Computer Science 1
Computer Science 1
Embedded Files
Keeping things Secure:
Passwords, p2
Keeping things Secure:
Passwords, p2
Today's Goal
Today's Goal
Learn about password safety & storage
Opportunities to be aware of:
Dec 19th // Amazon Future Engineer Scholarship Due
Jan 7th // NSA Codebreaker Challenge Due
Completed
Encryption vs Encoding
Revisit Info Theory Concept
About Control Flow
Flux
Today
Passwords & Security
Upcoming
Quiz eventually
Passwords
Passwords
Five Easy Ways to Stay Safe Online
Five Easy Ways to Stay Safe Online
1-5c-safe-online.mp4Single Point of Failure
Single Point of Failure
In general, the biggest security risk in a password system are the people involved- not the system itself. This includes using the same password across multiple systems.
There are many reasons why users might reuse the same password for every site or service they visit, with the most obvious being that it is simply easier to remember one password than it is to remember many different passwords. It is common sense. But it is also highly insecure.
The problem is that a password is meant to be a secret credential that you use to identify yourself to someone else. This method of authentication relies on the basic assumption that there is a one-to-one relationship between knowing the password and having the right to access an account. That is, in theory, only the owner of an account can provide the secret piece of information (i.e., the password) that can confirm the individual's identity.
Let's say you use the same password for your school email, your Instagram, and your Netflix. Now, three different parties all know the same information that, in theory, only you should know. Let's say Instagram gets hacked, and your password get's released... and you aren't aware.
In short, by reusing the same password with more than one service, you've undermined the security of your password on all three — all in the name of making it easier for you to remember. This is flawed thinking.
At the end of last class, we saw a short video of advice from a former hacker from the NSA; the National Security Agency of the US Government. Let's see a short video with Pablos Holman, inventor of more than 70 patents, and is one of the most renowned hackers in the world. He has led a wide variety of futuristic invention projects to solve problems on a worldwide scale, including: a fission reactor powered by nuclear waste, was one of the original minds building spaceships at Blue Origin with Jeff Bezos, and he created the first 3D printer to ever print food. In 2019, he appeared as a featured expert throughout the critically acclaimed documentary, “Machine”.
dangers-passwords-security.mp4In theory, if your password is strong, it shouldn't matter, right? However, it isn't just about the strength of your password, but also about the security of Facebook, Instragram, TikTok, and wherever else you are using your password. You only need one of them to have poor security practices for your password to be out there in the wild.
You might be thinking, "these are big companies, they wouldn't have any security issues". Unfortunately, just because its a big company doesn't mean it doesn't have security flaws. Facebook had a breach of more than 500 million accounts in 2019. First American Financial had a breach of almost 900 million accounts also in 2019. In 2018, Marriot hotels had a breach of 500 million accounts. In 2017, Equifax had a breach of more than 600 million accounts. Yahoo has had multiple security breaches of more than 3 billion accounts total. US Voter data of almost 200 million americans in 2017. Adobe had a data breach of more than 150 million accounts. Playstation has had data breaches of more than 50 million accounts. In 2021, data from over 60,000 companies serviced by Microsoft was breached. Of course, there are more, these are just some of the big ones I'm pointing out here.
Once passwords are leaked, hackers will often include them in giant lists of known passwords in attempt to get into other people's accounts.
pwnd-c.mp4NOTE: In case its not obvious, this is partially why you shouldn't use the same password everywhere.
TASK, Part 1
TASK, Part 1
Check out Have I Been Pwned.
After seeing the video explanation from computerphile, you can decide if you feel safe putting in any current passwords. If you don't feel comfortable with it, then try putting in some passwords that you don't use anymore.
You can also see if your email address is in any leaks instead of a password- although I think the password check is more useful.
See if they're in the databases of leaked passwords or accounts.
Write down your thoughts in today's document
Digital Snoops... for good?
Digital Snoops... for good?
Just as criminals are interested in methods to hack technology and gain access to people's data, so to are governments, police, and security specialists. Technology and cyber security is an arms race, a constant struggle between those wanting to take advantage of others, and those wanting to protect others.
In the video below, Christopher Domas walks a bit about his work. He leads offensive security research teams at Intel, and specializes in reverse engineering, processor exploitation, and automated firmware analysis.
ted-cyber-weapon.mp4Starting Young
Starting Young
In 2019, at the age of 19, Santiago Lopez (try_to_hack) from Argentina was the first on HackerOne to earn more than $1 million in bounties. Santiago Lopez is what's referred to as a white hat hacker. Instead of taking advantage of people with his hacks, he tells the company how he was able to hack the system. The company can fix this security issue, which saves them from potential lawsuits, loss of trust from their user base, as well as potential damage or loss of data that a hack could cause. For this, they pay him.
Lopez started reporting security weaknesses to companies through bug bounty programs in 2015 on HackerOne. He has reported over 1,600 security flaws to companies including Twitter and Verizon Media Company, as well as private corporate and government initiatives.
bug-bounty-santiago.mp4Marcus Hutchins is another well known young hacker. However, his teenage years were a bit more problematic. Hutchins had not intended to commit any major crimes, instead, he just participated in online hacking communities because he wanted to learn. He wasn't so interested in good or bad, just in his own personal gain- knowledge and a bit of money.
Originally, he was thinking he was just creating tools that might let people get into people's Facebook, or other social media accounts. As the tools became more and more advanced- he felt these tools could help hackers gain access to people's bank accounts and other financial accounts. He stopped participating in these projects, but much of the code in a powerful hacking tool was his, and was based around his code.
In working with others in these online hacker communities, he had helped write a significant amount of code that was used in hacker tools that could be used to log user's keyboard input, steal passwords, and inject content into other websites. Due to this, he was responsible for contributing to a major piece of hacking software that did a lot of harm. In 2017, he was arrested by the FBI and charged for six hacking-related federal crimes.
Today, Hutchins is a British computer security researcher known for stopping the WannaCry ransomware attack, and is employed by cybersecurity firm Kryptos Logic.
If you are interested in Cyber Security and ethical hacking, consider the Networking & Cyber Security courses at Guthrie (you have to take CS2 next year first).
TASK, Part 2
TASK, Part 2
What are your thoughts on ethical hacking?
Would you be interested in a career related to ethical hacking?
Page updated
Report abuse