Security and Privacy in the Digital Age
| |||||||
This colloquy will explore the privacy and security implications of our increasingly “networked” lives. The risk is not just with use of computers: Use a “smartphone?” Have a car with OnStar? Considered a home security/monitoring system? Shop online? Shop at physical stores (think “Target”)? All of these provide information about you to “the cloud”. . . with attendant security and privacy implications.
This will be a practical colloquy for non‐technical participants, with hands-on demonstration of some of the tips, traps, and best practices for accessing the Internet.
Scott Miller and Mike Wolf are Blue Hill “techno‐weenies.”
Syllabus
Each week’s session will be organized to anticipate about an hour of lecture/discussion, including “live” computer demonstration, followed by an hour of Q&A, discussion and group troubleshooting on that week’s subject.
The specifics of each week’s discussion will be revisited shortly before the colloquy begins, but the following is a working draft of the four sessions:
Week 1: Navigating the Internet safely
- Surfing the web
- Secure vs. insecure web sites
- Virtual private networks
- Password protection
- What makes a strong password?
- How to enhance protection
- How do passwords get stolen/cracked?
- Internet downloads and viruses
- Software downloads
- Other virus “vectors”
- Documents
Week 2: How your personal information gets shared
- Techniques
- High-tech
- Viruses
- Network “sniffing” and “spoofing”
- Vendor hacks
- Low-tech
- Social engineering
- “Asking”
- High-tech
- Protecting yourself
- Awareness
- Monitoring services
Week 3: Do you really know when you’re connected?
- Laptops, tablets and smartphones
- When are they connected?
- What’s being downloaded? Who’s controlling the software?
- What’s being uploaded (e.g., why does the “Flashlight” app need to know my geographic location)?
- The “Internet of Things”
- “Smart” appliances
- OnStar
- Who is in control of the data being uploaded?
Week 4: Review of best practices
- Online activities
- Offline activities
▼ Reading Materials
Reading Materials
As with almost all things Internet, the “state of the art” in computer security and privacy protections is moving faster than most print publications can keep up. Therefore, most of the preparatory reading materials will be hyperlinks to online articles of interest.
If you do have the interest and time to read (or listen to) a book covering a broad swath of Internet security issues…from a layman’s perspective…you might consider the following:
- Future Crimes: Everthing is Connected, Everyone is Vulnerable and What We Can Do About It, Marc Goodman, Doubleday, 2015 [Amazon][MaineCat][MaineInfoNet (audio)]
Other Articles of Interest
Over the weeks before the colloquy begins, we will post links to a series of articles on the subjects to be addressed. They’re not required, but might be of interest to colloquy participants.
March 17
Passwords
How I became a password cracker describes some of the basics of cracking passwords–note, in particular, the chart about halfway down that shows how long it takes to crack passwords of varying lengths using brute force.
Anatomy of a hack illustrates how even longer and seemingly complex passwords are “crackable”
Why passwords have never been weaker discusses the hardware and software (including enormous lists of passwords) and how they can now consider 6.2 billion possible passwords per second
Lessons learned from cracking 4,000 Ashley Madison passwords shows how sophisticated web sites can improve security by encrypting the password “hashes,” but Once seen as bulletproof… illustrates how a simple (but egregious) error elsewhere in the site design can unravel the security blanket
Password complexity rules more annoying, less effective than lengthy ones‘ title says it all
Why your password can’t have symbols–or be longer than 16 characters draws attention to sites, including financial institutions, that limit password complexity and length
Other sites we expect to visit during the meeting
https://www.sslshopper.com/ssl-checker.html
https://badssl.com
https://whatismyip.com
https://www.raymond.cc/blog/7-tools-verify-file-integrity-using-md5-sha1-hashes/
March 24
How Target’s Point of Sale System May Have Been Hacked describes in some detail a likely scenario
Hospitals and Ransomware describes recent “ransomware” attacks in California
The EU-U.S. Privacy Shield discusses both the shield and implications for US businesses
March 31
Last week, we discussed social engineering to get access to account information. Here’s an article from Wired magazine about how one of their journalists was hacked (thanks to AppleCare):
How Apple and Amazon Security Flaws Led to My Epic Hacking
How do we feel about this web site?
http://marinediscountcenter.com/
This week’s focus is on the “Internet of Things.” Here are the videos shown at the meeting:
60 Minutes: Car Hacked in 60 Minutes
CBS: Hackers disable brakes on Jeep from miles away
Hackers aren’t just focused on the Internet–other signals (such as radio) are targeted
Schoolboy hacks into city’s tram system
We showed WireShark “sniffing” last week–the same can be done for BlueTooth. Implications:
Science: Could a wireless pacemaker let hackers take control of your heart?
April 7
▼ Registration
Registration
Bookings are now closed (or the colloquy has been cancelled)
We aren't currently accepting bookings for Security and Privacy in the Digital Age.
If you are trying to pay for a colloquy that you've already attended or have questions about refunds, please contact our Treasurer to work out the details.
▲ Hide...