If you have an email ending in @hotmail.com, @live.com or @outlook.com (or any other Microsoft-related domain), please consider changing it to another email provider; Microsoft decided to instantly block the server's IP, so emails can't be sent to these addresses.
If you use an @yahoo.com email or any related Yahoo services, they have blocked us also due to "user complaints"
-UE

How to use computer

edited 2015-08-16 22:55:38 in Webspace
Creature - Florida Dragon Turtle Human
I've probably posted this before, but this is always entertaining to snark about.

1. TRUE or FALSE:  You just received a brand new computer and it has anti-virus software installed.  It is now safe to use on the Internet.
a) True. They wouldn't sell me something unsafe.
b) False. I need to make sure both my anti-virus software and operating software are up to date.


c) Install Linux.

2. Phishing uses deception as a means to obtaining your sensitive information.  Which of the following entities has not been used in a Phishing attack thus far:
a) eBay
b) IRS
c) Help Desks/Support Centers of universities and colleges
d) The Weather Channel


*cue Weather Channel phishing links to downloadable weather apps containing trojans*

3. If you receive [a second internet use copyright infringement notice] from the university’s Copyright Resources Office, you should:  (Choose 3)
a) Simply stop the behavior and do nothing else.
b) Meet with the Head of the Copyright Resources Office.
c) Change my network password in case it was compromised.
d) Delete any file sharing software from my computer and check my computer for malware.


e) move to Sweden, or Sealand

4. Phishing attacks attempt to obtain your sensitive data.  The best way to combat Phishing is to:
a) Click on the embedded link to see if it takes me to the company’s website
b) Delete a suspicious email and then visit that business’ main URL address by typing it out directly into my browser.
c) Keep a copy of any information I send out
d) Erase my hard drive


d) NOW THERE'S NOTHING FOR THEM TO STEAL!  NOTHING!!

5. Computer attacks are very common these days.  What hacker strategy relies upon the trusting nature of people and the art of deception to gain access to sensitive information?
a) Social Engineering
b) Fraud
c) Phishing
d) Dumpster Diving


They wanted a), but technically c) is also true.

6. Always use caution when clicking on a link or opening an attachment (as these can be compromised).  What should you consider before clicking on a hyperlink in an e-mail?
a) I love clicking on links, all links! However, I'm still waiting on my free iPad from that survey I filled out a couple weeks ago...
b) As long as the message I received says that a link is safe, it must be, right?
c) If the link looks suspicious, verify with the sender that it is legitimate. Then type the link directly into your browser instead of clicking on it.
d) What's a link?


d) is my favorite answer in the entire quiz.  It would be a), but d) tops that.

7. Of the following choices, which wireless technology commonly used in most home and business networks provides the most security?
a) Bluetooth
b) Wireless Encryption Protocol (WEP)
c) Wi-Fi Protected Access II (WPA2)
d) Microwave communications


d') sitting in a Faraday Cage

8. A firewall can prevent unauthorized or unwanted connections between networked computers.  What can a firewall protect against?
a) Viruses
b) Malicious downloads from a web site
c) An internet based hacker connecting to files shared from your computer
d) Electrical fires


a') Bacteria
d') The manufacturer refusing to repair a product under warranty

9. Which of the following is true regarding public wireless access points or hotspots? (Choose one.)
a) Data flowing through a public wireless access point is always encrypted.
b) My system is invisible to other systems sharing the public access point.
c) Others may be able to "sniff" or view the data exchanged between my laptop and the public wireless access point.


Technically, anytime you use any connection, someone else has got to be able to see it because they've got to transport it to your destination.  Though encryption can somewhat mitigate the risk of that someone getting useful information out of it.

10. One security risk to be aware of is software that appears to perform desirable functions, but in fact, steals information or harms the system.  A program in which malicious or harmful code is contained inside apparently harmless programming or data is called a:
a) War dialer
b) Spam trap
c) Trojan horse
d) Email


d) is runner-up for best answer in the quiz.  a) is just...I have never even heard of that before.  But..."war dialer"...that sounds like a fun name.

