Hi!
My name is Winnona, I’m a junior at Tufts
University and this is Cybersecurity 101.
Cyber security has been gaining a lot of attention
lately.
It’s a relatively new field but what's especially
interesting (and scary), is that most people
receiving computer science degrees don’t
actually have formal training in computer
security.
This means that students who can build large,
complicated web applications, don’t ask
themselves: “how can I prevent this app
from being broken into?” or “what happens
if it gets hacked?”
It’s like building a bridge without any
concept of whether it would withstand an earthquake,
or any idea of how sturdy it would be in the
real world.
So - what is Cybersecurity?
Different people might tell you different
definitions, but here are mine.
Let’s start with cyberspace.
Cyberspace is all computers, or really anything
with a CPU chip, and all networks, where a
network is at least two computers talking
to one another, through the Internet or otherwise.
A cyber attack is anything that steals information
from, disrupts or controls parts of cyberspace
- so if I find a way to steal information
from your computer while you’re watching
this youTube video, that’s a cyber attack.
And finally: Cyber security is the protection
and defense of cyberspace from cyber attacks.
Ok.
Now that we have these definitions, let’s
move on to actual hacks.
Some people think that cyber attacks need
to be super complicated to work.
But sophistication is quite rare - most hacks
come from individuals exploiting holes in
systems that are usually due to bad code,
and are easily fixable.
For example, websites vulnerable to the “Heartbleed
bug” - the bug that allowed hackers to steal
thousands of medical records from US healthcare
systems - would allow someone to ask the site
for a word, and also attach the length of
the word.
If a malicious user asked for the word “hi”,
but said that “hi” was 10000 letters long,
the site would reply with whatever 9000-some
letters were in memory after the word, usually
dumping a lot of private information.
Another example is the Dyn DDoS attack that
happened a month or so ago.
A DDoS (or distributed denial of service)
attack, is where a hacker gains control of
a lot of devices remotely, and tells all of
them to go surf one site continuously until
the traffic causes the site to crash.
Whoever was behind the Dyn attack was able
to gain control of around 100,000 smart IoT
devices, mainly because all of them had the
same default passwords hard coded in.
If your smart thermostat has a default password
hardcoded by its company- your device could
have actually helped in this attack and you
would never know!
Finally, while a majority of attacks have
to do with bad code, another good amount have
to do with opening malicious emails and downloading
attachments, or getting files off a shady
internet site that have viruses hidden in
them.
So - finally - how do we protect ourselves
from getting hacked?
For everyone: use hard to crack passwords,
and change them frequently.
If you have any devices, make sure they're
not from companies that hard code default
passwords.
Also, d on’t download or open anything from
something, or someone you don’t trust.
If you code - keep security in mind, especially
in designing your product.
It’s these little holes in code that attackers
end up worming their way through.
Thank you so much for watching.
