Security, Privacy and Freedom “There is no privacy in this digital world.” By: Fong-Ting Yau and Ralph L Fidel.

Security, Privacy and Freedom

Security, Privacy and Freedom“There is no privacy in this digital

world.”“There is no privacy in this digital

world.”By: Fong-Ting Yau and Ralph L FidelBy: Fong-Ting Yau and Ralph L Fidel

What does it mean to be “digitally” secure?What does it mean to be “digitally” secure?

• All personal data and digital transactions are kept confidential

• Each user remain unique and their identity protected (from fraud, etc.)

• Users granted freedom to access and modify their information freely

• All personal data and digital transactions are kept confidential

• Each user remain unique and their identity protected (from fraud, etc.)

• Users granted freedom to access and modify their information freely

Presentation Overview

Presentation Overview

• Security of Online Banking• Security of Credit Card transactions• Local File/Network Security• Security of Digital Correspondence and Real

Time Chats• Does privacy exist in the digital world?

• Security of Online Banking• Security of Credit Card transactions• Local File/Network Security• Security of Digital Correspondence and Real

Time Chats• Does privacy exist in the digital world?

Online Banking Online Banking

• Check balance• Check recent transactions• Update direct deposit/withdrawal• Access credit card information• Make bill payments• Ability to consolidate multiple accounts• Apply for Investments and Loans• Financial Planning

• Check balance• Check recent transactions• Update direct deposit/withdrawal• Access credit card information• Make bill payments• Ability to consolidate multiple accounts• Apply for Investments and Loans• Financial Planning

You can now access your bank account online! You can now access your bank account online!

Form and FunctionForm and FunctionInitial Purpose: Once limited to bank visits and telephone calls, online

banking isa growing trend allowing bank customers the ability to access and manage all

their accounts in the privacy of their homes or any other location (convenience).

• When visiting your bank’s website, you are prompted to enter personal information that include your name, bank number and usually, if registering for the first time, a validation code that you receive from contacting an actual banking representative.

• Although the majority of the process is automated, the user is usually required to first contact their bank (through telephone or by visiting a branch) to set up this feature.

(Wikipedia: Credit Card, 2006)

Initial Purpose: Once limited to bank visits and telephone calls, online banking is

a growing trend allowing bank customers the ability to access and manage all their

accounts in the privacy of their homes or any other location (convenience).

• When visiting your bank’s website, you are prompted to enter personal information that include your name, bank number and usually, if registering for the first time, a validation code that you receive from contacting an actual banking representative.

• Although the majority of the process is automated, the user is usually required to first contact their bank (through telephone or by visiting a branch) to set up this feature.

(Wikipedia: Credit Card, 2006)

Case Study #1Case Study #1

Carol, an elderly woman, has just discovered that she is able to access her bank account online. She rushes to the library and quickly entering in the requested information, she

transfers funds from her chequing account to her savings account. Satisfied, she smiles and

leaves.

Carol, an elderly woman, has just discovered that she is able to access her bank account online. She rushes to the library and quickly entering in the requested information, she

transfers funds from her chequing account to her savings account. Satisfied, she smiles and

leaves.

Possible Security Flaws

Possible Security Flaws

• She is using a public computer, leaving her information exposed to those who know how to access usage internet logs.

• She may have inadvertently left the banking window open allowing the next user complete access to her accounts.

• She is using a public computer, leaving her information exposed to those who know how to access usage internet logs.

• She may have inadvertently left the banking window open allowing the next user complete access to her accounts.

Online Banking: The Now

Online Banking: The Now

• Banks use various methods to ensure the security and feasibility of banking online:

• Personal Verification Question• Access Logs• Session Time Outs• Last Sign On feature• 128-bit Encryption

• Banks use various methods to ensure the security and feasibility of banking online:

• Personal Verification Question• Access Logs• Session Time Outs• Last Sign On feature• 128-bit Encryption

Online Banking: The Now

Online Banking: The Now

• Users ought to be held accountable, at least in part, to ensure the protection of their own information:

• Ensuring the website is legitimate• Ensuring aforementioned banking features are present• Obtaining a hardcopy of recent transactions

• What to do if you are a victim: Contact your bank as soon as possible!