Comments

  • edited 2015-08-16 23:23:34
    a little muffled
    Wouldn't phishing qualify as both social engineering and fraud anyway?

    Also as silly as some of this stuff is, none of the information in there seems to be outright wrong and at least some of it might be legitimately helpful to someone. Like I think a lot of people really are of the mindset that "my computer came with McAfee so I'm safe".
  • Creature - Florida Dragon Turtle Human
    New quiz!

    Forgot to copy/paste the first two questions but they weren't particularly funny.  One was about what phishing can do to you, and the second was about whether IT security is a tech issue or everyone's business.

    Question 3 (out of 10):

    Malware is software designed to access or harm a computer without the owner's consent.

    You receive an e-mail message from someone you know with the Subject Line 'Here it is'.  It contains only an attachment using a generic name like "draft.doc." What do you do?

    Open the attachment just to see what it says.
    Save the attachment to your hard drive and open it later.
    Contact the sender to determine if he or she created the attachment.


    Technically if you really wanted to determine whether something is malware, you fire up a virtual machine, download the attachment using that, and then play with the file there.

    Question 4 (out of 10):

    TRUE or FALSE:  Criminals use e-mail and instant messaging to try to obtain your sensitive and personal information.

    True
    False

    True, also boring question because I can't snark about this.

    Question 5 (out of 10):

    Standard e-mails can be intercepted.

    If you must use e-mail to send and receive private information (e.g. medical data, salary information, social security numbers, reset passwords), what extra step should you take?

    Put all of the information in one large message before sending it to reduce the chance that it will fall into the wrong hands.
    Encrypt the information, making it password protected, before sending it. This is the safest means for sending private information electronically.
    Put the information in many small messages so that only a small amount of information will be exposed if compromised.


    The standard response is probably the second one, but if you truly wanted to keep something secure, you'd use a combination of the second and third procedures, PLUS using a cypher that you know the other side uniquely knows, PLUS misinformation.  For example, I can encode my social security number using your social security number by specifying a mathematical expression of the difference between the two.  Then, I can send this quantity in multiple pieces, also to be combined mathematically.  Each piece can be disguised as being an amount in currency or other units.  The units can be used to specify whether each quantity should be added or subtracted.  And so on.  And since units will be used, conversions from other units could also be added.

    Question 6 (out of 10):

    Computer security is an ongoing issue and everyone needs to be vigilant.

    What are the three most important things you can do to keep your computer safe and secure?  (Choose 3)

    A. Turn on Automatic Updates for operating systems and programs.
    B. Turn on your computer's built-in firewall.
    C. Install anti-virus software.
    D. Get a new mouse.


    *shakes fist at Central Avenue*

    Question 7 (out of 10):

    Users with "elevated privileges" can install software on their computer. If you have "elevated privileges" you should always use caution when you see a message that says "OK to install?" or something similar. When might you see such a message?

    When I check my e-mail.
    When I send an e-mail.
    When I visit an Internet site.
    When I use a map to get directions.


    Technically you could be using a mapping app that has bundled malware...or you could be logging onto a phishing site to check your e-mail...

    Question 8 (out of 10):

    A strong password protects your computer. It is a complex set of characters that makes it difficult for someone to steal or guess.  Which one of the following is a strong password:  (Choose one)

    Administrator
    One234
    My Account
    $jelF2bb
    My dog's name

    The fact that you've put these up here in plaintext means that NONE of these are.

    Question 9 (out of 10):

    Phishing uses deception as a means to obtain your sensitive information.  Which of the following entities has not been used as fake source in a phishing attack thus far:

    eBay
    IRS
    Help Desks/Support Centers of universities and colleges
    None of the above

    The previous version of this question had "The Weather Channel" as the last choice.

    I wonder if something happened.

    Question 10 (out of 10):

    Always use caution when clicking on a link or opening an attachment, as these can contain malware, a program intended to do damage and harm to your computer and to collect your personal information.  What should you consider before clicking on a link in an e-mail?

    Just clicking on link is always safe.
    As long as the message I received says that a link is safe, it must be OK, right?
    If the link looks suspicious, verify with the sender that it is legitimate. Then type the link directly into your browser instead of clicking on it.
    All links are safe because they are on the Internet.

