Hello hello welcome everybody so how do you mean I hope that you enjoy your long

weekend you had time to recharge your energies after a very very demanding first week I
guess and you're ready to learn new things regarding security OK a couple of things a
couple of announcements and then maybe we can talk a little bit about Bank of chinchon
maybe you have some questions there OK announcement first next Wednesday we are
going to have our first lab so that means we're going to have our first group activity OK so
at some point starting at the end of the class and before our next class on Wednesday we
need to or you need to form your groups So what I'm going to do is I'm going to make an
announcement in teams going to write a post there given some directions for forming the
groups in then I need Juan person per group to reply to that post listing the members of
their teams OK just one person party now let me check first everyone quick second here I
need to check because I mean I think you still have until Friday to drop classes so we don't
have the definite final list of students enrolled in this class but I'm pretty sure that we are
very close so they're not going to be that much of a difference with the list with the
finalists so far I see 36 students and confident that we are going to keep it that way we're
going to be 36 students so that's easier for all of us we are going to work with groups of
four right so now we have 36 students we can have nine groups of four students right so
you need to find three more teammates if there is a change in the final list let's say I don't
know tomorrow three of you dropped the class then we'll have to reconsider how we
form groups but as of now each group will be a four students and we're going to have nine
groups in class OK and each group should have exactly four students that's easy hopefully
it will be like that and that's it I mean just trying to find your teammates is up to you you
decide which did you decide with which classmates you want to work with it's completely
up to you right and then wait for the post on teams regarding groups and one member for
for each group should reply to that post saying this is this is the configuration for my team
right this this is how that's how we're going to do it right and of course if there is a change
change I'll let you know in that post OK let's see OK so that's that's a very quick
announcement regarding that and remember in Wednesday we're going to have our first
lab it's in that it that's going to be a group activity so you need to have your group ready at
that time also remember it doesn't matter that it is a group activity each one of you will
have to submit the report for that lab as a group you can write one report but each one of
you will have to submit the same file within the group right so I'll try to remember I'll try
to remind you that on Wednesday but at least I'm doing that right now OK Anne I think
that's it for announcements regarding our class I want you finished talking about
passwords that I couldn't cover that on my last class so I want to finish talking about
passwords then we are going to have a very quick discussion on ethics I'm just going to
present the topic of ethics because actually we are going to have a full activity dedicated
to ethics that's also part of our a bit certification we need to measure that on on this class
but I'll let you know when that activity it's ready right now it's not ready so that's why
we're not doing that we're just going to talk about a little bit about ethics OK and then
we're going to do something a little bit different I'm not going to keep using my slides
instead I'm going to use menti.com and we're going to introduce some dynamics that
hopefully you will like them and I'll explain this dynamics when we switch to mattie so
that's kind of the road map for this afternoon now before we start let me quickly address
so one of the biggest news today at least for us and that has to do with the situation in
Bangkok change yes it is confirmed that they've been suffering a cyberattack for the last
7072 plus hours some of some of their systems are down some of their systems are not
working properly and clients have been experiencing some issues when working with this
systems right now there are some fake news also circulating some people that honestly I
we need to be very critical very careful what we believe in when we in what we turn
believe you know remember that sadly there are people that find pleasure in speculating
in sharing fake news maybe to create chaos maybe 2 I don't know makes it this situation
either even more unstable I don't know fine just be careful don't trust everything that you
read or everything that you see try to always always always go to the source right and and
this is true for pretty much any situation right even as a technique too to avoid being scam
it is always a good idea to never trust this kind of information right so there are some fake
news going out there saying that you need to go to the bank and withdraw all your money
that's not the case that is completely fake that is completely not true actually doing that
kid hurt the bank bring in green bringing the bank down to the point that he can no longer
work and then yes your money will be in trouble but right now the financial operations at
the bank are completely normal there is no need to rush into taking the money money out
remember that even I mean given the money it's been reassured so this this this kind of
financial institutions they have insurance and reinsurance so your money is should be safe
actually could be more dangerous for you to rush into the street to get all your money out
and walk around with that money in your pockets somebody can you know not you or
even worse right so please remain calm by the way I don't work and at the back I have no
affiliation with I don't even have an account with that bank right Anne I don't like that
bank either and yes it might you might want to consider switching or changing banks yes
that's that's an option that that is always an option right it's not just because of this is just
it's always an option start don't rush into doing things if you are tired if you think that you
are getting a bad service with that bank then change banks right but do it in an orderly
fashion don't just rush and take all your money out because you can actually break the
bank right and that's not good dude that's not good for the bank that's not good for your