• Users ought to be held accountable, at least in part, to ensure the protection of their own information:

• Ensuring the website is legitimate• Ensuring aforementioned banking features are present• Obtaining a hardcopy of recent transactions

• What to do if you are a victim: Contact your bank as soon as possible!

Credit Cards Credit Cards

• Make online purchases (Ebay, Amazon, PayPal etc.)• Make subscriptions (automatic withdrawals)• Means of insurance regarding transactions (collateral)• Means of personal identification• Establish a credit history

• Make online purchases (Ebay, Amazon, PayPal etc.)• Make subscriptions (automatic withdrawals)• Means of insurance regarding transactions (collateral)• Means of personal identification• Establish a credit history

What can you do with your credit card nowadays?What can you do with your credit card nowadays?

Form and FunctionForm and Function

Initial Function: Credit Cards are a means of ensuring secure transactions - because they are processed without a long clearance period (unlike cheques). Credit card transactions are especially useful for making online purchases and have become the standard method when dealing with such exchanges.

• With the advent of services such as Ebay and PayPal, consumers are free to sell their goods to other consumers safely.

Initial Function: Credit Cards are a means of ensuring secure transactions - because they are processed without a long clearance period (unlike cheques). Credit card transactions are especially useful for making online purchases and have become the standard method when dealing with such exchanges.

• With the advent of services such as Ebay and PayPal, consumers are free to sell their goods to other consumers safely.

Case Study #2Case Study #2

Patrick is about to make his very first purchase online. The website has asked for his full

name, address, and contact phone number. Credit card in hand he carefully fills in the form, enters the numbers on the card and

confirms his purchase without much hesitation.

Patrick is about to make his very first purchase online. The website has asked for his full

name, address, and contact phone number. Credit card in hand he carefully fills in the form, enters the numbers on the card and

confirms his purchase without much hesitation.

Possible Security Flaws

Possible Security Flaws

• Someone else could be recording Patrick’s information without his consent.

• Someone, other than Patrick (but with his credit card), could’ve easily completed this transaction without any form of identity verification.

• The source website may not be legitimate, and Patrick may never receive the item but would still be charged for it =(.

• Someone else could be recording Patrick’s information without his consent.

• Someone, other than Patrick (but with his credit card), could’ve easily completed this transaction without any form of identity verification.

• The source website may not be legitimate, and Patrick may never receive the item but would still be charged for it =(.

Credit Cards: The Now

Credit Cards: The Now

• Credit Card companies use various methods to ensure the security of their clients:

• Credit Card Insurance• Requiring a four digit personal identification number• Advent of forgery resistant smart cards• Implementation of Card Verification Value/Code (CVV/CVC)

(CIBC, 2006)

• Credit Card companies use various methods to ensure the security of their clients:

• Credit Card Insurance• Requiring a four digit personal identification number• Advent of forgery resistant smart cards• Implementation of Card Verification Value/Code (CVV/CVC)

(CIBC, 2006)

Credit Cards: The Now

Credit Cards: The Now

• Credit Card holder’s obligation to security:

• Always report lost or stolen cards• Ensure source is credible before providing credit card information• Always obtain and review a hardcopy of recent transactions

• Credit Card holder’s obligation to security:

• Always report lost or stolen cards• Ensure source is credible before providing credit card information• Always obtain and review a hardcopy of recent transactions

Local File/Network Security

Local File/Network Security

• Local files include those present on your computer’s hard drive

• Local Network include all machines (computers, routers, modems, etc.) present in your home network

• Local files include those present on your computer’s hard drive

• Local Network include all machines (computers, routers, modems, etc.) present in your home network

Form and FunctionForm and Function

• Initial Purpose: Initial attraction of networking was to share disc space and laser printers

• In the days before personal computers, a site might have just one central computer, with users accessing this via computer terminals over simple low-speed cabling

• Through the development of CP/IM and DOS (Operating Systems), a single site began to have dozens and even hundreds of computers (as a result, more individuals may be at risk for having their information exposed to others).

