Online Security
•Télécharger en tant que PPTX, PDF•
0 j'aime•512 vues
Basically a copy of this preso: http://www.slideshare.net/bradbatt/baby-photos-and-online-security Added a few things specific to my cause.
Recommandé
Recommandé
Contenu connexe
Plus de Jake Spurlock
Dernier
Dernier (20)
Online Security
- 1. Baby Photos!
- 2. Baby Photos!
- 5. "In the space of one hour, my entire digital life was destroyed... — Mat Honan
- 6. "In the space of one hour, my entire digital life was destroyed... First my Google account was taken over, then deleted... — Mat Honan
- 7. "In the space of one hour, my entire digital life was destroyed... First my Google account was taken over, then deleted... Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages... — Mat Honan
- 8. "In the space of one hour, my entire digital life was destroyed... And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook." First my Google account was taken over, then deleted... Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages... — Mat Honan @mat
- 15. Dec 2009 — 32 million
- 16. Dec 2009 — 32 million 420K ??? 8.2M June / July 2012
- 17. Dec 2009 — 32 million 420K ??? 8.2M 453K 6.5M 1.5M June / July 2012
- 21. "Two-factor authentication is one of the best things you can do to make sure your accounts don’t get hacked." — Lifehacker Australia
- 28. Best Security PracticesStrong passwords / Two- factor Unique emails for accounts brad+nytimes@gmail.com or brad+news@gmail.com brad+paypal@gmail.com or brad+money@gmail.com Use good “security questions” Secure websites (https://)
- 29. “Security Questions” The best answers are non-sensical! Pet’s name? Spaghetti
- 30. Look for the Lock!
- 31. Fishing
- 32. Phishing
- 36. $1,690
Notes de l'éditeur
- A cool twitter handle — that was their original motivation Erasing the data was just a malicious act OK ... so HOW did they do this? Amazing manipulation of information and different online companies... First, they found his email address on his personal home page...
- Meet Mat Honan — he is having a BAD day “"In the space of one hour, my entire digital life was destroyed...”
- “First my Google account was taken over, then deleted...”
- Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages...
- And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
- Called Amazon (where Mat had acct) and “added” a CC to his account—all they needed was his name, email, billing address & Amazon lets you add a CC Call back later and say you can’t access your account—provide the name, billing addr, and CC (that you just gave them) and they let you add a new email Go to Amazon website and do a password reset to new email. OK now what?
- Through GMail’s password recovery option they were able to determine that he had an AppleID Not hard to figure out that m***n@me.com is mathonan@mac.com To get to his AppleID account they needed a billing address (got through WHOIS) and the last 4 digits of a CC — so how’d they get the CC?
- Called Amazon (where Mat had acct) and “added” a CC to his account—all they needed was his name, email, billing address & Amazon lets you add a CC Call back later and say you can’t access your account—provide the name, billing addr, and CC (that you just gave them) and they let you add a new email Go to Amazon website and do a password reset to new email. OK now what?
- Amazon’s payment method page gives you the last 4 digits of all CC’s you have on file
- With that information, they called Apple — by providing email, billing address, and last 4 digits of CC they got Apple to reset the account password Now they have EVERYTHING — iCloud, remote wipe OWNED!!
- Are you at risk? Maybe you don’t use Apple or Amazon? Let’s take a look at some password hacks that affected big companies, not just an individual
- One of the biggest in history — just a few years ago 32 million emails / passwords compromised and posted online
- More recently — FormSpring: 420K Last.fm — who never would say how many Gamigo (online multiplayer games) — 8.2 million! OK, never heard of any of those...
- Yahoo — 453K ... LinkedIn — 6.5 million ... eHarmony — 1.5 million The passwords are encrypted, so hackers have to crack them ... the biggest problem is that we suck at passwords! After analyzing the passwords, does anyone know what the most common password used is?
- We choose EASY passwords!! Top 10: 123456789, password, qwerty, abc123, letmein, trustno1, iloveyou Ave user logs in to 7-25 accounts per day; has to authenticate ~15 times a day That’s a pain! So we choose passwords that are EASY to remember AND...
- We use the same password OVER and OVER 70% of people do not use a unique password for each website Imagine a office desk drawer key—not very important—that opened your car, house, and safe!
- Bad passwords: The above! Your or your kids names, personal information, words in the dictionary. Good passwords: Long “pass phrases” Some suggest using a letter from beg. of each word: Like “This little piggy went to market” becomes TLPWENT2M — it’s better to just use the phrase itself
- What is two-factor authentication (or two-step verification)?
- Something you know: Your login and password Something you have: Your phone
- Login like you normally would Enter your code from phone (Can remember computer for 30 days or validate every time) That’s it!
- Can have a text sent to you — or use Google Authenticator app (iPhone, Android, Blackberry) App can be accessed even if you don’t have phone connectivity What about your applications — Outlook, etc?
- Google generates passwords for each application You only have to enter it ONCE You can revoke access to specific apps at any time
- Facebook has the same thing Called “Login Approvals” BTW — you should turn on Login Notifications and Secure Browsing while you are here!
- Other popular services that have two-factor auth: Dropbox and PayPal Dropbox uses GAuth app PayPal uses text messages
- Unique emails make it harder for hackers to access a different account if one is compromised Strong passwords — essential! All the easy ones are already cracked Secure websites — why is this important? Starbucks!!
- Security questions are a weak link! NEVER use the truthful answer to a security question
- Encrypts traffic between your browser and the website server
- Encrypts traffic between your browser and the website server
- Encrypts traffic between your browser and the website server
- Mat Honan — bit of a happy ending DriveSavers — recovered 75% of hard drive data Turns out the “priceless” photos aren’t really priceless anymore...
- Mat’s photos of his daughter: Priceless! Cost to recover data from hard drive: $1690!!!
- Use password storage programs like Lastpass or 1password to store all of your unique passwords and answers to security questions for each site