money that's not good for the financial system in the country so don't do that that's what
I'm saying I don't know why people why people spread this kind of fake news because
they can actually cause harm OK so anyway that's that yes it is true they've been under
under attack for the last 72 plus hours they are guessing that they're trying to fix
everything and bring all the systems back to normal but just don't rush into doing into
doing things maybe after everything it's been Terrell and everything is being recovered
maybe it might be a good idea for you to change your password just as a good measure
that's always a good measure when a site has been under under attack we have no
confirmation what type of cyberattack they've been dealing with we have no confirmation
what type of information the attacker has compromised with and all if they have your
password we don't know if they have your account information we don't know that yet
and I don't think we're just going to publicly know that bank may disclose that information
to their its clients but again always go back to the source right so when you see these
these news the best thing that you can do is strike to reach the bank maybe call the bank
check their official news outlets like I know their social networks maybe their Twitter feed
I don't know just always try to follow good news sources right maybe you can follow a
couple of newspapers they are actively reporting about this issue that might be a good
alternative you know exactly what is happening and what you need to do don't trust an
image that you receive on your WhatsApp because you don't know who created that that
image right so be always like that be very critical the news that you receive don't blindly
trust every single image that you get OK of course nobody likes to be in this position they
are playing with your money in and of course we all stressed about money but remember
that this is the kind of situation that attackers are waiting for this is what they like to do
right maybe they they want to have people out in a bank agencies withdrawing money so
they so they can then robbed those people so I mean just be very careful right and always
double check before spreading any news double check what you're getting right double
check the information that you are getting make sure that that information is factual that
that that that that information is actually true is not fake news or fake messages right and
the same may apply if you get a cold sometimes you get a call saying that you have I don't
know a new credit card where waiting for you or that you want trip to renew the OR that
you wanna weekend Cancun or something like that right or that you have a create
approved with your bank and things like that and you only need to answer the following
questions to confirm your information right and then the colors start store asking you all
these personal information like your scheduler your address your phone number a bunch
of other data right don't give this information freely if this is something that actually it's
interest to you like let's say that you are waiting for a new credit card or something called
back the bank call them back right if it is true that you have a new credit card or if it's true
that you have whatever you're having right if it's true if you call back the company that is
offering you this promotion or this often a promotion but this author if it's true when you
call them back information will be there right so if you call back your bank they will
confirm if you actually need to go to the bank and withdraw money and most likely the
bank will say no you don't need to do that because they know that that will hurt them OK
so always always find ways to confirm your news OK that's it so please become done done
penny I know it's your money and we stress about money we don't want anything
happening to our money but for now the best thing that you can do is just keep calm like
you know the T shirt OK I let's start talking about passwords I guess because there is lots
of things that we we need to cover let's see OK so in our last class I'm going to share my
screen the minutes in our last class we talk we ended the class talking about password
with the fine with the password is and we talked getting a password manager or the
advantages of getting the password manager but we didn't have time to go through the
types of attacks that we can have for passwords and that's where I want to start right now
what happened here so I want to cover some of the attacks that password can can suffer
right and the first one it's the most obvious one the most common one and also it's the
brute brute force attack and that's just simply trying all possible combinations right one of
those combinations it's going to be your password and that's brute force attack so let me
see if you have a regular king code you know that regular pin code is just four digit lump
right so that's about that's exactly 10,000 possible combinations from 0000 till 9999 right
so 10,000 possible combinations that's pretty trivial to crack you can write right now a
very simple script in your favorite scripting language that will generate these 10,000
numbers and check Right one of them is going to be your pin code and it's it will run in a
fraction of a second or something it's going to be really fast right so you see a pin code it's
not that secure right by itself a pin code is not secure now what can we do in order to
protect a password from the brute force attack and that's why we play with the length of
the password and the symbols or family symbols that we can use or in a password right so
if we take the same pain that instead of being more they did long it is now 5 digit B pin
code the strength of that password that just went up by one factor right so now instead of
having 10,000 possible combinations we have 100,000 possible combinations right and of
course if we add one more digit right we have a second order of magnitude right so
instead of having 100,000 possible combinations now we have a million possible
combinations so you see just by adding one extra digit we're making the brute force attack
harder because our script needs to try more combinations now if we go one more time
back to the original password that sorry the original pin code 4 digits but now we also
allowed let's say lowercase letters the 26 lowercase letters in the English language right so
now you have 26 lowercase letters plus 10 digits you have 36 available symbols that you