(Wikipedia; Local Area Network, 2006)

• Initial Purpose: Initial attraction of networking was to share disc space and laser printers

• In the days before personal computers, a site might have just one central computer, with users accessing this via computer terminals over simple low-speed cabling

• Through the development of CP/IM and DOS (Operating Systems), a single site began to have dozens and even hundreds of computers (as a result, more individuals may be at risk for having their information exposed to others).

(Wikipedia; Local Area Network, 2006)

Case Study #3Case Study #3

Sue is setting up her first wireless home network. After installing her wireless network cards, connecting her router,

she logs onto the network and transfers files from her desktop to her laptop.

Sue is setting up her first wireless home network. After installing her wireless network cards, connecting her router,

she logs onto the network and transfers files from her desktop to her laptop.

Possible Security Flaws

Possible Security Flaws

• Without knowing about network security, her home network is vulnerable to outsiders (her neighbors could easily access her files and even hijack her internet).

• Without changing her default password, others could access her router settings and change its password, locking her out of her own network!

• Without knowing about network security, her home network is vulnerable to outsiders (her neighbors could easily access her files and even hijack her internet).

• Without changing her default password, others could access her router settings and change its password, locking her out of her own network!

Local File/Network Security: The Now

Local File/Network Security: The Now

• Various methods for securing your files:• Hardware/Software firewall• WEP• Local Computer/Network Access Passwords• External Media Backup• Stay Informed

• What to do if your system/network is compromised:• Change your passwords immediately • That’s what backups are for!(Potter, 2006)

• Various methods for securing your files:• Hardware/Software firewall• WEP• Local Computer/Network Access Passwords• External Media Backup• Stay Informed

• What to do if your system/network is compromised:• Change your passwords immediately • That’s what backups are for!(Potter, 2006)

(Tyson, How Firewalls Work, 2006)

Digital Correspondence and Real Time ChatDigital Correspondence and Real Time Chat

• What does this include?• Instant Messaging• Online Discussion Forums• Online Communities (MySpace)• Blogs (Livejournal, Xanga, etc.)• Chat rooms• Email

• What does this include?• Instant Messaging• Online Discussion Forums• Online Communities (MySpace)• Blogs (Livejournal, Xanga, etc.)• Chat rooms• Email

Case Study #4Case Study #4

Cam, a young student, has accessed his school’s online discussion forum. He posts regularly and has met a new

friend posting from a different school. This particular friend has invited Cam

out to the movies, but has asked for his address in order to pick him up.

Cam, a young student, has accessed his school’s online discussion forum. He posts regularly and has met a new

friend posting from a different school. This particular friend has invited Cam

out to the movies, but has asked for his address in order to pick him up.

Possible Security Flaws

Possible Security Flaws

• Cam’s new “online” friend may not necessarily be who he expects

• By giving out such personal information, his safety and that of his family may be in jeopardy

• Cam’s new “online” friend may not necessarily be who he expects

• By giving out such personal information, his safety and that of his family may be in jeopardy

Digital Correspondence and Real Time Chat: The

Now

Digital Correspondence and Real Time Chat: The

Now

• Precautions to Take:• Never give out personal information• Avoid meeting with strangers you meet online; if

unavoidable, take all necessary precautions

(McKenna, 2006)

• Precautions to Take:• Never give out personal information• Avoid meeting with strangers you meet online; if

unavoidable, take all necessary precautions

(McKenna, 2006)

The Fine Line Between Security and

Freedom

The Fine Line Between Security and

FreedomOnline Banking: “Almost 40 million people logged on to a banking Web site in the fourth quarter of 2005,

according to comScore, based outside Washington, D.C. That was a 27 percent increase over the fourth quarter of 2004.”

