Main security threats¶
Brute force¶
Fig. 1 Time to brute force a password as a function of length and complexity. Credit: http://www.yourdestinationnow.com/2020/07/brute-force-password-guessing-picture.html¶
Fig. 2 Same as Fig. 1. Credit: Hive Systems with data sourced from https://HowSecureIsMyPassword.net¶
Credential stuffing¶
Traffic Interception (http, unsecured Wi-Fi)¶
Fig. 4 Percentage of websites using security certificates. Source https://W3techs.com¶
Useful links¶
Fig. 11 Troy Hunt, creator of https://haveibeenpwned.com/.¶
Fig. 12 https://haveibeenpwned.com/.¶
Risks¶
Mail¶
If your APC email is compromised, the attackers will
send a massive amount of SPAM from it => the mail servers of IN2P3 will be blacklisted :(
target email attacks with links or attachments to infect a professional computer => then rebound towards the interior of the IT park to infect more machines and potentially do a lot of harm
Commercial websites¶
If your password has been hacked, the attackers will try it on every commercial website, like Amazon, Ebay etc., to buy something on your behalf.
Social engineering¶
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information (source Wikimedia).
Phishing exemple¶
Fig. 5 Always hover over the link to reveal its destination before clicking.¶
Fig. 6 Check the email address of the sender (not just the displayed name).¶
Fig. 7 Also check if the email was sent to you or to lists of people that are totally irrelevant.¶
Checking a email header¶
Fig. 8 Show the raw header of an email on the Zimbra webmail.¶
Fig. 9 Carefully inspect the origin of the email.¶
Signal spam¶
Fig. 10 Take the time to report any malicious emails as spam. This will help the community fight them.¶