The Web, HTML, Malware, and Passwords (Week 12) Flashcards

1
Q

What is the Internet?

A

Internet is a network of networks. It’s a loose, unstructured, ad hoc, chaotic collection of networks, all connected to each other.

Internet – first link was established in 1969

Internet ≠ World Wide Web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the World Wide Web (WWW)?

A

The Web are the pages viewed at a computer/mobile device. The web is a collection of information that can be accessed via the Internet.

The World Wide Web was invented in 1989 by Tim Berners-Lee at the European Org. for Nuclear Research (CERN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the Building Blocks of the World Wide Web (WWW)?

A

Berners-Lee created the building blocks of the WWW
* URL system – Uniform Resource Locator
* HTTP – Hypertext Transfer Protocol
* HTML – Hypertext Markup Language
* First text-based browser (in 1990)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Uniform Resource Locator (URL)?

What are the parts of an URL?
e.g. http://camosun.ca:80/about/documents/la_map.pdf

A
  • Method of describing locations of resources (files, documents, etc.)
  • e.g.: http://camosun.ca:80/about/documents/la_map.pdf

http = protocol
://camosun.ca = Host Name
:80 = Port
/about/documents/ = path
la_map.pdf = File Name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the Hypertext in Hypertext Transfer Protocol (HTTP) mean?

A

Text that contains hyperlinks, which are references to other documents that we can follow by clicking – commonly called links.

(See 10.1 How the Web Works in the text)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Hypertext Markup Language (HTML)?

A

HTML is the code that is used to structure a web page and its content.

Think of this as the layout of content. A layout is a structure (the skeleton) of a page. It could include set of paragraphs, a list of bulleted points, or using images and data tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are 5 major properties of Hypertext Markup Language (HTML)?

A
  1. Hypertext Markup Language (HTML): HTML is the standard markup language used to create and structure content on the World Wide Web.
  2. HTML provides a set of elements or tags that define the different parts of a web page, such as headings, paragraphs, links, and images.
  3. Semantics: HTML is designed with a focus on semantic meaning. Each HTML tag carries a specific meaning, indicating the purpose or role of the content it encloses. This semantic structure helps search engines, browsers, and other devices to interpret and present web content appropriately.
  4. Cross-Browser Compatibility: HTML is a key component of web standards, promoting consistency and interoperability across different web browsers. By adhering to HTML standards, developers can create web pages that display consistently and correctly across various browsers and devices, providing a seamless user experience.
  5. Document Structure: HTML defines the overall structure of a web document. It consists of a hierarchy of elements, starting with the <html> tag, which contains the entire document, and includes essential sections like <head> for metadata and <body> for the main content. This hierarchical structure organizes content and ensures proper rendering by web browsers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are 5 major properties of Hypertext Markup Language (HTML)?
(Shorter Version)

A
  1. HTML is the standard markup language used to create and structure content on the World Wide Web.
  2. HTML provides a set of elements or tags that define the different parts of a web page
  3. Semantics: HTML is designed with a focus on semantic meaning. Each HTML tag carries a specific meaning, indicating the purpose or role of the content it encloses.
  4. Cross-Browser Compatibility: HTML is a key component of web standards, promoting consistency and interoperability across different web browsers.
  5. Document Structure: HTML defines the overall structure of a web document. It consists of a hierarchy of elements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Cascading Stylesheets (CSS)?

A

Cascading Stylesheets enable us to separate document content and its presentation

Allows for more flexibility in web page design and styling.

Allows for design efficiency and accuracy.

Originally, HTML came without CSS => content and presentation information were closely intertwined – e.g. inline styling.

CSS helps to present content of the same HTML document on devices with different screen sizes
(Lab 08 HTML/CSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Client-Side Scripting?

A

Client-side scripts (like JavaScript programs) run locally in a browser and enable interactivity (behavior
of the page) on top of HTML and CSS

When you visit a website, your web browser downloads the web page, and if the page contains client-side scripts written in languages like JavaScript, those scripts are executed on your computer.

This allows dynamic changes on the page without having to communicate with the server again. Common tasks handled by client-side scripting include form validation, animations, and interactive features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Server-Side Scripting?

A

Many web sites also use server-side scripts that are executed by the web server and process user input

Server-side scripting involves scripts or code that run on the web server, processing requests and generating dynamic content before sending it to the user’s browser.

