want to access. Although there is a physical – additional step here – you only need one password to remember – and use. However, and this is important, all of your passwords are complex and unique.
How Does LastPass Work? LastPass uses AES 256-bit encryption. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S.National Institute of Standards and Technology (NIST) in 2001 All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. MQ9=5khD<YWZ&+5 This is how each of your passwords should look. With LastPass you can actually do this – and it’s easy.
LastPass Demo Now we will walk through how to use LastPass. Please ask questions as we go along. www.lastpass.com

Recommended

I forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyI forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and why
Michal Špaček
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policies
Michal Špaček
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
Will Alexander
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!
William Mann
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable password
SafeSpaceOnline
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 

Recommended

I forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyI forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and why
Michal Špaček
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policies
Michal Špaček
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
Will Alexander
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!
William Mann
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable password
SafeSpaceOnline
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explained
jeetendra mandal
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
Klaus Drosch
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
Password Management
Password ManagementPassword Management
Password Management
Davon Smart
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
William Mann
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
clcewing
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web Security
Harrison Kenyon Marketing
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
Abdulafeez Fasasi
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
W make107
W make107W make107
W make107Greg in SD
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
CheapSSLsecurity
 
Password management
Password managementPassword management
Password managementWilmington University
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
Joan Dembowski
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101
William Mann
 

More Related Content

Similar to Heartbleed Explained & LastPass Demo

Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explained
jeetendra mandal
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
Klaus Drosch
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
Password Management
Password ManagementPassword Management
Password Management
Davon Smart
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
William Mann
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
clcewing
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web Security
Harrison Kenyon Marketing
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
Abdulafeez Fasasi
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
CheapSSLsecurity
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
Joan Dembowski
 

Similar to Heartbleed Explained & LastPass Demo (20)

Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explained
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
 
Password Management
Password ManagementPassword Management
Password Management
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web Security
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
W make107
W make107W make107
W make107
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
 
Password management
Password managementPassword management
Password management
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
 

More from William Mann

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101
William Mann
 
Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017
William Mann
 
Why Digital Document Management?
Why Digital Document Management?Why Digital Document Management?
Why Digital Document Management?
William Mann
 
Technology Training 11-10-2016
Technology Training 11-10-2016Technology Training 11-10-2016
Technology Training 11-10-2016
William Mann
 
Tech training 19 Skype for Business
Tech training 19 Skype for BusinessTech training 19 Skype for Business
Tech training 19 Skype for Business
William Mann
 
Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16
William Mann
 
Technology Training - Session 15
Technology Training - Session 15Technology Training - Session 15
Technology Training - Session 15
William Mann
 
West Chester - Tech Training Session 11
West Chester - Tech Training Session 11West Chester - Tech Training Session 11
West Chester - Tech Training Session 11
William Mann
 
What is West Chester Connect?
What is West Chester Connect?What is West Chester Connect?
What is West Chester Connect?
William Mann
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
William Mann
 
Tech Training - Session 9
Tech Training - Session 9Tech Training - Session 9
Tech Training - Session 9
William Mann
 
Tech Training - Session 8
Tech Training - Session 8Tech Training - Session 8
Tech Training - Session 8William Mann
 
SharePoint & More
SharePoint & MoreSharePoint & More
SharePoint & More
William Mann
 
Session 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and MoreSession 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and More
William Mann
 
Holiday scams
Holiday scamsHoliday scams
Holiday scams
William Mann
 
Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccap
William Mann
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentation
William Mann
 
Email &amp; Social Media Training
Email &amp; Social Media TrainingEmail &amp; Social Media Training
Email &amp; Social Media TrainingWilliam Mann
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 

More from William Mann (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101
 
Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017
 
Why Digital Document Management?
Why Digital Document Management?Why Digital Document Management?
Why Digital Document Management?
 
Technology Training 11-10-2016
Technology Training 11-10-2016Technology Training 11-10-2016
Technology Training 11-10-2016
 
Tech training 19 Skype for Business
Tech training 19 Skype for BusinessTech training 19 Skype for Business
Tech training 19 Skype for Business
 
Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16
 
Technology Training - Session 15
Technology Training - Session 15Technology Training - Session 15
Technology Training - Session 15
 
West Chester - Tech Training Session 11
West Chester - Tech Training Session 11West Chester - Tech Training Session 11
West Chester - Tech Training Session 11
 
What is West Chester Connect?
What is West Chester Connect?What is West Chester Connect?
What is West Chester Connect?
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
 
Tech Training - Session 9
Tech Training - Session 9Tech Training - Session 9
Tech Training - Session 9
 
Tech Training - Session 8
Tech Training - Session 8Tech Training - Session 8
Tech Training - Session 8
 
SharePoint & More
SharePoint & MoreSharePoint & More
SharePoint & More
 
Session 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and MoreSession 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and More
 
Holiday scams
Holiday scamsHoliday scams
Holiday scams
 
Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccap
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentation
 
Email &amp; Social Media Training
Email &amp; Social Media TrainingEmail &amp; Social Media Training
Email &amp; Social Media Training
 