can use right so the strength of that password it's going to be 36 * 4 right and of course
that means more possible combinations that just send for dates right which we already
started is just 10,000 possible combinations right so you see just by doing that either
increasing the length or adding a new family at symbols you are making your password
stronger so now let's say that you also allow uppercase letters so now you have 26
lowercase letters 26 uppercase letters that's what 52 + 10 digits so 62 possible characters
times four because remember your pin code is born characters long so that's the new
strength of that password right now if you combine all of these things you have a very
strong password for a brute force attack right let's say the you add support or do you have
a password that has 14 characters long it's 14 characters long each of each of those
characters could be one of the 256 possible characters in an ASCII code table so that
means that the strength of your password is right now 256 to the 4th yes to the 14th right
so you see it's it's a really strong password right before remember when you have your pin
code with four digits right you have what 10 to the 4th then you added 26 lowercase
letters so you have now 36 to 4 then you added 26 uppercase letter and that was 62 to the
4th that's the strength of the password right but in this case you have 14 spaces in each
one of those spaces could be one of the 256 possible ASCII code ASCII characters so you
have 256 to the 14th power that's the strength of your password so you see we can
manipulate this trend by either by either important more characters or making the length
of the password on this case longer right so that brute force attack in how we can protect
against brute force attacks because remember brute force attacks is just trying all possible
combinations and that's why we're we're just and making the number of possible
combinations larger right but that's not the only way that we can attack passwords yeah
so there is one way or when we stored passwords after the recommend that way to do it
it's too store the password in some sort of encoding or better yet encrypted form OK in
one common encoding mechanism that we can use is this is not an incription this is just a
type of encoding it's two compute the hash value of a password now in our next chapter
we are going to talk about the cryptography we're going to discuss hashing functions in
hash values in all of that right but right now what is going to happen is that we're not
going to store the password we're going to store and representation that password right
it's the same password but in a different form the problem with hash functions is that they
are fixed in output meaning that if you if you use with the the hash function if you use the
same input you will always get the same output right so what could happen there is that
we can create or we can precompute tables with hash values for common commonly used
passwords in commonly used words right this is usually called a rainbow table or is a type
of this table is called a rainbow table right but it's basically just think of bunch of words
and you have the hashes for all those words then you can compare the hash in the table
with the hash value stored and assisting if you have a match then by doing the reverse
look up in the table you can have the actual word that created that hash value meaning
you can have the original password right so one way to prevent this type of table attacks
it's to make the hash value change all the time make it unique and the way that we do
that is by adding a random piece of information that is called salt like in salt and pepper
right so this salt it's just a random number it's just a random value that you can somehow
add do the hash value of the password anyway make the password look unique or the
hash value of the password look unique every single time right so these kind of attacks it's
been not that trivial it's still possible actually rainbow table attacks is one of the most
problematic attacks for passwords right but it's not that trivial if you are not using salt
then it is very true OK now another type of attack that we can have in passwords it's what
we call the dictionary tag so we know what a brute force attack is right trying all different
possible combinations but we can be smart about that instead of trying all possible
combinations why don't we try first things that might be a good password candidate for
the victim maybe we know the victim maybe we've been profiling the victim so we know
the victim's favorite color or their sport their favorite sport team or their children's names
or their no pets names I don't know I mean all these ideas could actually help you to make
a list of set certain words or passwords that will have a higher possibility or probability to
be the actual password right so if that doesn't work then we can switch back to a brute
force attack but first we are going to try some very strong candidates or being passwords
right so and that's what we call a dictionary attack and of course you can read this over
and over again people tend to use common words or words from dictionary or words that
add are easier to remember then run the friend and passwords right so dictionary attacks
are actually pretty common in the industry because well we're not that smart when
creating our advisors maybe maybe I don't know and I don't need an answer for this this is
just another rhetorical question right maybe some of you are actually using a password
that has a common word in it or that is I can work maybe it's your dad's name or your
parents name or I don't know something that if I know you enough I can have a good
guess what your password might be OK and that's exactly what addition dictionary attack
is right so again remember the best solution for all these attacks the best defense for all
these attackers first choose a very strong password but we know because of the password
paradox that using strong passwords than it's harder for us to keep all those passwords
and remember those passwords and that's why we need to use a good password manager
and I hope that you use the long weekend to decide which one is going to be your new
password manager if you don't have one OK so I mean you can keep reading this light
clear in and get a better sense of all these attacks and the rest of the material here
actually it is always a good idea to go through the set of slides before the class sometimes
