Reflection: Have you ever…looked at a software user agreement?
Every service you sign up for requires you to agree to certain terms and conditions. Research a service you use to stream media. What does the agreement say about audience sizes or sharing your login details? Have you ever (oops) broken the user agreement?
Key concept: Transmitting data
This episode explored how data is transmitted through the internet. All computer data is expressed through a binary system that uses just two digits—0 and 1. In binary, the individual zeros and ones are called bits. To simplify data processing, computers group bits together into bytes. Each byte has eight bits. Bits and bytes are grouped together to represent familiar abstractions, such as numbers, images, and letters.
Reflect:
ASCII is a code that represents alphanumeric characters using bits.
ASCII, a much older system than Unicode, can encode just 128 possible characters—as opposed to the thousands available in Unicode. It was designed to represent the standard Roman alphabet that's shared across a number of languages, along with numeric digits and basic punctuation.
Find some images of the facade of the University of Technology Sydney (UTS) Engineering and IT building and find the meaning behind the design.
Can you identify other examples of binary used in public spaces? Look up the ASCII code for the letters in your first name and write your name in binary. Swap with a partner and see if you can decode their name.
On the internet, information travels in packets. For example, an email message might be broken into pieces that contain a set number of bytes; each piece is a packet. Each packet contains two components: the data itself and its metadata. Metadata contains information for routing each packet to its destination. It also contains information about each packet's relationship to the whole, such as its order in the sequence. To transmit packets efficiently, each one is sent to its destination by the best available route, which might be the same or different for the other packets in the message.
Reflect:
Consider an email that's transmitted over the internet in packets.
What metadata do you think each packet of an email message might contain?
Would some metadata be the same for every packet that originates from your computer?
Key concept: Protecting user data
Websites use passwords, multifactor authentication, and other methods to verify that a person on the other end of a connection is who they say they are. They also use encryption to ensure that if anyone who might intercept the information before it reaches its destination won’t be able to read it.
Reflect:
Think about the devices you’ve used today and when you input or accessed personal data.
What authentication processes did you go through?
Did you use a password?
How many different passwords do you have, and how do you remember them all?
Assess your online behaviors over the past 24 hours and give each interaction a security gold star or a risky behavior exclamation mark. Compare your personal report card with a partner and discuss the reasons behind your choices.
Explore further
Security challenges
No computer system is completely secure; they all have errors or design flaws. You could unknowingly share your passwords or other sensitive private data with the wrong people. And a persistent and talented hacker can exploit weaknesses in the systems that protect your data.
Social engineering
Data thieves try to persuade you to share your password and personal data using what’s called social engineering. Phishing is an example of social engineering in which scammers create a fake website that looks exactly like a real company's website, often using actual corporate images and logos. They can lure you into visiting their website by perhaps using an official-looking email about your account or with a seemingly ordinary attachment. As soon as your device connects to the bogus website, the scammer may be able to access personal data. And if you follow the login prompt on the website, they'll certainly be able to grab your login information and help themselves to all kinds of personal data.
Tip
One way to avoid being scammed is to verify the identity of a site by checking its address in the address bar of the browser. Most browsers will identify secure, verified sites with a lock icon; scam sites likely don’t have that icon.
Hacking
Hackers look for weaknesses in code, a system, or a design that might enable infiltration. Black hat hackers exploit these weaknesses for their own benefit. Their motivation is to sell data, disrupt systems, and expose secrets for financial gain or notoriety. Cybercriminals infiltrate the network of a public or private entity, tunnel their way into confidential data, and extract what they find. Such breaches can compromise millions, even billions, of private records and sensitive data.
Hackers use multiple techniques to break into systems. Viruses—programs that compromise a computer and spread to computers connected to it—are ways to get into a system. Computer viruses can attack any type of system, from personal devices to large systems that run corporations. Virus-scanning software can protect systems against infection.
Viruses are part of a larger category of malicious software called malware. Some malware is aimed directly at individual users. It often appears to be innocuous—or even beneficial—such as a virus scanning app, available as a free download. The app usually asks for permissions when it runs. Once a user grants those permissions, the software is able to install viruses or harvest information. Malware might install a keylogger which tracks every keystroke a user makes, including sensitive data like account names, passwords, and other PII.
Other systems can be hacked as well. The devices that help you connect to the internet—wireless routers—can be compromised by malware, especially if the router’s default admin password was never changed. The router can be turned into a rogue access point, which is able to examine all data that flows through it; unencrypted data can be stolen. If the access point is part of a private network inside a secure facility, somebody outside could access the network and hack the systems it connects.
Tip
To protect your security, regularly update your software—both apps and operating systems. Good software developers are constantly tracking vulnerabilities in their code and releasing updates to make it more secure.
Research this:
Consider hacking.
Hacking isn't always bad. White hat hackers expose weaknesses as a public service, alerting companies about their vulnerabilities. Some companies offer bug bounties to people who report weaknesses. They may even hire hackers to test and strengthen their internal systems, a process known as penetration testing, or “pen testing.”
Find out more about pen testing and white hat hackers and what they do. Share your research with your class.