    These are actually not as lulzy as the choices for the previous version of this question.

  • Question 5 (out of 10):

    Standard e-mails can be intercepted.

    If you must use e-mail to send and receive private information (e.g. medical data, salary information, social security numbers, reset passwords), what extra step should you take?

    Put all of the information in one large message before sending it to reduce the chance that it will fall into the wrong hands.
    Encrypt the information, making it password protected, before sending it. This is the safest means for sending private information electronically.
    Put the information in many small messages so that only a small amount of information will be exposed if compromised.


    The standard response is probably the second one, but if you truly wanted to keep something secure, you'd use a combination of the second and third procedures, PLUS using a cypher that you know the other side uniquely knows, PLUS misinformation.  For example, I can encode my social security number using your social security number by specifying a mathematical expression of the difference between the two.  Then, I can send this quantity in multiple pieces, also to be combined mathematically.  Each piece can be disguised as being an amount in currency or other units.  The units can be used to specify whether each quantity should be added or subtracted.  And so on.  And since units will be used, conversions from other units could also be added.



    That's...just a really lame form of encryption, and is easily defeated.

    Use an existing encryption algorithm. The computer can obfuscate information better than you can. If you use a strong algorithm (SHA-256 is favored), the data is effectively impossible to decrypt without the key, rendering all your silly extra steps unnecessary.
  • Creature - Florida Dragon Turtle Human
    That's...just a really lame form of encryption, and is easily defeated.

    Use an existing encryption algorithm. The computer can obfuscate information better than you can. If you use a strong algorithm (SHA-256 is favored), the data is effectively impossible to decrypt without the key, rendering all your silly extra steps unnecessary.

    The point of my encryption ideas is not to substitute for technical encryption means.

    The point is how to use extratechnical means to introduce more security, or to introduce security when technical means are not available.

    They're only easily defeatable if you know the right pieces of information, but then again, one can say the same thing about technical security.  Now, you could argue, the non-technical means use pieces of information that are longer-lasting and thus more easily discoverable, true.  But then that also depends on whether you are expecting to be snooped or not.  If you are, then the non-technical means I mentioned are less likely to be useful, since you probably have some sort of government spy agency following everything you do already.  But if you are not, then simply splitting information up into multiple channels actually does have a benefit in case one e-mail account or other information channel gets compromised, so identity thieves are less likely to have enough information about you to be able to fuck up your shit.
  • @GMH

    Using your methods in addition to encryption is, well...a bit like locking your valuables in a secure bank vault and then adding a dollar-store padlock.

    Encryption is a controversial topic for a reason. It took the FBI several months and consultations with several infosec professionals to get into a single iPhone. If you're up against someone with that level of resources at their disposal, any other methods you might apply are basically worthless.

  • It didn't help that Clipper got hacked, like, immediately.
  • edited 2016-07-30 15:14:39
    Creature - Florida Dragon Turtle Human
    Using your methods in addition to encryption is, well...a bit like locking your valuables in a secure bank vault and then adding a dollar-store padlock.

    Encryption is a controversial topic for a reason. It took the FBI several months and consultations with several infosec professionals to get into a single iPhone. If you're up against someone with that level of resources at their disposal, any other methods you might apply are basically worthless.



    It's more like locking my valuables in a secure bank vault, then taking that bank vault outside into the middle of a large forest, digging a hole to the bedrock, chaining it to the bedrock, and covering the hole very well to leave no trace.

    If someone is targeting me specifically, then yeah, they're going to come with a GPS, backhoes, and chainsaws to dig up the vault and such.  But someone who isn't targeting me specifically, but is trying to gather information about people in general, if they accidentally come into knowledge of my bank vault's combination code, attempt to go to the bank, not find it there, and then move on.

    I think the difference we're talking about is whether we're more concerned about the government (or a similarly resource-rich entity) targeting us specifically to collect intel, or identity thieves (or for that matter the government) doing sweeping data collection and getting something about us out of that.
Sign In or Register to comment.