(http://bankwatch.wordpress.com/2006/04/15/statistics-us-online-banking/)

Credit Card: The Federal Trade Commission shows that 42% of Identity theft cases involved credit card fraud (http://www.myidfix.com/creditcard-fraud.phphoth.lib.ucalgary.ca/uhtbin/cgisirsi/X/UCALGARY/0/5/)

Local File/Network Security: 60% of all corporate data assets reside unprotected on PCs.Source: Search Security Newsletter, April 4, 2002(http://www.pcsecurity.com/html/2178.html)

Digital Correspondence: 25% of remote workers said they open unknown emails when using work devices (Furnell, 2006)

Online Banking: “Almost 40 million people logged on to a banking Web site in the fourth quarter of 2005, according to comScore, based outside Washington, D.C. That was a 27 percent increase over the fourth quarter of 2004.”

(http://bankwatch.wordpress.com/2006/04/15/statistics-us-online-banking/)

Credit Card: The Federal Trade Commission shows that 42% of Identity theft cases involved credit card fraud (http://www.myidfix.com/creditcard-fraud.phphoth.lib.ucalgary.ca/uhtbin/cgisirsi/X/UCALGARY/0/5/)

Local File/Network Security: 60% of all corporate data assets reside unprotected on PCs.Source: Search Security Newsletter, April 4, 2002(http://www.pcsecurity.com/html/2178.html)

Digital Correspondence: 25% of remote workers said they open unknown emails when using work devices (Furnell, 2006)

So… Is there privacy in this digital

world?

So… Is there privacy in this digital

world?

Yes and no; Complete privacy in this technological era is something that must be constantly attained and re-attained. Through the use of the internet users are granted access to a plethora of information in the

struggle against hackers, identity thieves, scammers, etc.

(Alladin Securing the Global Village, 2006)

Yes and no; Complete privacy in this technological era is something that must be constantly attained and re-attained. Through the use of the internet users are granted access to a plethora of information in the

struggle against hackers, identity thieves, scammers, etc.

(Alladin Securing the Global Village, 2006)

ReferencesReferences• Furnell, S. (2006). Securing the home worker. Network Security, vol 2006. Pp. 6-12.• McKenna, B. (2006). ‘Social networking’ study shows cybercrime risk. Network Security, vol 2006. Pp. 2.• Potter, B. (2006). The changing face of IT security. Network Security, vol. 2006. Pp. 16-17.

Tyson, J. (n.d.). How Firewalls Work. Retrieved November 29, 2006, from howstuffworksWeb site: http://computer.howstuffworks.com/firewall.htm

• (n.d.). Credit Card. Retrieved November 22, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Credit_card

• (n.d.). Local Area Network. Retrieved November 21, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Local_area_network

• (2006). Online Banking Security. Retrieved November 22, 2006, from CIBCWeb site: http://www.cibc.com/ca/legal/online-banking-security.html

• (n.d.). Security Statistics. Retrieved November 29, 2006, from Alladin Securing the Global VillageWeb site: http://www.esafe.com/home/csrt/statistics/statistics_2005.as

• Furnell, S. (2006). Securing the home worker. Network Security, vol 2006. Pp. 6-12.• McKenna, B. (2006). ‘Social networking’ study shows cybercrime risk. Network Security, vol 2006. Pp. 2.• Potter, B. (2006). The changing face of IT security. Network Security, vol. 2006. Pp. 16-17.

Tyson, J. (n.d.). How Firewalls Work. Retrieved November 29, 2006, from howstuffworksWeb site: http://computer.howstuffworks.com/firewall.htm

• (n.d.). Credit Card. Retrieved November 22, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Credit_card

• (n.d.). Local Area Network. Retrieved November 21, 2006, from WikipediaWeb site: http://en.wikipedia.org/wiki/Local_area_network

• (2006). Online Banking Security. Retrieved November 22, 2006, from CIBCWeb site: http://www.cibc.com/ca/legal/online-banking-security.html

• (n.d.). Security Statistics. Retrieved November 29, 2006, from Alladin Securing the Global VillageWeb site: http://www.esafe.com/home/csrt/statistics/statistics_2005.as