I use this slide sometimes I don't but this light still have very good information about the
things that I'm going to later explain during my class right now I want to jump all the way
here and talk about ethics right now ethics it's this is not an ethics class it is not like we are
going to devote hours and hours trying to define what ethics is actually what I what I want
to do is to well star this this notion or this idea that ethics is important for us and in start
that curiosity spark that curiosity curiosity and in all of you regarding what its ethics right
so for example what are the difference between morals ethics and laws right because be
the same thing or they they could look like the same thing right and of course there is no
final or definite answer to that question there are people who still debating about the
difference between morals ethics laws rules and all of that so just for the sake of the
discussion I'm going to use a very simplistic definition for all of these that although it
might not be true all the time it's try lots of times and give us a good starting point or a
good reference point to discuss ethics in general right so how can we define moral so one
way to do it is to say that morals are your personal beliefs right it's what you think ask you
or back and based morals are usually influenced by some external factors like maybe your
family your moral values your moral principles that you see at your house at your home
maybe your religion right all of these will give you a sense of what it's good and what is
bad or what you consider as good and what you consider aspect but nonetheless morals
are personal beliefs and we should never ever judge based on morals because well turns
out that we are different and we have different beliefs that so for example I'm a I'm a
Catholic person myself right so of course my my morals or what I consider as good or bad
art strongly influenced by my Catholic fruit right so but that's just me other people maybe
don't believe in in in God role and that's fine right it's it's our choice right maybe they have
a different set of there is going to be some overlap hopefully I hope so right but I cannot
work under the assumption that everybody will think exactly as I think that everybody will
consider good or bad exactly the same things I consider good or bad now if I go to charge
at church if I if I talk with people in my in my in my group yes we are going to have pretty
much the same beliefs but that's because we are strongly influenced by our religion right
now when we have that kind of situation when we have I don't know a group of people
that more or less believing the same that's closer to what we call ethics so we can define
ethics as the morals for a group every single group every single Anne club or group of
people or organization will have its own ethics and again the ethics from 1 I shrink might
not be the same ethics for another group right so for example when you join spoiled you
accept it or you agree on upon the ethics of spoke let's say that you join I triple E while
you are bound by the IEEE book of ethics there's actually a book of epics in IEEE so you see
all these groups they will have different ethics they will have different beliefs again we
might have some overlap but they are different so one more time we should not judge by
ethics outside the group within the group yes we can use our ethics code as a way to
decide when you did something wrong or when you did something good OK so just want
one thing that you need to keep clear it's that when you join an institution when you join
a group or something like that you are accepting their ethics you're actually signing
something saying yes I agree with these policies with this ethics with this rules even if you
don't agree with them you are accepting them and nobody forced you to do that I hope
right I hope that nobody forced you to come to us bold and accept what spoiled things as
good or bad so you know spoiled doesn't like cheating right also spoiled us and like I don't
know indecency right we don't have installed a dress code percent at least for students
right we don't have a dress code but that doesn't mean that you can dress whatever you
want right or not trust anything at all right there is still some expected sense of caring
about the others right not making others feel uncomfortable OK so and of course on top
of all of this we have loss and loss R a way to standardize in a society All these practices of
what's being considered good and bad right so we live in society as humans we like to live
in society we like to live in communities we like to leave as group we share the world with
other humans right and in order to do that we need to have a good framework a good
reference point of what is considered good and what is considered bad and that's what
we call loss and loss are usually established by government right and there is no need for
two countries to have the exact same lot now there is also the concept of international
law which are certain laws that are recognized as universal but everything by every single
country but within a country the government government will specify what it's considered
good and what is considered that right and again if we are part of that society where part
of that country we need to follow those laws we need to play by the rules right you know
that killing somebody all is considered murder and you can face some jail time right it
doesn't care if this is morally right or wrong according to you or if you believe that this is
an epic or an unethical behavior the government doesn't care about that the government
only cares about what the law says and the law says that if you kill somebody well it's a
murder and for that you will face some jail time right not because I think it's wrong or
because you think it's wrong no because the law says so and of course that's why we have
loaner makers and that's why every four years we need to be very serious introducing
who are our law makers don't just choose whatever or whoever we need to pay attention
to you to whom we are given this power of making laws right and that's part of the
problem that we're having a society right we care more about I don't know we are giving
this power to somebody because I like him in a TV show right or because I like her in it's a
good singer or are they have a very entertaining talk show on the radio right but not
