270 likes | 421 Views
Computer and Information Security. Protecting yourself and your clients in the wild and wooly online world. To protect your computer and information assets…. …buy a Mac!. The End. Mac Hacked Via Safari Browser in Pwn-2-Own Contest.
E N D
Computer and Information Security Protecting yourself and your clients in the wild and wooly online world
Mac Hacked Via Safari Browser in Pwn-2-Own Contest • A zero-day vulnerability … Macaulay pwned the Mac by sending it an e-mail that directed a user to a malicious site. Upon visiting the site, the user … was infected with malware, without clicking on anything within the site. -- eWeek Security Watch
Vectors for getting “pwned” • Physical access • Theft • Seizure • Attack of opportunity • Network access • Browsing the Web • Using email • Using a wireless connection • …
Physical protection • Leave sensitive information at home • Separate data from hardware • Use encryption • Use strong passwords • Eliminate sensitive information • Log out when not using
Cracking passwords • Single word found in dictionary: ~ 1 s • Example: “translator” • 7 random lowercase letters: ~ 45 m • Example: “uklahva” • 10 random characters: ~ 632,860 years! • Example: “4pRte!ai@3” • (With Moore’s Law: 30 years) Source: Wikipedia (Password strength)
Internet & email • Cross-site scripting (XSS) • Phishing (social engineering) • Viruses • …
On a network: batten the hatches • Filter • Block • Ignore
Firefox • Safer • Cross-platform • Free/Libre • Add-ins • All the cool kids are using it!
Vital Firefox Add-ins • Web of Trust • NoScript
Web of Trust • Warns users about risky websites that try to scam visitors, deliver malware, or send spam.
NoScript • Allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice.
Safer Email • View email as plain text • Beware of phishing • Spam filtering
SpamBayes • http://spamassassin.apache.org/ • http://spambayes.sourceforge.net/ SpamAssassin
Stay Safe! • http://ginstrom.com/ijet-19/