To do: April 13
Safe Computing MC Practice #1: A bank customer receives an e-mail from a sender claiming to be a bank employee. The e-mail asks the customer to provide personal information and to call a phone number if he or she has any questions. The customer suspects the e-mail might be a phishing attempt. Which of the following responses is most likely to be a privacy risk for the bank customer?
A) Calling the bank at its official phone number to ask whether the request for personal information is legitimate
B) Calling the phone number given in the e-mail and providing the personal information over the phone
C) Checking that the domain name of the sender’s e-mail address is associated with the bank
D) Conducting a Web search to see if other people have received similar requests for personal information
Safe Computing MC Practice #1: A bank customer receives an e-mail from a sender claiming to be a bank employee. The e-mail asks the customer to provide personal information and to call a phone number if he or she has any questions. The customer suspects the e-mail might be a phishing attempt. Which of the following responses is most likely to be a privacy risk for the bank customer?
A) Calling the bank at its official phone number to ask whether the request for personal information is legitimate
B) Calling the phone number given in the e-mail and providing the personal information over the phone
C) Checking that the domain name of the sender’s e-mail address is associated with the bank
D) Conducting a Web search to see if other people have received similar requests for personal information
Safe Computing MC Practice #2: Which of the following best exemplifies the use of keylogging to gain unauthorized access to a computer system?
A) A user unintentionally installs a program on their computer that records all user input and forwards it to another computer. A few weeks later, someone else is able to access the user’s computer using the recorded data.
B) A user has a very common password for an online banking account. Someone else guesses the password after a few attempts and gains access to the user’s account.
C) A user logs into an unsecure Web site. Someone else is able to view unencrypted log-in information as it is transmitted over the Internet. The user has the same username and password for multiple accounts, so the user’s log-in information for multiple systems may be compromised.
D) A user receives an e-mail that claims to be from the user’s bank. The e-mail instructs the user to click on a link to a Web site and enter a username and password to verify an account. Shortly after following the steps, the user discovers that the Web site is fraudulent and that the user’s username and password were stolen.
Safe Computing MC Practice #2: Which of the following best exemplifies the use of keylogging to gain unauthorized access to a computer system?
A) A user unintentionally installs a program on their computer that records all user input and forwards it to another computer. A few weeks later, someone else is able to access the user’s computer using the recorded data.
B) A user has a very common password for an online banking account. Someone else guesses the password after a few attempts and gains access to the user’s account.
C) A user logs into an unsecure Web site. Someone else is able to view unencrypted log-in information as it is transmitted over the Internet. The user has the same username and password for multiple accounts, so the user’s log-in information for multiple systems may be compromised.
D) A user receives an e-mail that claims to be from the user’s bank. The e-mail instructs the user to click on a link to a Web site and enter a username and password to verify an account. Shortly after following the steps, the user discovers that the Web site is fraudulent and that the user’s username and password were stolen.
Safe Computing MC Practice #3: A user purchased a new smart home device with embedded software and connected the device to a home network. The user then registered the device with the manufacturer, setting up an account using a personal e-mail and password. Which of the following explains how a phishing attack could occur against the user of the smart home device?
A) A vulnerability in the device’s software is exploited to gain unauthorized access to other devices on the user’s home network.
B) A vulnerability in the device’s software is exploited to install software that reveals the user’s password to an unauthorized individual.
C) The user is sent an e-mail appearing to be from the manufacturer, asking the user to confirm the account password by clicking on a link in the e-mail and entering the password on the resulting page.
D) The user’s account is sent an overwhelming number of messages in an attempt to disrupt service on the user’s home network.
Safe Computing MC Practice #3: A user purchased a new smart home device with embedded software and connected the device to a home network. The user then registered the device with the manufacturer, setting up an account using a personal e-mail and password. Which of the following explains how a phishing attack could occur against the user of the smart home device?
A) A vulnerability in the device’s software is exploited to gain unauthorized access to other devices on the user’s home network.
B) A vulnerability in the device’s software is exploited to install software that reveals the user’s password to an unauthorized individual.
C) The user is sent an e-mail appearing to be from the manufacturer, asking the user to confirm the account password by clicking on a link in the e-mail and entering the password on the resulting page.
D) The user’s account is sent an overwhelming number of messages in an attempt to disrupt service on the user’s home network.
Cybersecurity risks in today's news
Unit 10 Lesson 7 - Wrap Up
Let's Play: Team mode with your table partner - groups of 2 or 3
AP CS Principles AP Exam: Section 1 MC
Go over homework:
Do This: This message was encrypted using a Caesar Cipher (an "alphabetic shift"). Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet)
serr cvmmn va gur pnsrgrevn
Unit 10 Lesson 9 - Warm Up
Key: ?
a b c d e f g h i j k l m n o p q r s t u v w x y z
Do This: This message was encrypted using a Caesar Cipher (an "alphabetic shift"). Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet)
serr cvmmn va gur pnsrgrevn
Unit 10 Lesson 9 - Warm Up
Key: change every letter by 13
free pizza in the cafeteria
a b c d e f g h i j k l m n o p q r s t u v w x y z
Caesar Cipher
Unit 10 Lesson 9 - Activity
Do This:
Unit 10 Lesson 9
KEY WORDS:
Encryption: a process of encoding messages to keep them secret, so only "authorized" parties can read it.
Decryption: a process that reverses encryption, taking a secret message and reproducing the original plain text.
Cipher: the generic term for a technique (or algorithm) that performs encryption
Symmetric Key Encryption: involves one key for both encryption and decryption.
Unit 10 Lesson 9
KEY WORDS:
Caesar's Cipher: a technique for encryption that shifts the alphabet by some number of characters.
Cracking encryption: When you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to crack the encryption.
Caesar Cipher -> Symmetric encryption
When you are cracking the Caesar Cipher you are trying to figure out how many steps each letter was shifted - you are trying to discover the key.
Random Substitution Cipher
Unit 10 Lesson 9 - Activity
Do This:
Random Substitution Cipher
Unit 10 Lesson 9 - Activity
Do This: Crack a message using the tips we just talked about
Random Substitution Cipher -> Symmetric Encryption
If random substitution is an algorithm for encryption, what is the key to a random substitution cipher?
Random Substitution Cipher -> Symmetric Encryption
If random substitution is an algorithm for encryption, what is the key to a random substitution cipher?
The key is the actual letter-to-letter mapping that was used to encode the message - it can also be used to decrypt the message.
What makes encryption strong?
The Enigma machine
The Enigma machine
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case. The Enigma machine is more complex but is still fundamentally a polyalphabetic substitution cipher.
Vigenère Cipher Recap
Vigenère Cipher Recap
For a long time, the Vigenère cipher was considered to be an unbreakable cipher and was used by governments to send important messages.
But in the 1800s Vigenere was discovered to be susceptible to a modified form of frequency analysis. After that point it was considered insecure. Still the properties of Vigenere that we've found are desirable.
Unit 10 Lesson 9 - Wrap Up
KEY WORDS:
Encryption: a process of encoding messages to keep them secret, so only "authorized" parties can read it.
Decryption: a process that reverses encryption, taking a secret message and reproducing the original plain text.
Cipher: the generic term for a technique (or algorithm) that performs encryption
Symmetric Key Encryption: involves one key for both encryption and decryption.
Unit 10 Lesson 9 - Wrap Up
KEY WORDS:
Caesar's Cipher: a technique for encryption that shifts the alphabet by some number of characters.
Cracking encryption: When you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to crack the encryption.
Homework