Transcript PowerPoint file from slides

Computer and
Information Security
Protecting yourself and your
clients in the wild and wooly
online world
To protect your computer and
information assets…
…buy a Mac!
The End
Mac Hacked Via Safari Browser
in Pwn-2-Own Contest

A zero-day vulnerability … Macaulay
pwned the Mac by sending it an e-mail
that directed a user to a malicious site.
Upon visiting the site, the user … was
infected with malware, without clicking on
anything within the site.
-- eWeek Security Watch
Vectors for getting “pwned”

Physical access
 Theft
 Seizure
 Attack

of opportunity
Network access
 Browsing
the Web
 Using email
 Using a wireless connection
…
Physical protection
Leave sensitive information at home
 Separate data from hardware
 Use encryption
 Use strong passwords
 Eliminate sensitive information
 Log out when not using

Cracking passwords

Single word found in dictionary: ~ 1 s
 Example:

7 random lowercase letters: ~ 45 m
 Example:

“translator”
“uklahva”
10 random characters: ~ 632,860 years!
 Example:
“4pRte!ai@3”
 (With Moore’s Law: 30 years)
Source: Wikipedia (Password strength)
Network vulnerabilities
Internet & email
Cross-site scripting (XSS)
 Phishing (social engineering)
 Viruses
…

On a network: batten the hatches
Filter
 Block
 Ignore

Internet
Firefox
Safer
 Cross-platform
 Free/Libre
 Add-ins
 All the cool kids are using it!

Vital Firefox Add-ins
Web of Trust
 NoScript

Web of Trust

Warns users about risky
websites that try to scam
visitors, deliver malware, or
send spam.
ginstrom…
warez…
NoScript

Allows JavaScript, Java, Flash
and other plugins to be executed
only by trusted web sites of your
choice.
Scripts from
15 sites!
Safer Email
View email as plain text
 Beware of phishing
 Spam filtering

Example: MS Outlook
SpamBayes

http://spambayes.sourceforge.net/
SpamAssassin

http://spamassassin.apache.org/
Stay Safe!
 http://ginstrom.com/ijet-19/