AWS Community Day CPH - Three problems of Terraform
Computer Security Seminar: Protect your internet account information
1. Online Safety & Security
April-May 2014
Epiphany Technology Committee
Jeff Squyres, Jim Cabral
2. Clickable links to additional
information are included at the end
of this presentation
3. Agenda
● Why Should I Care About Security?
● Who Is Attacking Me?
● What Do I Need to Protect?
● What Can Happen?
● What Increases My Risk?
● How Can I Protect Myself?
● What If I Get Hacked?
4. Disclaimer
● We’re Just Trying to Help
● Don’t blame us if things go bad
● We’re volunteers (with day jobs)
5. Why Should I Care About Security?
“Just like any other public environment, the Internet
requires awareness and caution. Just as you use
locks to keep criminals out of your home, you also
need safeguards to secure your computer. Many of
the crimes that occur in real life are now done - or
at least facilitated - through the Internet. Theft,
abuse, and more can be and are being done online.
Many scammers target older Americans via emails
and websites for charitable donations, dating
services, auctions, health care, and prescription
medications.”
US Department of Homeland Security.
7. The “Heartbleed” bug: Fun facts
● Only 38% of users have
changed their passwords
○ 6% have changed all
○ 16% changed “some”
○ 16% changed “a few”
8. The “Heartbleed” bug
● The Internet depends on encryption
○ “https” → S = secure (encryption)
○ Encryption between computers
Encrypted connection
9. The “Heartbleed” bug
● This encryption is known as “SSL”
○ “Secure Sockets Layer”
SSL encrypted connection
10. The “Heartbleed” bug
● ⅔ of web sites use the same software for SSL
○ OpenSSL
SSL encrypted connection
Open
SSL
11. ● Software bug in OpenSSL since March 2012
The “Heartbleed” bug
Open
SSL
12. ● Software bug in OpenSSL since March 2012
The “Heartbleed” bug
Open
SSL
13. The “Heartbleed” bug
It’s like walking through a
crowded restaurant with a
video camera.
Joe Smith:
your total is
$98.17Here’s my
credit card
Please log me in;
my username is
“bobcat371”, my
password is
“LouCardsRule”
You catch snippets of
conversations and images.
Most aren’t important.
But some are.
14. ● Most web sites have fixed the problem
○ It is now safe to go change all your
passwords
● You can’t know if your password was
stolen
○ (there was no way to track the guy
with the video camera)
The “Heartbleed” bug
15. Who Is Attacking Me?
Albert Gonzales: stole 170M
credit / ATM cards from TJ Maxx
16. Who Is Attacking Me?
Nigerian (“419”) scammers
Also related:
● Guaranteed loan/credit scams
● Lottery scams
● Overpayment / refund scams
● Disaster relief scams
● Travel scams
● Tech/computer help scams
41. Who supports 2-factor?
These are only a few
Many more support 2-factor
authentication
Check your favorite web sites to see if
they support 2-factor authentication
49. Unprotected wifi
“Unprotected wifi is not
only like leaving your
front door unlocked; it’s
like leaving it wide open
with a ‘Welcome’ mat out
front.”
51. Use Safe Online Behaviors
● Change ALL your passwords now
○ Use complex, unique
passwords for each site
● Avoid suspicious emails,
messages, websites and public
WiFi
○ If it’s too good to be true, it
probably is
● Monitor your credit cards
52. Get Help to Setup Security
● Set phones, tablets
and computers to
auto update
● Back up critical
information
● Encrypt your home
WiFi (use WPA2)
54. Get Help to Setup Security
Everyone’s
setup is
different; we
can’t help
you in this
seminar
Get personal
or
professional
help
55. What If I Get Hacked?
Good Response Better Response
56. Recap
● The internet is a
dangerous place
○ BUT IT IS
MANAGEABLE!
○ Be sensible, be safe
○ Stop. Think. Connect.
57. Recap
● You can take actions NOW to protect yourself
○ Change ALL your passwords
■ Use good passwords
■ Get a password keeper
■ Setup 2-factor where possible
○ Ensure your firewall / anti-virus is up to date
○ Upgrade away from Windows XP
○ Set all your software to auto-update
○ Protect your home wifi
○ Setup off-site backups
59. Helpful links
● STOP. THINK. CONNECT.: From the Dept. of Homeland Security
○ http://stopthinkconnect.org
● Malwarebytes: Handy PC software to remove viruses
○ A good second line of defense
○ https://www.malwarebytes.org/
● Lastpass: Password keeper
○ https://lastpass.com/
○ They also run a Hearbleed checker: https://lastpass.com/heartbleed
● Free annual credit report: From the US government
○ https://www.annualcreditreport.com/
● XKCD: Simple cartoon showing how Heartbleed works
○ http://imgs.xkcd.com/comics/heartbleed_explanation.png
60. Helpful links
● OpenDNS: Parental controls for filtering web sites at home
○ http://www.opendns.com/
● Microsoft Family Safety:
○ https://familysafety.live.com/
● Reporting Computer Crime:
○ http://www.justice.gov/criminal/cybercrime/reporting.html