It looks like you're new here. If you want to get involved, click one of these buttons!
1. TRUE or FALSE: You just received a brand new computer and it has anti-virus software installed. It is now safe to use on the Internet.
a) True. They wouldn't sell me something unsafe.
b) False. I need to make sure both my anti-virus software and operating software are up to date.
2. Phishing uses deception as a means to obtaining your sensitive information. Which of the following entities has not been used in a Phishing attack thus far:
a) eBay
b) IRS
c) Help Desks/Support Centers of universities and colleges
d) The Weather Channel
3. If you receive [a second internet use copyright infringement notice] from the university’s Copyright Resources Office, you should: (Choose 3)
a) Simply stop the behavior and do nothing else.
b) Meet with the Head of the Copyright Resources Office.
c) Change my network password in case it was compromised.
d) Delete any file sharing software from my computer and check my computer for malware.
4. Phishing attacks attempt to obtain your sensitive data. The best way to combat Phishing is to:
a) Click on the embedded link to see if it takes me to the company’s website
b) Delete a suspicious email and then visit that business’ main URL address by typing it out directly into my browser.
c) Keep a copy of any information I send out
d) Erase my hard drive
5. Computer attacks are very common these days. What hacker strategy relies upon the trusting nature of people and the art of deception to gain access to sensitive information?
a) Social Engineering
b) Fraud
c) Phishing
d) Dumpster Diving
6. Always use caution when clicking on a link or opening an attachment (as these can be compromised). What should you consider before clicking on a hyperlink in an e-mail?
a) I love clicking on links, all links! However, I'm still waiting on my free iPad from that survey I filled out a couple weeks ago...
b) As long as the message I received says that a link is safe, it must be, right?
c) If the link looks suspicious, verify with the sender that it is legitimate. Then type the link directly into your browser instead of clicking on it.
d) What's a link?
7. Of the following choices, which wireless technology commonly used in most home and business networks provides the most security?
a) Bluetooth
b) Wireless Encryption Protocol (WEP)
c) Wi-Fi Protected Access II (WPA2)
d) Microwave communications
8. A firewall can prevent unauthorized or unwanted connections between networked computers. What can a firewall protect against?
a) Viruses
b) Malicious downloads from a web site
c) An internet based hacker connecting to files shared from your computer
d) Electrical fires
9. Which of the following is true regarding public wireless access points or hotspots? (Choose one.)
a) Data flowing through a public wireless access point is always encrypted.
b) My system is invisible to other systems sharing the public access point.
c) Others may be able to "sniff" or view the data exchanged between my laptop and the public wireless access point.
10. One security risk to be aware of is software that appears to perform desirable functions, but in fact, steals information or harms the system. A program in which malicious or harmful code is contained inside apparently harmless programming or data is called a:
a) War dialer
b) Spam trap
c) Trojan horse
d) Email
Comments
Also as silly as some of this stuff is, none of the information in there seems to be outright wrong and at least some of it might be legitimately helpful to someone. Like I think a lot of people really are of the mindset that "my computer came with McAfee so I'm safe".
Forgot to copy/paste the first two questions but they weren't particularly funny. One was about what phishing can do to you, and the second was about whether IT security is a tech issue or everyone's business.
Technically if you really wanted to determine whether something is malware, you fire up a virtual machine, download the attachment using that, and then play with the file there.
True, also boring question because I can't snark about this.
The standard response is probably the second one, but if you truly wanted to keep something secure, you'd use a combination of the second and third procedures, PLUS using a cypher that you know the other side uniquely knows, PLUS misinformation. For example, I can encode my social security number using your social security number by specifying a mathematical expression of the difference between the two. Then, I can send this quantity in multiple pieces, also to be combined mathematically. Each piece can be disguised as being an amount in currency or other units. The units can be used to specify whether each quantity should be added or subtracted. And so on. And since units will be used, conversions from other units could also be added.
*shakes fist at Central Avenue*
Technically you could be using a mapping app that has bundled malware...or you could be logging onto a phishing site to check your e-mail...
The fact that you've put these up here in plaintext means that NONE of these are.
The previous version of this question had "The Weather Channel" as the last choice.
I wonder if something happened.
These are actually not as lulzy as the choices for the previous version of this question.
The point of my encryption ideas is not to substitute for technical encryption means.
The point is how to use extratechnical means to introduce more security, or to introduce security when technical means are not available.
They're only easily defeatable if you know the right pieces of information, but then again, one can say the same thing about technical security. Now, you could argue, the non-technical means use pieces of information that are longer-lasting and thus more easily discoverable, true. But then that also depends on whether you are expecting to be snooped or not. If you are, then the non-technical means I mentioned are less likely to be useful, since you probably have some sort of government spy agency following everything you do already. But if you are not, then simply splitting information up into multiple channels actually does have a benefit in case one e-mail account or other information channel gets compromised, so identity thieves are less likely to have enough information about you to be able to fuck up your shit.