Computer Security: Attacks
How can a computer be attacked?
- Ransomware
- Plug-ins, Add-ons, Extensions
- Social Engineering
Describe things that a typical user can do to increase their computer security.
- Use different passwords for different accounts
- Use a good-length password
- Use a mix of upper-case letters, lower-case letters, numbers, and punctuation
- Use a passphrase
- Use a password manager
- Keep your software updated
- Use multi-factor authentication
- Use anti-virus or anti-malware software
- Don’t click on email links you don’t trust
- Watch out for phishing
- Use a script blocker which disables/blocks JavaScript when surfing the web
TRUE OR FALSE: Living in the age of the internet affects your privacy
TRUE
Why might we want to be cautious about installing Add-Ons, Plug-Ins, or Extensions to our web browser?
If you install an untrustworthy plug-in, add-on, or extension, you could compromise your web security and accidentally grant access to your private information.
How do services protect their users from attacks?
- Multi-Factor Authentication
- Asymmetric Encryption
TRUE OR FALSE: Most companies provide services that are ENTIRELY free to use with no catches.
FALSE
What is Ransomware?
A type of computer attack that encrypts (or locks) your computer’s hard drive and asks for payment to decrypt (or unlock) your information.
What is multi-factor authentication?
When you’re logging into a website, in addition to knowing your name and your password, there is an additional requirement.
TRUE OR FALSE: Companies are NOT allowed to sell users personal information/data, even with the user's consent
FALSE
What is Social Engineering?
A type of computer attack where the attacker targets the weakest link: the human!
When someone encrypts a message with a public key, but it can only be decrypted with a private key.
What is the famous phrase that privacy advocates point out?
"You're either a Customer or a Product"
What are some examples of Social Engineering?
- Calling tech support and pretending to be somebody else to get information to hack into that somebody else’s account
- Phishing! (Cat-fishing but for hacking) Sending out emails/texts pretending to be a company so that the recipients enter their account information/passwords.
Give an example of what Asymmetric Encryption (also known as Public Key/Private Key) might be used for.
To send secure emails so only people with the private key can see it.
What does the phrase “You’re either a Customer or a Product” refer to?
- If you’re paying to use a company’s service, you’re a customer.
- If you’re using a company’s service for free, that company’s problem selling your information/data, you’re a product.