APSCP Unit 10
What does Equifax store? Why does it matter?
Equifax stores information on everyone who has a credit score. This information includes private data like social security numbers and whether or not you pay your bills on time. This information is often used when consumers want to make purchases and determines whether or not they are eligible and how high interest rates will be for loans. This can affect your family's ability to buy a house or a car.
Effect of changing a key from 128 bits to 256 bits
It makes data more secure since there is an exponential increase in the amount of guesses it takes to crack a cipher even though it does not make the process of encrypting messages any harder. Showing that 256 bits is currently very effective but in the future computers will need even more if the exponential increase of computer speeds get faster.
What does it mean to leave digital footprints?
Leaving a trace of information so a company can benefit from that piece of data. Websites track search history (footprints) to determine what ads to give someone.
pros and cons of targeted ads
Targeted advertising based on your browser history can be useful; you may be introduced to things you want to buy or information you want to know about. Targeted advertising can be harmful; it can be used to gather data about a user or a group of users for malicious reasons. In this case, this innovation is not being used as it was originally intended to be used.
Why is PII necessary?
Technology enables the collection, use, and exploitation of information about, by and for individuals, groups, and institutions. Geolocation, cookies, and browsing history can all be used to create knowledge about an individual. Most digital technology needs some kind of PII to work (for example street navigation needs to know your location or PII stored online to simplify making online purchases).
What makes an encryption strong?
The "Strength" of encryption is related to how easy it is to crack a message given someone knows the technique but not the exact "key" What makes encryption really strong is making it hard to guess or crack the "key" even if the "enemy" knows the encryption technique you're using (Computationally hard)
Keylogging is a form of Malware. Malware is a broad category of malicious software that can collect information or exploit a system in many different ways.
True
What can I do to protect my data?
Use multi-factor authentification and update computer software.
How safe are emails?
We generally think of emails as being a safe way to communicate, but unsolicited emails, attachments, links and forms can all be used to compromise the safety and security of a computing system. These could come from people you don't know, or from your friends and family who's security has been compromised.
Exchange from user and application
When you use most apps, websites, and social networks, they are collecting information about you in exchange for providing you a service, like connecting with your friends and sharing photos. Sometimes the service itself, like GPS, needs to track you just to be a useful app. Other times, the data collected is useful to the company for making money.
Asymmetic Encryption
has a public key that can be exchanged with anybody and a private key that remains unshared. This allows for a message enchanted without needing to have agreed on a key ahead of time.
You may not be able to control IF you're breached. But you can control:
how prepared you are for a breach how much valuable data is "easily" accessible how you respond to a breach
Personally Identifiable Information (PII)
information about an individual that identifies, links, relates, or describes them.
Public Key Encryption
pairs a public key for encryption and a private key for decryption. The sender does not need the receiver's private key to encrypt a message, but the receiver's private key is required to decrypt the message. Asymmetric encryption
Computer Virus Scanning Software
protects a computing system against infection.
Malware
software intended to damage a computing system or to take partial control over its operation
Encryption Algorithm
some method of doing encryption Caesar Cipher—is an encryption algorithm that involves shifting the alphabet.
Encryption Key
specific input that dictates how to apply the method and can also be used to decrypt the message. Shifting the alphabet 13 characters to encode the message is the key.
Cipher
the generic term for a technique (or algorithm) that performs encryption
Cybersecurity
the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.
Keylogging
the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information
Symmetic Encryption
when the sender and receiver share the same key used to encrypt and decrypt the message. The secret key has to be agreed on ahead of time with two people in private.
Name three cyber crimes in the last few years
1. Hundreds of millions of credit card info stolen 2. Tens of millions of social security numbers and health record were compromised 3. Unmanned Ariel drones have been hijacked
Caesar Cipher vs Random Substitution Cipher
A Caesar Cipher is the process of encrypting and decrypting data based on a set amount of times shifting the alphabet. This can only occur 26 times as there are only 26 letters in the alphabet, so it is limited and quite crackable. A random substitution cipher is much more complex and difficult to crack as each letter is mapped out randomly in the alphabet so instead of trying to find an entire message 26 times you have to find each letter in the message separately.
