E N D
I Protecting yourself in a Digital Age: nformation Security & Privacy Sumit Dhar 18th Sept, 2012
A cautionary tale of… … Aaron Barr (CEO, HBGary Federal) • Hacked by the group Anonymous • Every account compromised • Lost his job
Three pillars of Security… • …and how they were Violated Kevin Mitnick Kevin Poulsen Vladimir Levin
How do we defend ourselves?
First line of defense… • …is a goodPassword
First line of defense… • …is a goodPassword • 12 characters or more • Upper / lower case, special characters and numerals • Different from the previous passwords • Not a dictionary word; not based on your name • Changed frequently
But a key lesson… • …from psychological research Chunking theory states that 5 ± 2 chunks is the limitof the human working memory
Security Implications… • …of this theory • Simpler passwords • Users write the passwords down • Use same passwords across sites
Strategies for creating… • … a securePassword Let us hear some thoughts from the audience
Which of these… • … passwords is better? Option A: sumit1 Option B: J&Jw^th2fapoH2O
Using Mnemonics… • … to create secure passwords? Jack &Jill went up the hill to fetch apail of water= J&Jw^th2fapoH2O Account Specific Passwords: Gmail: J&Jw^th2fapoH2Oma Linkedin: J&Jw^th2fapoH2Oin Twitter: J&Jw^th2fapoH2Owi Facebook: J&Jw^th2fapoH2Oac
If your password is hard… • …what else can the hackers try? Now where can a malicious attacker get such informationfrom?
If your password is hard… • …what else can the hackers try? Information leakage via Social Media
Social Media didn’t work… • …what next?
Social Media didn’t work… • …what next? Phishing Attempt to acquire usernames, passwords or credit card details by masquerading as a trustworthy entity
Worst Case Scenario… • …installing malware on your PC • Malware can: • Track everything you do on your computer • Log every keystroke (including your passwords) • Activate your computer’s video cam without your knowledge • Take periodic screen shots of your system; transfer your files
Can you access my… • … Gmail if you have my password? Yes or No?
Can you access my… • … Gmail if you have my password? User Name: gbsinfosec.demo Password: gbs.bcp.team
Enhance your security… • …enable dual authentication! • Visit: http://accounts.google.com/SmsAuthConfig and setup dual authentication • Similar features available for Facebook and many other sites