CPR101 — Week 5

Secure Computing: Passwords, PINs, Problems, and Privacy.

CP4P_Security.pptx	Lecture PowerPoint slides
CP4P_Security_Activity_Instructions.pdf	Activity Instructions
CP4P_Security_Activity_Answers.docx	Activity Answer document
CP4P_Security_Activity_Extras.zip	Additional info FYI (unrelated to the Activity)
Show provenance of _Activity_Answers development.docx	How to show you did the work

Notes

Breached Password Report 2024 from Specops:
exploits, keyboard walks, weak and strong passwords, recommendations.

Four ways to make end users love password security (or at least tolerate it).

1Password University Free, expert-led courses on a broad range of security topics.

DNS privacy, security, block malware, botnets, malicious domains CIRA Canadian Shield Quad9 CISCO OpenDNS Cloudflare 1.1.1.1

Passage Authentication Demo - Why Passage? (1password.com)

Decentralized identity and verifiable credentials - Microsoft Entra

Cyber attacks work because CISOs don’t do basic security: Microsoft | IT World Canada News

Privacy Focused Search Engines

OPSEC = Operational security The Most Secure Man in the World

CyberSecure Canada is the nation's cybersecurity certification program for small and medium-sized organizations.

Hackers are using Google services to bypass email defence, researchers warn | IT World Canada News
- good examples of spear phishing approaches with a new attack vector

Armorblox recommends infosec staff, if they haven’t already done so to implement multifactor authentication for email accounts and have staff use an approved password manager, making sure staff don’t use common and insecure passwords; train staff to be careful with emails related to money and data and make sure all existing email security capabilities are enabled. [ confirms action items in today's topic and activity ]

A Few Simple Steps to Vastly Increase Your Privacy Online (thetoolsweneed.com)

How to Track a Cellphone Without GPS—or Consent

Champing at the Cyberbit report: Ethiopian Dissidents Targeted with New Commercial Spyware
With the help of U of T's Citizen Lab, the dissidents discovered who did it and how it happened. It's never been easier for governments to keep track and spy on dissidents, but now that spyware software can be bought virtually off-the-shelf, any country can get in the game.

https://securityplanner.org/ from U of T's Citizen Lab first launched in December 2017

Email to Tim McKenna RE a CDOT project he once worked on called Clara.io
- "On November 23rd, Threekit was made aware of a data breach regarding Clara.io users. This access provided visibility into usernames, emails, and salted and hashed passwords for logging into Clara.io, as well as names of any user that chose to store them."
- Because that password was quite long, used only for that account, and because it was stored salted and hashed...no worries. Tinfoil Hat folks might sleep better if the password was changed but there is low risk of the account being cracked.