Hacking

1
Hacking Phishing Passwords Sourendu Gupta (TIFR)
2
Computer security why?

• Hackers with access to your account will break
  laws and the consequences will be yours.
• Break-ins first result in machines being infected
  and sending millions/billions of messages
  closing down the network and causing our system
  to be black listed.
• Intruders may destroy data scientific, pay roll
  ...
• Hackers may launch attacks from your machine on
  more sensitive installations banks, defence

3
What can you do about hacking?

• System administrators all over TIFR are required
  to safeguard you from hacking.
• ...but only if you take commonsense precautions
  inspect login messages to see your last login
  date and time, close sessions and log out if you
  don't plan to use a session again very soon
• If you administer your own machine, such as a
  laptop, ask a system administrator for tips.
• Be aware of social hacking tricks like phishing

4
Varieties of social hacking

• Social hackingconfidence tricking to get
  sensitive information (passwords, PINs, ...)
• Identify sensitive information and refuse to give
  it without checking back face to face or over a
  channel known to you independently.
• Refuse free goodies unless trusted sources have
  used it for some time downloads from the net,
  used memory sticks
• Most emergencies are concocted. Check back.

5
What can you do?

• Your passwords are secret. Do not give them away.
  Legitimate users and system administrators never
  ask for your password.
• Choose strong passwords explained next
• Choose a different password for every
  application. How do you remember so many
  passwords? Answer coming up in 2 slides
• Log out of every application when you leave a
  public terminal

6
What can you do?

• Your passwords are secret. Do not give them away.
  Legitimate users and system administrators never
  ask for your password.
• Choose strong passwords explained next
• Choose a different password for every
  application. How do you remember so many
  passwords? Answer coming up in 2 slides
• Log out of every application when you leave a
  public terminal

7
What is a strong password?

• Not silly ones like tifr123 or abcd1234. Don't
  try to be clever and use the password password.
  Never use personal information that can always
  be found out.
• Use random combinations of any character that you
  have on the keyboard gH5(?/qP
• You can use dictionary words, but intersperse
  them with some odd characters cA-nuS3e or
  y5OuCa.n

8
How do you remember passwords?

• High tech solution your browser can remember
  passwords for you. Then lock the set using a
  single strong password
• High tech solution use ssh keyrings to store the
  passwords that you need often. Encrypt this using
  a single strong password
• Low tech solution use the same security that you
  use for your money keep them in your wallet or
  lock it up in a drawer. But encrypt them before
  writing them down.

9
Main points to remember

• You are liable for crimes committed in your name
  so protect your identity from theft.
• In cyberspace protect your passwords. They must
  be secret, strong and all different. System
  administrators never ask for your password.
• Be suspicious of all attempts to get personal
  information by email or phone. Check back with
  legitimate persons immediately.