because of their lawmakers skills OK so we need to be very conscious about that we need
to be very careful about who are going to be our lawmakers because if we want to shape
or if we want to change the laws that govern our society well guess what that happens
there that happens without the people that actually make the loss and if we do a sloppy
job choosing them then we're going to have mediocre loss we are going to have the
problems that we had OK so this is the as I said a very simple definition of what moral
ethics in laws are they might look the same but apply to a basic stand they are pretty
much the same but apply in different context right turns out that the borderlines between
them are very blurry they're very blurry that's right it's not that easy to say well this is
moral and this is ethics right and that's why this is still an open an open debate in in
different people might have different opinions I just think that this might be a good simple
way to talk about them without getting into too much controversy right now why we care
about ethics well because I mean we're going to learn something very powerful we are
going to learn to hack into systems or we will acquire the the so the ability to maybe read
private messages or something like that but that doesn't mean that we should do that
right I mean this is like a superpower this is like Spiderman with great power comes
French braid responsibility is exactly the same here you are getting this power you're
getting all this knowledge can you abuse this knowledge course do you hurt somebody by
misusing this knowledge this power of course should you misuse this power just because
you have it that's why we should avoid that's where our ethics that that's where our moral
compass end for sure are lost should guide us into what it's OK to do and what is not OK
to do because I can't do something I should do it right that's a very wrong way of thinking
and you can people that actually says that for other concepts why are you doing this
because I can right that doesn't give you the right to do it if there is if we can express our
feelings that way right we need to have empathy for others and that's something that we
need to decide before hand before facing an epic dilemma before facing is strong situation
right we need to decide what type of person I want to be so later when we're actually
facing the dilemma we just act in the right way for the way that we just selected because
it used if you wait until facing this moral dilemma then you don't know what's going to
happen OK so just to give you some quick examples we're going to have a full activity to
analyze these kinds of situations and reflect on them and maybe write something or
express our ideas right but think of very simple scenarios right like I don't know you're
working in a company and your boss knows that you took this class and you know how to
hack into certain systems in your boss asks you to hack into his sons Instagram account
something like that right well that's lame other that's that's a very difficult situation to
your face because well you need to think what I'm going to do if I say no to my boss
maybe my job position it's online maybe I mean I won't be in favor of my Dawson maybe
I'll get a sack right maybe get fire or something like that so you're facing this day lemon
you're facing this difficult situation should I help my boss or or respect his sons privacy like
I should respect anybody elses privacy right so you need to think about that you need to
just think in advance what type of person I'm going to be maybe that situation is kind of I
don't know maybe it's easier for you to decide because nothing is on the line for you
maybe you're not invested much in the situation but let me give you a different example
let's say that you and your girlfriend boyfriend your significant other are taking my class
and I take an impromptu exactly like right now because you were I mean you read your
preferred to take the exam because that's your nature you are always prepared you are a
good person Scott right so your preferred to add your significant other it's not or your best
friend is not and they ask you to help them cheat in this game right will you do it would
you help others cheat in an exam have you think about this have this happened to you all
of these are rhetorical questions these are for you to analyze that's when you decide what
kind of person you want to be right and and I mean you need to speak what kind of
person you want to be in advance and then you are going to face all these situations and
you're actually going to test yourself you're going to test if you're actually the person that
you think you are right for good for bad for whatever decision that you take alright so try
to do this exercises in advance so you can later face this dilemma at least knowing what
kind of person you are and you want to keep B as I said we are going to have later a good
activity regarding this but I just wanted to start this spark in your mind about ethics both
things can have a huge ripple effect I don't know maybe your little brother sees you being
this disrespectful to your girlfriend I don't know something like that what kind of example
left are you giving your little brother maybe your little brother will grow up to also be like
you to also treat other persons without respect by being rude to other people being mean
to other other human beings I don't know even hurting we may not you see the point
right running the red light that doesn't it's OK I'm not hurting anybody right making a
double column to to make a U turn or waiting in the middle of the street because because
I can again the because I can Italian right it's not hurting anybody and then we are drive it
and we are we are always complaining about our society and we are always complaining
about RCD and the traffic is it's a chaos and then nobody it's good anymore but it just
started with somebody running a red light and somebody showing you that it's OK to do
that well it is not every single action will always have consequences right so again think of
these things in advance and decide what kind of person I want to be I want to be the kind
of person that with all that I will only behave is somebody is watching me or I will be the
kind of first hand I always try to do the right thing because it's the right thing to do OK
food for such that so OK so that's it and now we don't have much time left sorry but I
want to jump right back to mentink I want you at least give you a sense of how we use
