Lecture # 34

Privacy and Security

Privacy and Security

Privacy and Security

• Passwords • Spam• Scams• Viruses and Worms (Malware)• Intellectual Property and Copyright• Cookies• Encryption• Back-Ups

Passwords

• Password Break-ins: Try all possible strings in lexicographic order (but software usually limits the # of times)

• Passwords are scrambled/encrypted, so if you forget, you have to reset

• Use a phrase vs. word

• Make it personal and use characters like

@, $, # …

• Change and recycle passwords for security

Spam

• Unsolicited Email (but check, maybe you did solicit it)

• Spam Filters:

- Don’t “understand” messages

- Trainable: Mark undesirable email as Spam/Junk.

- Use heuristics based on message characteristics

“Bag of Words” techniques (like image search)

- Compute Spam “Score”: If greater than some thresh-

hold, quarantine the message

Scams

• Scam Spam: Attempts to Defraud

- Identity Theft

- Access your accounts (bank, computer)

- The “Nigerian Widow” – play on sympathy

“Need your money to secure a ‘deal.’”

• Phishing: Attempts to capture personal info, looks authentic

- SSN, Bank account #, password, etc.

“In order to continue service we need …”

Scam Spam Example

• Phishing and Spoofing use bogus links, log-ins

• Reputable companies never ask for sensitive info by email

• Don’t click on links if you suspect phishing

Viruses and Worms (Malware)

• Virus: A program, V, that “infects” another program, P, by imbedding a copy of itself in P. Running infected P allows V to make copies of itself and infect (and possibly damage) other programs as well

Example: A Trojan virus may hide itself in other programs, recording keystrokes, passwords, etc.

• Worm: A program that makes copies of itself, “tunneling” across the network

Viruses and Worms (Malware)

• Do not click on attachment or links without verifying it is from a trusted source. Even then be cautious: Friends may unwittingly pass along Malware

• Be especially cautious of .exe files. Is there a reason why someone is emailing you an .exe file?

• Malware can then send email and attachments to those in your address book

• “Bots” = Malware programs that pretend to be humans visit Facebook, etc., post notes, URLs to update soft- ware that is actually Malware• Install and use up-to-date anti-virus software (Some Malware says “You have a virus, click here, and download this anti-virus software and then … Shazam!)

Intellectual Property and Copyright

• Intellectual Property: Any human creation (photos, music, books, artwork, computer programs, etc.)

• You automatically own the copyright of what you create in the U.S. and most other nations. That copy-”right” includes:

- making a copy of the work - using it as a spring-board for other work - publishing or distributing it, physically or electronically - performing or displaying the work• If you don’t own the copyright you are free to: - view, read or listen to it (if its in the public domain) - use for educational purposes: limited quoting, review - access it for “Fair Use” (What use? How used? How much will be used? Market effect?) – Consult an expert.

Privacy and Property

• Do you own the work, information, images, music, phone number lists, etc?• If you are in business, do you have the right to use customer information (names, addresses, phone numbers, personal info, etc) for anything beyond the transaction? (i.e. Re-using, remarketing, a customer’s personal info. usually requires the customer’s approval.)• U.S. and Europe have laws to protect privacy. China does not.• You are responsible for maintaining and securing the privacy of information for which you are responsible. The government has no obligation to do this for you.

Cookies

• Cookie: A record with multiple fields, stored on the client’s computer, that uniquely identifies a client’s session on a website.• The server can ask to see your Cookie when you go to that website. This can tell them you are the same user from page to page as you browse the web.• You can - turn off cookies altogether - require the server to ask each time it wants to see your cookie - accept all cookies

Encryption

• Encryption: encodes data so that it is not readable or recognizable without a “key”

• Used to safely pass sensitive information over the internet and/or through email

• Use Encryption algorithms and keys that are hard to break

• Decryption: Reverses the Encryption

Encryption Example

• Pass the secret message/info “Hi” using an XOR “key”

• In ASCII

“Hi” = 72 105 =

• Encryption Key: 1 1 0 1 1 0 1 0 0 1 1 0 1 0

• Encrypted Message: 0 1 0 0 1 0 1 1 1 1 0 0 1 1

• XOR: 0 0 1 1 % s 0 1 0 1 0 1 1 0

1 0 0 1 0 0 0 1 1 0 1 0 0 1

Encryption

• The “key” is to have the Encryption key 1 1 0 1 1 0 1 0 0 1 1 0 1 0 held privately on each computer – never passed over the internet – or if it is, encoded in some way

• To break the code, you must have the key

• The stronger the key, the better the Encryption

• Many possibilities/algorithms for encrypting (not just XOR)

• Public key rely on large prime numbers

Back-Ups

• Lots of redundancy (multiple copies) is a big key

• Do automatically – daily, to keep changes – or whatever the cycle is that defines what you cannot afford to lose

• Can set up a script or batch file to do this automatically

• Date Back-ups. Restore most recent one first.

• Keep in separate locations (fire, floods, etc.) (Give copies of precious information – photos, journals, etc. to other family members)