Slides from the Computer Security seminar presented by the Epiphany Technology Committee on 21 April 2014.

1. Online Safety & Security
April-May 2014
Epiphany Technology Committee
Jeff Squyres, Jim Cabral

2. Clickable links to additional
information are included at the end
of this presentation

3. Agenda
● Why Should I Care About Security?
● Who Is Attacking Me?
● What Do I Need to Protect?
● What Can Happen?
● What Increases My Risk?
● How Can I Protect Myself?
● What If I Get Hacked?

4. Disclaimer
● We’re Just Trying to Help
● Don’t blame us if things go bad
● We’re volunteers (with day jobs)

5. Why Should I Care About Security?
“Just like any other public environment, the Internet
requires awareness and caution. Just as you use
locks to keep criminals out of your home, you also
need safeguards to secure your computer. Many of
the crimes that occur in real life are now done - or
at least facilitated - through the Internet. Theft,
abuse, and more can be and are being done online.
Many scammers target older Americans via emails
and websites for charitable donations, dating
services, auctions, health care, and prescription
medications.”
US Department of Homeland Security.

6. The “Heartbleed” bug

7. The “Heartbleed” bug: Fun facts
● Only 38% of users have
changed their passwords
○ 6% have changed all
○ 16% changed “some”
○ 16% changed “a few”

8. The “Heartbleed” bug
● The Internet depends on encryption
○ “https” → S = secure (encryption)
○ Encryption between computers
Encrypted connection

9. The “Heartbleed” bug
● This encryption is known as “SSL”
○ “Secure Sockets Layer”
SSL encrypted connection

10. The “Heartbleed” bug
● ⅔ of web sites use the same software for SSL
○ OpenSSL
SSL encrypted connection
Open
SSL

11. ● Software bug in OpenSSL since March 2012
The “Heartbleed” bug
Open
SSL

12. ● Software bug in OpenSSL since March 2012
The “Heartbleed” bug
Open
SSL

13. The “Heartbleed” bug
It’s like walking through a
crowded restaurant with a
video camera.
Joe Smith:
your total is
$98.17Here’s my
credit card
Please log me in;
my username is
“bobcat371”, my
password is
“LouCardsRule”
You catch snippets of
conversations and images.
Most aren’t important.
But some are.

14. ● Most web sites have fixed the problem
○ It is now safe to go change all your
passwords
● You can’t know if your password was
stolen
○ (there was no way to track the guy
with the video camera)
The “Heartbleed” bug

15. Who Is Attacking Me?
Albert Gonzales: stole 170M
credit / ATM cards from TJ Maxx

16. Who Is Attacking Me?
Nigerian (“419”) scammers
Also related:
● Guaranteed loan/credit scams
● Lottery scams
● Overpayment / refund scams
● Disaster relief scams
● Travel scams
● Tech/computer help scams

17. Who Is Attacking Me?
Dating, foreign
bride, sex scams

18. Who Is Attacking Me?
State-sponsored

19. “I’m not important”
● “No one cares
about my Facebook
account…”
● Wrong
○ They care a lot

20. “I’m not important”
● They’ll use the
same username /
password to login
elsewhere
● They’ll impersonate
you

21. What Do I Need to Protect?

22. What Can Happen?

23. Identity and Data Theft

24. Surveillance/Spying

25. Inappropriate Content
Your
child

26. What Increases My Risk?

27. Poor Passwords
● Simple passwords
● Old or reused
passwords
● Lack of 2-factor
authentication

28. “Do I really need a different password on
every web site?”
Yes
(sorry)

29. “But I can’t remember all those passwords!”
● Use a password-keeper program
● Two good ones:
○ LastPass
○ DashLane
● Both are
“Freemium”

30. Sidenote: What is 2-factor authentication?
1. Something you know
○ Your password
2. Something you have
○ Your cell phone

31. Sidenote: What is 2-factor authentication?
Login: bobcat371, LouCardsRule

32. Sidenote: What is 2-factor authentication?
Text bobcat371’s phone: code is 998321
This code changes every time

33. Sidenote: What is 2-factor authentication?
Text bobcat371’s phone: code is 998321
This code changes every time
What’s the code?