mentai in in our class so please go to give me one second here their coupling go there you
can also go to menti.com and use code 87 fifty 5660 right either way you should go right
now TMNT and there we can start talking about this right so when we use mente I have
this again are going to be some slides but I'm going to use this slides in a very different
way it's a completely different dynamic we will have some questions for you you can also
ask me some more questions so it's more a more interactive experience I guess so right
now start go to this this website here have I been pawned and check your email I mean in
put your email in and make sure or check if you've been pound what what is what does it
mean to being pawn so let's say that you use your email as your username right so this
this website created in maintained by Troy hunt what it does is it takes it monitors all
these data breaches and all these compromises websites right it keeps a database of
compromised accounts so if you find your email there that means that some other
website or do you use your email as your username has been compromised ending
information has been leaked that information could also include your password so this will
give you an idea why reusing passwords is so bad if you are reusing passwords and then
you find yourself being pawn the password is pretty much done so how this works is that
you go here right you enter all your email password sorry all your email account that you
have if you have one at spot if you use one unspoiled check that check your email account
check your Hotmail account or your outlook or your whatever email accounts all the email
accounts that you have it it is a good thing to always check this right and if you get an
result that means that you've been pound and the side it's going to tell you on which side
your information was stolen from right so at least go to those sites later after class go to
those sites and change the passwords there also change the password that you use that
on that on that site change the original website or any other websites where you use that
password because that password is stolen already right so go go do that and then answer
here either choose yes or no depending on what the output of the exercise is here so for
example I'm not going to try any of my account let's say my account at sample dot com
right you try that and then you will you will get result saying so you see my account at
example.com and apparently has been affected by one data data breach right kind of
breaches where you were pound in gold silver in October 2018 the bullion education and
dealer services side gold silver suffer a data breach that exposed and 243,000 unique
email addresses spending customers and mailing the service so you see you can find
information where your account was pond right what else was solving from this
compromise bank account numbers email addresses IP addresses name partial credit card
data passport numbers phone numbers physical addresses purchase security questions
and answers Social Security numbers so you know all the information that was stolen for
that right so if you get at least one data breach on any of your email account then answer
yes here otherwise just answer it no so we have what 36 attendees today so we are still
shy 10 more answers so we we only have 26 here OK so go ahead do this exercise 29 can
you see well we can see a trend here right I will say what about double the chest the the
the number of people that being pawned it's about double off the people that say they
haven't been on right so 66% of you about 66% of you have been at some point in a data
breach incident your information your account had been stolen exactly what information
installing well that's why you can use this site to check eat your password it's part of that
information that was stolen then that password is gone and you should change that
password in all the sites where you use it right but you see it's about 66% and when I I did
this exit the same exercise with my morning group it was about the same result 66% of 10
so 2/3 Of the population have some point being pawn right their information had been
compromised again this doesn't mean that your email account has been compromised has
nothing to do with your email account has to be that with the fact that you are using your
or in some sites use your email account as your username right and the database is
searching for username and that's that's the information that they are finding OK 2/3 of
the population has a turn point being OK so that's a good exercise OK so next question
now what are the types of cyberattacks have you or maybe an organization where you
work done rushing to answer this question please read first read the entire question So
what other types of cyberattacks not just my password being stolen what other types of
cyberattacks have you or maybe the organization where you work suffered in the past and
end what was lost during the attack so you can say I don't know D dos and we lost
reputation or we lost money or we have a ransomware attack and we lost information so
you see that's the kind of answers that we are looking for other types of cyber attacks we
care here about cyberattacks right although I'd be very sad if you were marked in the
street right that that is not a cyber attack that is an attack yes but not a cyber attack we
only clear hear about cyber attacks so go ahead answer and there we go we have one
fishing at university some students lost their accounts yeah yeah actually in our spoil
account we get lots of phishing attempts so you should try it is recommended yearly you
develop this feeling for what it's again what is true and what is fake so you don't get you
don't become victim of a phishing attack then we have backdoor troyan but what was
what do you what do you lose in that attack so you see that's what I was saying don't rush
into answering the question Britain turn question we want the attack an what was lost
during attack fishing without loss I detected it OK so let's say that you detected phishing
attacks so yeah OK scan I lose I lost money and that happens when I try to find some
critical sorry I went to that OK listen learn right my ex girlfriend broke into my Facebook
account yeah then you you lost what your dignity fishing however we didn't we didn't lose
any information right DDoS we lost money an clients fishing directed to students emails
