unit 8 - cybersecurity Flashcards
personally identifiable information (PII)
information about an individual that identifies, links, relates, or
describes them
what can be used to create knowledge about an individual
- geolocation, cookies, browsing history
most digital technology needs some kind of PII to work
ex: street navigation needs to know your location or PII stored online to simplify making online purchases
once data is made digital, especially once its shared online, its easier or harder to control?
much harder to control
how does our private data power computing innnovations positively
- it makes products that are convenient, interesting, personal, useful, and often “free” because we “pay” with our data
legal and ethical concerns are raised by:
- computing innovations that harm people
- computing innovations that play a role in social and political issues
privacy policies
- they protect companies legally but are often ignored by users due to complex language
- they are required even for small businesses to disclose data usage
privacy policies: “control”
- data settings????/
privacy policies: “not”
- limitations on data usage??
privacy policies: “such as”
- signals vague data practices
what are ways to enhance privacy
- check the last updated date
- use burner emails
what are burner emails?
An email account set up to temporarily receive messages and attachments when people do not want to divulge their primary email address
facial recognition technology
- used in apps, surveillance, security
- nearly half of US adults are in databases
- works by mapping facial landmarks to create “faceprints”
what are concerns and uses of facial recognition technology
- gov use it for security (airports)
- companies track customers emotions and purchasing behaviors
- raises ethical concerns about privacy, surveillance, and data commercialization
supreme court ruling on cell phone data
- limited warrantless access to historical cell phone data
- challenges the third-party doctrine (previously, shared data wasn’t protected under the Fourth Amendment).
- case brought by Timothy Carpenter (linked to robberies using cell data without a warrant).
- tech companies pushed for stronger digital privacy protections.
- impacts digital privacy rights as surveillance increases.
phishing
a technique that attempts to trick a user into providing personal information. that personal information can then be used to access sensitive online resources, such as bank accounts and emails
keylogging
the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information
malware
software intended to damage a computing system or to take partial control over its operation
rogue access point
a wireless access point that gives unauthorized access to secure networks
encryption
a process of encoding messages to keep them secret, so only “authorized” parties can read it
decryption
a process that reverses encryption, taking a secret message and reproducing the original plain text
cipher
the generic term for a technique (or algorithm) that performs encryption
caesar’s cipher
a technique for encryption that shifts the alphabet by some number of characters
cracking encryption
when you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to crack the encryption
symmetric key encryption
involves one key for both encryption and decryption
public key encryption
pairs a public key for encryption and a private key for decryption
- the sender does not need the receiver’s private key to encrypt a message, but the receiver’s private key is required to decrypt the message
what can you do to protect your data
use multifactor authentication
how can attackers get info for two factor authentication
- fake logic pages
- compromised devices
- intercepting authentication messages
ways in which hacking occurs
- sim swapping
- phishing and MITM attacks
- malware and keyloggers
- session hijacking
ways to improve security
- use hardware security keys instead of SMS
- enable biometric authentication when possible
- use app based authenticators
- be cautious with push notifications and monitor login attempts
- strong unique passwords
how can you protect your device from computer viruses
virus scanning software & updating system software
multifactor authentication
a method of computer aceess in which a user has to successfully provide evidence in at least two of the following categories: knowledge, possesion, and inheritance. each layer provides a new layer of security
computer virus scanning software
protects a computing system against infection
how can u tell the URL is sus
- doesn’t have a top level domain (.net, .org. .com”
- honest if the company name is in the middle kinda (accounts.paypal.com)
access points
- connect to the internet via a wired connection but share it wirelessly with many devices like your computer
- most routers include access points
routers
- contain access points
- not responsible for providing wireless internet access
malware
- “malicious software” that is unknowingly installed onto a computer; often tries to steal data or make money off of the user
malware: trojan horse
harmful program that poses as a legit program
malware: virus
- self replicating: contains code that copies itself into other files on the system
malware: worm
- self replicating but it copies itself into entirely different computers within the network
firewall
a system that monitors incoming and outgoing network traffic to a computer or internal network and determines what traffic to allow; these cannot identify and block all malware, but they are a useful line of defense for what they can identify
antivirus software
- protects an individual computer by constantly scanning files and identifying malware
- once it finds malware, guides the users to deleting or repairing
what allows people to share private information over open networks
encryption!
websites often use cookies…
to track user actions on their site and even acrosss other sites