34. Sidenote: What is 2-factor authentication?
Text bobcat371’s phone: code is 998321
bobcat371, code is 998321
This code changes every time

35. Sidenote: What is 2-factor authentication?
You’re logged in!

36. Why is that useful?
Text bobcat371’s phone:
code is 796537
Login: bobcat371,
LouCardsRule

37. Why is that useful?
Text bobcat371’s phone:
code is 796537
What’s the code?

38. Why is that useful?
Text bobcat371’s phone:
code is 796537
Uh...

39. Why is that useful?
Text bobcat371’s phone:
code is 796537
Uh...

40. Who supports 2-factor?

41. Who supports 2-factor?
These are only a few
Many more support 2-factor
authentication
Check your favorite web sites to see if
they support 2-factor authentication

42. Back to:
What Increases My Risk?

43. Unpatched Software
● Windows and MacOS
● Applications (PDF, Office)
● Mobile phones, tablets
● Web Servers
(Heartbleed)
● Others (Java)

44. Insecure Configurations
● Software not set to auto-
update
● Open home WiFi

45. “I’m not important”
● “No one cares about my
home wifi network”
● Wrong
They care a lot

46. Wifi reaches outside of your home

47. With protected wifi
Your home / wifi
Bad guy
can’t get in your
network

48. With protected wifi
Your home / wifi
Bad guy connects
from the street -- he’s
in your network!

49. Unprotected wifi
“Unprotected wifi is not
only like leaving your
front door unlocked; it’s
like leaving it wide open
with a ‘Welcome’ mat out
front.”

50. How Can I Protect Myself?

51. Use Safe Online Behaviors
● Change ALL your passwords now
○ Use complex, unique
passwords for each site
● Avoid suspicious emails,
messages, websites and public
WiFi
○ If it’s too good to be true, it
probably is
● Monitor your credit cards

52. Get Help to Setup Security
● Set phones, tablets
and computers to
auto update
● Back up critical
information
● Encrypt your home
WiFi (use WPA2)

53. Get Help to Setup Security

54. Get Help to Setup Security
Everyone’s
setup is
different; we
can’t help
you in this
seminar
Get personal
or
professional
help

55. What If I Get Hacked?
Good Response Better Response

56. Recap
● The internet is a
dangerous place
○ BUT IT IS
MANAGEABLE!
○ Be sensible, be safe
○ Stop. Think. Connect.

57. Recap
● You can take actions NOW to protect yourself
○ Change ALL your passwords
■ Use good passwords
■ Get a password keeper
■ Setup 2-factor where possible
○ Ensure your firewall / anti-virus is up to date
○ Upgrade away from Windows XP
○ Set all your software to auto-update
○ Protect your home wifi
○ Setup off-site backups

58. Questions?

59. Helpful links
● STOP. THINK. CONNECT.: From the Dept. of Homeland Security
○ http://stopthinkconnect.org
● Malwarebytes: Handy PC software to remove viruses
○ A good second line of defense
○ https://www.malwarebytes.org/
● Lastpass: Password keeper
○ https://lastpass.com/
○ They also run a Hearbleed checker: https://lastpass.com/heartbleed
● Free annual credit report: From the US government
○ https://www.annualcreditreport.com/
● XKCD: Simple cartoon showing how Heartbleed works
○ http://imgs.xkcd.com/comics/heartbleed_explanation.png

60. Helpful links
● OpenDNS: Parental controls for filtering web sites at home
○ http://www.opendns.com/
● Microsoft Family Safety:
○ https://familysafety.live.com/
● Reporting Computer Crime:
○ http://www.justice.gov/criminal/cybercrime/reporting.html

61. Thank you!