the issue happens alot of some and some people fall to these attacks losing their accounts
in the process yes this is something that happens quite or actually happens a lot here
sport OK phishing denial of service malware but what did you lose my computer has been
used as a dummy for crypto coins mining yes that's common malware attack right and it
happens mother there are different ways that you can that you can get that type of
malware account if you tend to use pirate software that's one way that you can get a
crypto miner but actually a very common way to do this it's by websites when you visit not
so respected websites so one experiment that that or sometime I like to do was to check
what was director doing when there were no big sport events like work OPS and things
like that and most of the time they they they they use those sport events like the Super
bowl or something like that to inject crypto minor while you were watching the sport
event your browser was actually cryptomining by using some script that was running there
virus through a PDF I lost my device because it was sorry to hear that yeah that sucks none
but I have any I have some friends that I could hear that fishing in the steam account that
was also an answer this morning and yes I think about a year ago there was four girls close
to Christmas I guess there was a big steam account incident people they lose money their
people start with the attackers used the turn money to buy games stolen password and
almost lost the account that managed to recover it and change all powers passwords
immediately so number have any friends yes fishing fishing is a very common a cyber
attack so you see right we have what 19 answers right now of people being tagged or
suffering from cyberattacks so this is actually real this is not something that we are just
making some years ago due to a hacking attack I lost my PS network account and my PS3
digital games yes I remember when I don't know but I remember a big PS PS network
PlayStation Network attack back in 2012 maybe around that time I don't know if you're if
you're referring to to that incident or maybe 2010 Anne I don't know but someone always
enter my social networks and block them I mean if this if this keeps happening after you
change passwords then you're either using and still using a very wake password or some
of the devices that you're using are compromised meaning that there are ways like
malware or some similar ways for attackers to get access to your account OK so check that
maybe format everything if you if you can if you can afford change devices change them if
you can't at least format then factor reset them and be careful what you install on those
devices breakdown stole stolen software or pirate software or be very careful websites
you visit because that's how you can get a compromise many people say key selling
websites use stolen card numbers to buy the keys I do not know how much of that is true
though not sure if all of them or if some of them do that what day the majority of these
sites do it's that their keys that software developers they sell these for for new accounts
or for corporate accounts as you say for new corporate accounts right so they they sell
these the same license that will have at pretty much unlimited number of installs or
instances right so pretty much everybody on that company let's say for Windows they will
have the same great license number maybe there are some difference there but pretty
much the same the same license number well that's the kind of licenses that this site cell
because so for developers they don't check the number of installations that these licenses
are being used when you buy a license you usually get a number of installations
sometimes or the majority of times is just one sometimes you can install it into three
devices and that's it once you've installed in three devices the license is no longer good
you cannot use it anymore unless you remove it from the previous device but the kind of
licenses numbers that list sites cell are corporate licenses that have like an unlimited
number of installations OK so thank you so much for all your contributions someone
hacked my Amazon account and they purchases with the credit cards that were to say
virtually we were able to block that Ouch that hurts I mean yeah that hurts hopefully I
mean I'm I'm glad that you were able to stop that and you didn't lose any money in the
process although it's still a big problem right so now you get a sense of what cyber attacks
are thank you so much let me move to our next slide so in in mente there's always there's
always an ask me anything slide here you can write any question that you want I will get a
notification on my screen I can check the question and answer those questions you can
also use this icon here that looks like two bubble chats here you can also use that chat
icon to right your question you can do it from the slide or you can do it from the icon over
here right and then the way that we do it in in manti it's that I usually give you some some
things to do a video to watch maybe podcasts to listen or web page to read something like
that free quick activity once the activity is done we come back to 90 and then there are
going to be some questions ask here for you to to compete and why why I say compete
because you're getting point by answer fast incorrect right if you answer fast and you
answer correctly then you get a bunch of points and this will start getting or start this will
create a leaderboard for all your points are going to be accumulated for this session at the
end of the session we're going to have a winner and at the end of the semester I will get
all these points for all the times that we use mente I will get all these points and have a
winner for the semester and that winner for the semester will have a special gift maybe I
don't know some coconut cookies or maybe some chocolate candy bars or maybe I don't
know maybe some extra points I don't know why not OK so that's how that's how that's
how it works with meeting now I do want you to experience this but I'm running a little bit
out of time here in about two more minutes type 20 the next pop quiz it's going to pop OK
so let's wait for that finish finish the pop quiz and then go in watch this YouTube video go
it's about 6 minutes once you're done with that come back to 90 Anne you there is one
question here that you can answer after watching that video so you could you could see