Computer Security
Computer SecurityComputer Security
Computer Security
 

Recently uploaded

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 

Heartbleed Explained & LastPass Demo

  • 1. Technology Training Special Training - Session #13 Heartbleed Explained Getting Your Digital Security in Order with LastPass May 8, 2014 William Mann, Borough of West Chester - CIO
  • 3. What is Heartbleed? The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). SSL = Secure Sockets Layer TLS = Transport Layer Security definitions
  • 4. What is Heartbleed? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  • 5. What is Heartbleed? With a Heartbleed infected server, information like you see here can be captured by an attacker. This may not look like much, but if your logon or account information is exposed in this way are data is at risk.
  • 6. What is Heartbleed? Why it is called the Heartbleed Bug? The Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
  • 7. Explaining Heartbleed First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies. Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.
  • 8. Protecting Your Information Heartbleed is a reminder that securing your information is more important then ever before. And it’s going to get worse. As we continue relying on technology for conducting business, communicating through email, social media and shopping online cybercriminals are going to continue getting smarter and more aggressive in how they try to steal personal information. So we need to be even smarter….
  • 9. Password Management Password Management is becoming one of the best defenses for security flaws. Passwords today need to be taken very seriously. This means having a good, efficient password management plan for every account you have online. Password Management in days past could be very complicated, time consuming and difficult. However today there are many solutions out there that are easy to use, secure and either free or very inexpensive. Each of your accounts should have a strong and unique password.
  • 10. Password Management with LastPass Last Pass has both a free account and a paid account. The paid account is $12 / year and provided mobile app support which is alone is well worth the cost. With this password management tool you will be able to organize, manage and use unique secure passwords easily. In fact I use LastPass and I actually do not even know what the majority passwords are. Now – that’s security!
  • 11. Introducing LastPass What I really like about LastPass is that you actually do not need to know all those passwords and their app is available on every device you may choose to use. You just need to know one password…. Your LastPass password.
  • 12. Introducing LastPass With this in mind, even before you sign up for LastPass be sure to think about a good, secure password that you will never – ever forget.
  • 13. Simple Passwords are so Yesterday Passwords as we know them are going to change in a big way very soon. Gone will be the time when simple words like… “password” will be used or accepted. Now I may be getting ahead of myself but… A better password strategy is using key phrases that only you would know and no one else could guess or that a cyber criminal could hack.
  • 14. Passwords are Changing Here are a couple of examples of using “phrases” for your password. Ex: 1 is “Captain Kirk and Mr. Spock are best friends!” Your typed password would be: Captain_Kirk_&_Mr._Spock_are_best_freinds! Ex: 2 is “My favorite Place on Earth is Disney World!” Your typed password would be: My_Favorite_Place_on_Earth_is_Disney_World! Passwords using phrases can be long, complex and easily remembered!
  • 15. Embrace Password Management This is important before we continue. Make sure you pick a good password or phrase that you will not forget. It will also be a good idea to print and save this password is a secure location like a safe in your home or another secure location. This will be the only password you will need if you use LastPass (or similar password managers) regularly. If you forget your LastPass password there is NO reset mechanism.
  • 16. Signing up with LastPass Go to www.lastpass.com to sign up. Either choose “Download Free” or “Go Premium”. Passwords are very important and your security is probably worth $12 / year.
  • 17. Creating Your LastPass Account I recommend that when you sign up with LastPass you use your primary computer or laptop. When you go to create an account you will be prompted to “Download LastPass”. Do this. You will then enter your email address, a master password (the really – really good one you already decided on) and a Password Reminder that will only help you remember it – just in case.
  • 18. Getting to Know Your LastPass Vault The LastPass Vault is where you will store, organize and manage all of your passwords. This vault will be also available to you on all of your mobile devices if you sign up for the Premium account ($12/year).
  • 19. Organizing Your LastPass Vault I recommend organzing all of your accounts into folders. You can see by my example I have all of my accounts in catergorized folders that I created. Within each folder are my specific accounts.
  • 20. Organizing Your LastPass Vault By creating an organized folder structure for your accounts you quickly realize....
  • 21. Creating Strong Passwords with LastPass With LastPass installed you will now notice an (*) next to all of you logon fields for websites. If an account has already been setup you can simply select login because all of the fields will be completed for you. You can also setup an account for “autologin” which will of course automatically log you in. I recommend this only a secured PC that is passworded to access you Windows account or one that only you have access to. Make sure that when you install LastPass on your PC that you install the “plug in” for all of the browsers that you use.
  • 22. Creating Strong Passwords with LastPass Creating secure & unique passwords for each account is the point here so you will want to take the time to change any passwords you have. LastPass makes this very easy with the “password generator”. You can do this by selecting the * and the “Generate” button.
  • 23. Creating Strong Passwords with LastPass If you use the default settings you will see it will generate for you a strong 12 character password using several types of characters. Select Use Password then “Yes, Use for this Site”.
  • 24. Going Mobile with LastPass On your mobile device you will open the LastPass app first, copy the password and then paste it into account the that you want to access. Although there is a physical – additional step here – you only need one password to remember – and use. However, and this is important, all of your passwords are complex and unique.
  • 25. How Does LastPass Work? LastPass uses AES 256-bit encryption. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S.National Institute of Standards and Technology (NIST) in 2001 All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. MQ9=5khD<YWZ&+5 This is how each of your passwords should look. With LastPass you can actually do this – and it’s easy.
  • 26. LastPass Demo Now we will walk through how to use LastPass. Please ask questions as we go along. www.lastpass.com