A collection of cybersecurity resources for the 12/13 Make a Diff.

make-a-diff-security-resources.md

Make a Diff 12/13

Cybersecurity Resources

Slide 3 - Intro - Definitions

• United Nations on Online Anonymity

Slide 4 - Why? Consequences of Bad Online Privacy - Examples

• List of Websites that Have Been Hacked & How
• Rise in Journalists Hacking Attempts
• Doxing Definition
• Example of Property Theft/Blackmail - Darkode
• Example of Impersonation of An Account with 2FA
• Example of Information Gathered in NSA hacks
• Example of Extortion

Slide 6 - Basics

• DHS on Talking to Family
• DHS on Talking to Older Americans
• Last Pass - "How to Improve Cyber Security Awareness in your Family"
• Take their phones --> Preferences --> General --> Security, set App specific guidelines

Slide 7 - Passwords

7.1 Strength

• xkcd on password strength - choose random words! (or have manager choose for you
• Make your password long! Good Thread on Cracking 8-Char Passwords
• Don't use same password across multiple sites
  • Target Password Breach

7.2 Managers

• LastPass Free! More complicated :(
• 1Password Less complicated! Not free :(
• Am I An Idiot for Still Using A Password Manager?
• Five Best Password Managers

7.3 2FA

• Always use it when available.
• Always use an authenticator over SMS when available.

How to Get Gmail or Google Inbox 2FA

• Use gmail or google inbox? (yay!)
• Go to https://myaccount.google.com/…/signin…/two-step-verification
• Turn on authenticator app and follow the instructions
• If you already had 2FA for your phone, change it to authenticator app!
• Select revoke all trusted devices at the bottom. You'll have to reauth on your phone, other devices you use with your new 2FA.
• See Password Managers For Begineers
• See LastPass for Begineers

Why not use SMS for 2FA?

• NIST (National Institute of Standards and Technology) no longer recommends it. For a complete list of recommendations: https://github.com/usnistgov/800-63-3
• It's pretty easy to swap a SIM (the core of your phone that proves your phone is yours). If someone goes to a phone shop as you they can get the shop to issue a new SIM encoded with your phone number.
• End of SMS-based-2-FA

Slide 8 - Social Engineering

• Social Engineering: Attack vector relying heavily on human interaction and often involves tricking people into breaking normal security procedures.

2.1 Phishing

• Phishing: Popular form of social engineering where a hacker sends you a professionally or cleverly designed email pretending to be a website, service, or family member, including a website link for you to follow.
• Do Not Track (Movie)
• Ublock
• Ghostery
• HTTPSEverywhere - Chrome extension by the Tor Project (Open Source)
• Example of Phishing for Passwords - Podesta
• Podesta Cont.

Slide 9 - Data

• Signal from Whisper Systems
• WhatsApp
• Put a passcode on your wifi!

Slide 10 - Stretch Goals

• Tor Project
• AirVPN
• Why You Should Start Using a VPN (and How to Choose the Best One for Your Needs)
• Tails OS

Slide 11 - Reality

1. Make a plan
2. Make it easy
3. Make it fun
4. No condesending
5. Start small
6. Spend money
7. Normalize it

Misc. Resources

• A DIY Guide to Feminist Cybersecurity
• Good Understandable Guide on Personal Online Security
• The Source Guide to Defending Accounts Against Common Attacks
• Encrypt your Emails - PGP for Mac
• How you securely leak to a news org