how the leaderboard works and everything right and then if you want to stay past the
time and I know I'm going to be past the time but if you have nothing else to do and you
can spare 1015 more minutes we can finish with the second activity and the second
question here on mente and you will see the final leaderboard so if you can stay please
stay right now whenever we're ready to answer the question after watching this activity
please make sure that you use your full name your first name and your last name because
remember this will create a leaderboard and I need to know who the winner is so I can
give you the price so if you use the the default mainte names you will be registered as
Simba or butterfly or brown shoe or something like that in 1/2 no idea who brown shoe is
going to be right so make sure later when we are about to answer the questions make
sure that you input your first and last name right so I can find you perfectly in the
leaderboard OK so if I'm not and the pop quiz then watch the video in
combattomentumnt.com for that question OK we'll try to do this as fast as we could OK so
come back to Monty let me share my screen and then we'll start with the first question OK
so this is how it usually works right there is a quick activity I need to do and then you will
you are going to answer some questions now for every single slide you find this set of
icons here and you can use them to also express your feeling about the information that is
being shared if you like the the slide you can use this I can see here now this one here that
looks like a cat I don't know what it means I well I didn't know its meaning until my
previous semester when I asked about it and somebody answer me oh that's not a cat
that's bad man and that's amazing right because bad man it's awesome so it is not a cat
it's awesome as Batman so if you think that the information here it's awesome as Batman
then use the bathroom and I can write it's not a cat don't you dare do think that's a cat it's
bad OK now there are two other things that you can do you can use the first slide here the
first icon here this is a command but it's a simeral meaning that you can write a command
but it's going to disappear it's going to show here for a couple of seconds 1/2 seconds and
then it disappeared and it's gone forever right so if you write that and don't think that it
will stay here for me to read that if this is an actual question use this one here there you
can see that you can you can write that type of that type of interaction right amazing or
quick quick criminal commits right it is an actual question used the ask me anything it's
like OK so now that you are familiar with the things that we do here in mente let's go to
our first question remember this is this is where you need to include your real first name
and last name OK here we go so get ready don't forget it use your real first name and last
name here we go remember you need to answer fast and correctl OK times up so the
video just watch you actually saw a social engineer in action right hacking into somebody
elses cell phone account by phone just by using the phone by pretending to be a mother
in despair with a crying baby background in almost that right so I hope that you find that
examples quite interesting in and that's something that is real that's what social engineers
do all the time that's why we need to be very careful and not trust even when we hear
because that also could be fake right so the question here was what human trait what
characteristics of humans were most likely used by the social engineer to attack the
victim's cell company cream here there were two things that the social engineer word
trying to exploit during the call to the kindness and the good willing of the other the other
the other part right on the call the kindness and the goodwill in of the cell companies
employee right so she presented herself as somebody that needs that needs a break they
need to hand that it's not having a such a good time right having baby crying in the
background and and and you know it that could be annoying as well as moving to ching
that i mean you
End that goodwill and that's just how we are as humans right I I believe that in journal it's
in our nature to be good to others right to try to help them So what were the the trace
exploited here most likely kindness and goodwill and so if you choose if you choose any of
these two options you get the points OK so here is R first leaderboard or are partial
leaderboard for this afternoon so we have samira Suarez with 970 points at the top of the
leaderboard so she is the fastest so far she is the leader second place for Adriana glenroe
957 points and any lower 948 pounds we still have one more question one more quick
video to watching YouTube followed by a question and that will be end up armenti
activities with this afternoon you can still end on top of the leaderboard before watching
that other video other resources if you like this idea of social engineering other resources
that you can use watch this hacker break into a company this is another very interesting
YouTube video I strongly recommend you to watch social engineering this is a crash
course what social engineering is how you can start doing social engineering in improving
your social skills in the last one is a very interesting resource it's about search engines for
people you can trying to find as much information as you want or as you can regarding
people or all since this is a must right in most of this information is going to be extracted
from public profiles on on social networks and and similar websites like that right it works
better for people that lives in the United states so if you know somebody that lives there
may be an aunt and uncle or causing a friend or something that you can try using during
the if you if you're planning to test these search engines right so here we go this is the
second video on YouTube model word difference between computer viruses worms and
troyens not all malware is the same so please pay close attention to the difference is
expressed in the video regarding viruses worms Trojans ransomware spyware they're not
the same and the general turn or all these type of malicious software is actually it is a
mistake calling all of this virus is there not virus the right turn it malware right a virus is
just one type of malware right OK so go ahead and watch the video this video it's about 2
1/2 minutes right so watch it and come back for the last question of this afternoon