%title: Knowledge Is Power: Introduction to Information Security %author: Junde Yhi %date: 2017-11-28 -> # Knowledge Is Power: -> # Introduction to Information Security -> UIC HCC Computer Society -> UIC CST Programme Association --- -> # VIP --- # How We Stole Information ^ 1. Wi-Fi@UIC is *not encrypted* ^ 2. UIC Mail Service is *not encrypted* ^ -> # NOT ENCRYPTED (!) ^ 💻 ------------------------+------------------------> 💻 | +--> 🙃 --- # Start From UIC 💻 -----------------------🔐------------------------> 💻 | +--> %$#@!^&+= ??? ^ 📱 -------------------------------------------------> UIC | +--> ...password:PaSsWoRd... --- -> PaSsWoRd --- # Social Engineering # 社会工程学 --- > 在计算机科学中，社会工程学指的是通过与他人的合法交流， > 来使其心理受到影响，做出某些动作或者是透露一些机密信息 > 的方式。 > (Goodchild, Joan. Social Engineering: The Basics. > csoonline. 11 January 2010 [14 January 2010].) ^ -> # Cheat (欺骗) --- # Phishing (钓鱼) ^ 💻 ------------------------+ +---> UIC | | +--> FAKE WEBSITE ---+ --- # Weak Password - 12345678 - iloveu - 19941014 / 941014 - 440206199410140062 - qazwsxedc --- # Collision (撞库) ^ A 💻 --(Leaked)------+ +---------(Try)--> 💻 B | | +---> 🙃 ---+ ^ -> _*https://haveibeenpwned.com*_ --- # From "Social Engineering" To "Social" # 从社工到社会 --- -> *Script Kiddies (脚本小子)* --- # Social, social.jpg ^ > *Bug* is everywhere. > It is not that *it* is lacking to our eye, > but our eyes which fail to perceive *it*. > > *世界上不是缺少 Bug，而是缺少发现 Bug 的眼睛。* --- # Recently... ^ ## BlueBorne (https://www.armis.com/blueborne) ^ - ...take *complete control* over targeted devices ^ - The attack *does not require* the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. ^ ## KRACK (https://www.krackattacks.com) ^ - Key Reinstallation AttaCKs ^ - *...if your device supports Wi-Fi, it is most likely* *affected.* --- # Do it # 做了再说 --- # VPN ^ *PC LAN* \ +-- 💻 💻 --🔐====================+=====================🔐+-- 💻 | +-- 💻 +==> %$#@!^&+= ??? ^ \ ** 💻 --🔐=========+=========💻-------------------------- 💻 | +==> %$#@!^&+= ??? --- # HTTPS > HTTPS is one of the basic human rights in 21 century. > HTTPS 是 21 世纪基本人权。 ^ -> [HTTPS Everywhere](https://www.eff.org/https-everywhere) -> by [EFF](Electronic Frontier Foundation 电子前哨基金会) --- # HTTPS ^ 🔑 _Certificate Authority (CA)_ --📑--------------------v \ 💻 ^ 💻 <---------------📑---------------------------------+ \ *Authenticate* ^ \ + <--------------------------------🔐--------------> + \ *Encrypt* ^ - No Phishing... - No XSS... --- # Strong Password ^ ## Password Manager ^ - *~c)r%Na,c,GR=HAb])e$2^h#Y\\{>HxY\** ^ - *pCKq(Bm$q27Q<.=@!TASJ8,36\`PWL8]~* ^ ## Diceware ^ - *haunt awkward posting safari probation cleft* ^ - *handwriteretractpologoldsmithscrimmagethrottle* --- # Why We Care? > What the user can't see is bulls**t. > 用户看不见的都是**。 ^ -> [WooYun (乌云)](https://wooyun.org) --- # 为什么要公开漏洞呢？你不是耍流氓么？你不也是助长不法分子么？ ^ > *Bug* is everywhere. > It is not that *it* is lacking to our eye, > but our eyes which fail to perceive *it*. > > *世界上不是缺少 Bug，而是缺少发现 Bug 的眼睛。* ^ - Open source software: *Peer reviewing* --- # Protect Yourself ^ - Protect your privacy ^ - Fight for freedom of speech ^ -> # "Knowledge Is Power" --- -> UIC HCC Computer Socirty -> "We Abridge You And Technology." -> https://uichcc.com -> *Surveillance Self-Defence 101* -> COMING NEXT SEMESTER! ^ -> # Ask Me Questions!