Protecting Your Online Life

Why We’re Here

• Anderson School of Management

• Information Assurance MBA program

• Community outreach

Before We Begin:Write Down A Password

• Write down a password you’ve used in the past or one you might use.

• Make sure it is a password you can remember.

• Please don’t write a current password.

Survey Results

• Remember the survey?

• It’s a 60/40 split between PCs and smart phones.

• Not many of you use iOS or linux

• Almost everyone uses facebook

• A third of you use torrents

• Half of you IM and have friendships with people you have never met.

Survey Results cont.

• Half of you do things online you don’t want your parents to know about or aren’t sure about

• Half of you are unsure how to check your Antivirus software status

• Half of you have been talked to about online security before.

The Risk Is Real

• Woman’s life savings (over one million dollars) taken and spent on fast food, gold bars, and expensive computers in December 2011.

• The group was just convicted last month.

www.stockfreeimages.com/

Anyone Can Be Hacked

• Microsoft Executives’ X-Box Live accounts hacked in March

www.freeimages.co.uk/

What If It Was You?

Real cases:

•Photos of 13 year old girl in her underwear leaked on the internet and quickly became an internet meme. Millions of people saw them.•E-mails or messages sent from your account to everyone you recently sent to, including your teachers, telling them you have a “secret crush” on them.

Jobs Watch Facebook

• What you like on Facebook can reveal potentially embarrassing info.

• Examples: Sexual orientation and past drug use.

• Be careful what you like on Facebook. Be careful hackers don’t post fake likes.

• Jobs get this data. They might not hire you.

General Safety Tips

• Have your own account on any machine– The next user might accidentally open your e-mail.

• Use a non-administrator account on your machines– Many threats need administrator privileges to infect.

• Keep everything up-to-date.– When vulnerabilities are found they are used. Updates keep you

ahead of the curve.

• Keep browser settings on medium security or higher.

Mobility = Vulnerability• Phones, tablets, and

laptops can be used while you aren’t looking.

• Machines hooked up to a network are vulnerable to attack.

• The more places you connect with people the more risks you take –like with disease.

Photo Credit: Janice CarrContent Providers(s): CDC/ Dr. Ray Butler; Janice Carr

Protection For Interconnection

• Phones have anti-virus, such as AVG

• Mobile devices can be encrypted

The simplest place to start is improving your password.

Cracking Passwords

• Easy for anyone with an internet connection.

• Downloadable tools and YouTube instructions

• Better passwords take longer.

• Changing regularly limits how long attackers have to figure out the password.

What Is A Good Password?

• How do you choose passwords?– What makes that password tough to crack?– What makes that password memorable?

Demo: A Free Cracking Tool

• Bad password: Qt8cF– Random and mixed, but short– Good is 16+ characters

• Bad password: Pineapple-longer, but word found in dictionary

• Bad password: TheBeatles– longer and not a dictionary word, but far too

popular and predictable

• Examples from class-

Password Myth

• Actually, random is not always best.• Memorable passwords are less likely to be

written down and accidentally read by someone else.

• Still should use mix of lowercase, capital letters, numbers, and special characters.

Useful Tricks:– Word inside word: $anpengu1ndwich!– Phrase: Joe8my101mango$ Z0e1sMyf@tCat

X

Password Checklist

• See handout for a checklist for making safer passwords.

• Password testing:

http://www.passwordmeter.com/http://howsecureismypassword.net/

Storing Passwords

• If you store your password safely, you only need to remember one or two passwords and you can access the others anywhere with internet or phone access.

• Spideroak is so secure you can’t reset your password –both a pro and a con.

Spideroak.com www.keepass.info

There are smartphone apps for both.

Strong Password Isn’t Enough

The weakest part of a strong password is going to be you.

Phishing• Phishing: When criminals try to get your personal information

by pretending to be a legitimate agency over the internet.

-Steal your bank account

-Steal your iTunes account

-Steal your gaming points or in-game money

A password is useless if you give your info away.

What Gets Phished

Real Life Scam

Don’t send money or your social security number. Take your computer to a repair shop.

Real Life ScamIf it it’s not from the antivirus you installed, it isn’t real. Close down your browser right away without clicking on the box anywhere. The whole window could be a yes button.

Windows –Close with Alt F4Mac –Close with Command Q

Spear Phishing

• Spear Phishing: When a phisher targets you using data about your personal tastes to make the attempt to learn more seem more legitimate.

-Can be used to make money, like normal phishing.

-Can also be used by people with an agenda for you in the real world –like stalkers.

Spear Phishing ToolYou can purchase a tool on for the Steam video game sight that can unlock lots of data about Steam group members.

-user names-ID’s-start date-installed games-average play time-last login time-more

Closing

• Use multiword passwords and do regular updates.

• Be suspicious of giving out personal info.

• If you’re not careless, you’ll be ahead of the game.

Questions?