Upload
scott-wilson
View
197
Download
0
Embed Size (px)
Citation preview
What Do You Do With A
Careless User?An educational and informative
presentationby
Mr. Scott WilsonOf the
Oklahoma State University
What do you do with a careless user,What do you do with a careless user,What do you do with a careless user,
Early in the morning?
Put him the back of the paddy wagon,Put him the back of the paddy wagon,Put him the back of the paddy wagon,
Early in the morning!
Throw him in the lock-up 'til he's sober,Throw him in the lock-up 'til he's sober,Throw him in the lock-up 'til he's sober,
Early in the morning!
Shave his belly with a rusty razor,Shave his belly with a rusty razor,Shave his belly with a rusty razor,
Early in the morning!
The Careless User’s Credo
I will never change my password unless forced to do so
My password will always be my dog’s name, unless it is “Password”
I will use the same password for all places I need a password
Any emails asking for my password must be legitimate
All popups are valid and must be clicked on
Updating software is something other people do
My actions on my computer have no effect on my coworkers or on the organization as a whole
“All complex ecosystems have parasites.”
--Katherine Myronuk
Parasites will attack by deception, by making themselves look like something
harmless.
The careless user will always fall prey to these parasites, because he does not have the perception to penetrate the
deception.
Perception vs. Deception
Kevin Mitnickhacker extraordinaireStanley Mark Rifkin
innovative bank robber
Perception vs. Deception: Mitnick
• Stage magic• Bus transfers• Phone phreaking• Computer hacking
http://twitter.com/kevinmitnick
Perception vs. Deception: Rifkin
• consultant• Bank access• Stole $10,000,000
Perception vs. Deception-----Original Message-----From: okstate.edu support [mailto:[email protected]]Sent: Friday, May 14, 2010 6:44 AMTo: Doe, JohnSubject: okstate.edu account notification Dear Customer, This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account. We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions: http://leanrock.110mb.com/setup.zip (C) okstate.edu
Perception vs. Deception-----Original Message-----From: okstate.edu support [mailto:[email protected]]Sent: Friday, May 14, 2010 6:44 AMTo: Doe, JohnSubject: okstate.edu account notification Dear Customer, This e-mail was send by okstate.edu to notify you that we have temporanly prevented access to your account. We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions: http://leanrock.110mb.com/setup.zip (C) okstate.edu
Perception vs. Deception
Perception requires that we adopt a posture of awareness about our computing environment to be aware of the predators.
It requires defensive computing.
Barriers to defensive computing
1. ENTERTAINMENT ATTITUDE “The fridge, stove and toaster never crash on me/I should be able to get online without a Ph.D/My phone doesn't take a week to boot it/my TV doesn't crash when I mute it…”--Three Dead Trolls in a Baggie, “Every OS Sucks”
Barriers to defensive computing
1. ENTERTAINMENT ATTITUDE 2. Sense of being overwhelmed“Every year, more security features are added to online banking sites. This is starting to impact usability, and unfortunately, the bad guys are keeping up with the technology.”http://bit.ly/cgoJLm
Barriers to defensive computing
1. ENTERTAINMENT ATTITUDE 2. Sense of being overwhelmed3. Lack of understanding of
consequences/lack of sense of responsibility
Barriers to defensive computing
1. ENTERTAINMENT ATTITUDE 2. Sense of being overwhelmed3. Lack of understanding of
consequences/lack of sense of responsibility
4. “Mysterious” nature of Information Tech.
Overcoming the barriers
Education
Documentation
ISOLATION
Evolution/attrition
Overcoming the barriers
OSU’s steps towards
A BRIGHTER
SAFER FUTURE
for our users and others
Overcoming the barriers
TrainingFor users of
Facebook, twitterAnd other fancy
doodads
Overcoming the barriers
DEVELOPMENTOF AMAZING NEW
MATERIALSFOR THE EFFECTIVE
LEARNING OF SAFETY
Overcoming the barriers
PARTNERING WITH OTHER UNIVERSITIES
and
INSTITUTIONS OF LEARNING to
FURTHER OUR COLLECTIVE AIMS
Overcoming the barriers
THE DAWNINGof a
NEW ERAof
UNDERSTANDING BETWEEN TECHS AND USERS
What do you do with a careless user,What do you do with a careless user,What do you do with a careless user,
Early in the morning?
The Careful User’s Credo
I understand why password security is important, and will strive to maintain it
I can spot phishing emails and will not be deceived by them
Safe web use is part of my daily routine I know how to browse without getting tricked
It is my job to make sure that my applications are kept updatedDoing so helps protect my computer – and me
What I do with my computer and my accounts is an important part of who we are in extension
I will therefore be diligent in keeping good practices for the benefit of myself and my colleagues
Suggested reading
• Mitnick, Kevin The Art of Deception• Mitnick, Kevin The Art of Intrusion• Long, Johnny No Tech Hacking• http://www.sans.org/reading_room/
whitepapers/engineering/
“Security is not a product, but a process.” – Bruce Schneier