---

Safe Computing

Notes

Personally Identifiable Information

• Personally Identifiable Information (PII): information specific to an individual
• Can be used by people to steal someone’s identity, bank funds, or to impersonate someone in order to gain access to an organization
• Search engines maintain a history of what you search
• Your search history is used to suggest other websites you may like or for targeted marketing
  • Your location can even be collected

    Personally Identifiable Information: The Good and The Bad

• PII can be used to enhance a user’s online experience
• PII can be exploited if privacy and other protections are ignored
  • Information placed online can be used in ways that were not intended and that may have a harmful impact

    Risks to Privacy

• The information placed online is difficult to delete!
• Information posted to social media can be used by others and combined with other sources to deduce private information about you
  • This information can then be used in ways that were not intended and may have a harmful impact

    Authentication

• Authentication measures protect devices and information from unauthorized access
• Authentication measures:
  • Strong passwords
  • Multi-factor authentication

    Strong Passwords

• Creating strong passwords:
  • 10 or more characters
  • must contain a symbol
  • must contain a number
  • must contain lowercase and uppercase letters

    Multi-Factor Authentication

• Types of authentication:
  • What you know
  • What you are
  • What you have

    Virus and Malware

• Virus: malicious programs that can copy themselves and gain access to systems that they are not supposed to be allowed in
• Malware: often intended to damage a computing system or take partial control over its operation
  • Can infiltrate a system by posing as legitimate programs or by attaching itself to legitimate programs, like an email attachment
• Virus scans can help to prevent malicious code from getting into and affecting your system

  Encryption and Decryption

• Once legitimate access to a system is gained, it is important to ensure data sent to and from the system remains uncompromised
• Encryption: the process of encoding data to prevent unauthorized access
• Decryption: the process of decoding data
• Two types of encryption:
  • Symmetric encryption
  • Asymmetric encryption
• Symmetric encryption: one key used to both encrypt and decrypt data
  • Example: Caesar Cipher

    Asymmetric Encryption

• Public Key Encryption: uses two keys
  • A public key for encrypting
  • A private key for decrypting
• A sender does not need the receiver’s private key to encrypt a message
• The receiver’s private key IS required to decrypt the message

  Digital Certificates

• Certificate authorities issue digital certificates that validate the ownership of encryption keys used in secure communications and are based on a trust model

  The Importance of the Internet

• The Internet is an integral part of our lives

  Risks to Personal Safety

• Phishing: An attempt to trick a user into providing personal information, like your usernames and passwords, account numbers, or social security numbers
• Phishing emails often look like they’re from a company you know and trust:
  • your bank
  • your credit card company
  • social networking site
  • video streaming site
  • online store
• They trick you into clicking a link or opening an attachment
• Clicking a link or opening an attachment in a phishing email will cause unexpected harm:
  • virus installed on your computer
  • spoofed banking website
  • keylogger installed
• Keylogger: Records every keystroke made by a user in order to gain fraudulent access to passwords or other confidential information
• Rogue Access Point: A wireless network that can give unauthorized access to secure networks

Actions

Describe PII you have seen on project in CompSci Principles.

• CRUD Project: name, email, password, phone

What are your feelings about PII and your exposure?

• PII should not be displayed if it contains sensitive information. For example, I would not want to have my password displayed for anyone to see.
• Good passwords:
  • (h3e$e8ur9er5 – cheeseburgers
  • 1s@b3ll3!$Aw350m3 – isabelle is awesome
• Bad passwords:
  • password
  • bob
  • 1234567890
• In addition to passwords, you can also authenticate your identity with your username, your driver license, and your face

Try to describe Symmetric and Asymmetric encryption

• Symmetric encryption: method of encrypting a message so that only the sender and receiver can read it
• Asymmetric encryption: also known as public-key encryption, uses one public key and one private key to encrypt and decrypt a message and protect it from unauthorized access

Provide and example of encryption we used in deployment.

• SSL Encryption

Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques

• I am incredibly smart and wise, so I have never fallen for a phishing scheme.
• Some phishing techniques include the fake invoice scam, the email account upgrade scam, the paypal scam, and other things