Public Key vs Private Key
A public key can be encrypted by anyone, but the private key can only be decrypted with access. Anyone can access a key to deposit mail publicly, but only a select few people can remove that mail by having a separate private key.
"Big Brother"
Abuse of governmental power in relation to civil liberties and is often specifically connected to mass surveillance.
Distributed Denial of Service (DDoS)
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
What is the "key" to a Caesar Cipher that someone needs to know (or discover) to decrypt the message? A. A secret word B. The number of characters to shift each letter in the alphabet. C. The letter that occurs most often in the encrypted message. D. The day of the month that the encrypted message was sent.
B
Benefits and Harms of Equifax
Benefits: companies are able to use data to make decisions when deciding who to lend money to or how much a person can be trusted to pay back a loan. With this system, we can purchase large items on loan like cars or houses, which would be out of reach for many people if they had to pay outright. Harms: Decisions made are not always fair or equitable. In addition, sometimes information is incorrect and difficult to get changed. A lot of trust is put in a small number of companies who are making a profit making these decisions.
Creators responsibility of new innovations
Computing Innovations can have a harmful impact on society, economy or culture - even when the creator did not intend for this to happen. Responsible creators of innovations should consider potential beneficial and harmful effects and how their innovations may be used in unintended ways, given that not all potential uses can be known ahead of time.
Legal and Ethical Concerns of Innovative Technology
Computing innovations that harm people Computing innovations that play a role in social and political issues Examples: software that allows access to digital media downloads and streaming algorithms with bias devices that collect and analyze data by continuously monitoring activities
Cracking a code vs Decrypting a message
Cracking a code is the process of trying to solve a certain code so it could be understood and processed to the user. Decrypting a message is the process of making unreadable (encrypted) code readable again through a set of algorithms that allow this code to be readable.
What are Equifax security risks?
Data that Equifax stores can be hacked and distributed for malicious purposes. With the personal information that Equifax stores, hackers can commit identity theft and make purchases, drain bank accounts, or ruin people's financial history.
bot net
Digital army of viruses that take over computers.
Benefits and Negatives in giving private data
Our private data powers a lot of computing innovations in ways we like. It makes products that are convenient, interesting, personal, useful, and often "free" because we "pay" with our data. Not every effect of a computing innovation is anticipated in advance. This data can also be used by companies, governments, or criminals in ways that we didn't intend or that threatens our privacy.
Cons of PII
PII can be used to steal the identity of a person, or stalk them online. Information that is often posted on social media can be combined to create a profile on you.
Key
Secret password for unlocking a message
Main cause of system being hacked.
Simple mistake made by a human that makes the computed vulnerable.
If random substitution is the encryption ALGORITHM, what is the KEY to the random substitution cipher?
The actual letter-to-letter mapping that was used to encrypt (and decrypt) the message.
"Little Brother"
The common persons ability to have digital information on other people. Being able to see other people's location and track their profiles online.
Who is to blame with Equifax incident?
The criminals who broke in and stole the information because it was illegal.
Computationally Hard
a "hard' problem for a computer is one in which it cannot arrive at a solution in a reasonable amount of time.
Multi-factor authentication
a method of computer access in which a user has to successfully provide evidence in at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). Each step provides a new layer of security.
Encription
a process of encoding messages to keep them secret, so only "authorized" parties can read it.
Decryption
a process that reverses encryption, taking a secret message and reproducing the original plain text.
computer virus
a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer
Caesar's Cipher
a technique for encryption that shifts the alphabet by some number of characters.
Phishing
a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails.
Phishing Scam
a thief trying to trick you into sending them sensitive information. Typically these include emails about system updates asking you send your username and password, social security number or other things.
Rogue Access Point
a wireless access point that gives unauthorized access to secure networks. This can be a physical device that is attached to a router - sometimes hidden from the site It can be detected in various ways, including looking for strange wireless signals.
Random Substitution Cipher
an encryption technique that maps each letter of the alphabet to a randomly chosen other letters of the alphabet.