| |||||||
This colloquy will explore the privacy and security implications of our increasingly “networked” lives. The risk is not just with use of computers: Use a “smartphone?” Have a car with OnStar? Considered a home security/monitoring system? Shop online? Shop at physical stores (think “Target”)? All of these provide information about you to “the cloud”. . . with attendant security and privacy implications.
This will be a practical colloquy for non‐technical participants, with hands-on demonstration of some of the tips, traps, and best practices for accessing the Internet.
Scott Miller and Mike Wolf are Blue Hill “techno‐weenies.”
Syllabus
The specifics of each week’s discussion will be revisited shortly before the colloquy begins, but the following is a working draft of the four sessions:
Reading Materials
If you do have the interest and time to read (or listen to) a book covering a broad swath of Internet security issues…from a layman’s perspective…you might consider the following:
Over the weeks before the colloquy begins, we will post links to a series of articles on the subjects to be addressed. They’re not required, but might be of interest to colloquy participants.
How I became a password cracker describes some of the basics of cracking passwords–note, in particular, the chart about halfway down that shows how long it takes to crack passwords of varying lengths using brute force.
Anatomy of a hack illustrates how even longer and seemingly complex passwords are “crackable”
Why passwords have never been weaker discusses the hardware and software (including enormous lists of passwords) and how they can now consider 6.2 billion possible passwords per second
Lessons learned from cracking 4,000 Ashley Madison passwords shows how sophisticated web sites can improve security by encrypting the password “hashes,” but Once seen as bulletproof… illustrates how a simple (but egregious) error elsewhere in the site design can unravel the security blanket
Password complexity rules more annoying, less effective than lengthy ones‘ title says it all
Why your password can’t have symbols–or be longer than 16 characters draws attention to sites, including financial institutions, that limit password complexity and length
https://www.sslshopper.com/ssl-checker.html
https://badssl.com
https://whatismyip.com
https://www.raymond.cc/blog/7-tools-verify-file-integrity-using-md5-sha1-hashes/
How Target’s Point of Sale System May Have Been Hacked describes in some detail a likely scenario
Hospitals and Ransomware describes recent “ransomware” attacks in California
The EU-U.S. Privacy Shield discusses both the shield and implications for US businesses
Last week, we discussed social engineering to get access to account information. Here’s an article from Wired magazine about how one of their journalists was hacked (thanks to AppleCare):
How Apple and Amazon Security Flaws Led to My Epic Hacking
How do we feel about this web site?
http://marinediscountcenter.com/
This week’s focus is on the “Internet of Things.” Here are the videos shown at the meeting:
60 Minutes: Car Hacked in 60 Minutes
CBS: Hackers disable brakes on Jeep from miles away
Hackers aren’t just focused on the Internet–other signals (such as radio) are targeted
Schoolboy hacks into city’s tram system
We showed WireShark “sniffing” last week–the same can be done for BlueTooth. Implications:
Science: Could a wireless pacemaker let hackers take control of your heart?
Registration
Bookings are now closed (or the colloquy has been cancelled)
We aren't currently accepting bookings for Security and Privacy in the Digital Age.
If you are trying to pay for a colloquy that you've already attended or have questions about refunds, please contact our Treasurer to work out the details.