When you interact with a website by submitting a form, requesting information, or logging in, the server-side scripts operate.

These scripts are responsible for handling data, interacting with databases, and performing tasks that require server resources.

Once the server processes the request, it sends back the relevant information to the user’s browser, which can then be displayed or used to update the web page. Common server- side scripting languages include PHP and Python.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Active Content in Web pages and Browser Extensions?

A

Active content in web pages
* Web browsers also support the use of executable code (active content) besides JavaScript, e.g. Apple QuickTime and Adobe Flash (although less popular now)

Browser extensions (plug-ins)
* Enable features of hardware or software that is usually not accessible with HTML, e.g. file access on local machine, specialized camera access, etc.

Caution: we are at the mercy of downloaded executable code and often do not have control of the code performed on our computers. Be careful what you download and install!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is HTTP?

A

Hypertext Transfer Protocol is the foundation of data communication on the World Wide Web.

It is an application layer protocol that facilitates the exchange of information between a web server and a client, typically a web browser.

HTTP is the protocol that enables the retrieval and display of web pages, linking together various resources on the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does it mean to “Maintain State” in HTTP sessions?

A

HTTP is “stateless” => a server is not required to keep information between subsequent requests of the same client (called a “session”)
* meaning each request and response are independent of previous ones. The server does not retain information about the client’s previous requests. To maintain a form of state, technologies like cookies and sessions are often used.
* This is an obstacle for any site that wants to authenticate users with a login

Advantages/disadvantages of keeping state information in a session
* Allow browsing inside a password protected space
* Allow “personalized” looks and preferences
* Allow shopping cart transactions
* Allow focused advertising
* Allow tracking of web usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a HTTP Cookie?

A

One solution to maintain the state of a session are cookies
* A cookie is a small text file (max 4000 bytes)
* Cookies are sent to the browser together with the requested web page
* They are tied to a specific domain name and saved in local storage by the browser until their expiry date
* On the next interaction (with a server of the same domain), stored cookies are sent over to the server automatically with any HTTP request

Most browsers offer “private” or “incognito” browsing: cookies are only kept for the duration of the current browsing session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security Risks in Computer Networks?

A

There are many potential targets for attacks on networks:

  • Attacks on clients
    ** e.g. your desktop, phone, tablet
  • Attacks on servers
    ** e.g. your bank’s server computer
  • Attacks on information in transit
    ** e.g. eavesdropping in wireless networks
17
Q

What are some types of Malware for attacks on Clients?

A
  • Worm
  • Virus
  • Spam E-Mails
  • Phishing attacks
  • Ransomware Attacks
  • Trojan Horse
  • Spyware
  • Adware
18
Q

What is Malicious Software?

A

Originally motivated by vandalism and fun, e.g.
* Virus program: how many computers can it reach…
* Spam e-mails: chain letters like “forward this to ten friends…”

Turned into more profit oriented activities over time, e.g.
* Unsolicited advertising
* All kinds of scams (fraudulent business schemes)
** Example: Job Scams
* Identity theft, e.g. to steal some else’s tax refunds

19
Q

What is a computer Worm?

A

Piece of executable code, self replicating

Often does no harm except using computing resources

20
Q

What is a computer Virus?

A

Piece of executable code, often hidden in other files

Usually moves to new system by passing on software

Usually does some damage to the infected system

Viruses depend on users to spread them
* Originally via floppy disks
* Now USB drives, E-Mails and downloads

21
Q

What are some Malware Propagation Methods?

A

Visual Basic programs placed in MS Office files as “macros” (scripts)
* Macros may run when opening a file; Word, Excel, etc. typically ask users to confirm execution (this behaviour depends on Office settings)

Obscured executable E-Mail attachments
* NicePicture.jpg.exe, CoolGame.html.exe

HTML or Web based e-mail
* Scripts with malicious code inside HTML <script> tag
* E-mails with links to compromised websites

Many other vulnerabilities of systems (e.g. program bugs) and vulnerabilities of users (e.g. social engineering) are exploited

22
Q

What are Spam E-Mails?

A

Often just annoying advertising or chain letters

Sometimes ask for money or assistance, etc., often promise some kind of reward in exchange for help, etc.

23
Q

What are Phishing Attacks?

A

Fraudulent attempts to obtain sensitive information such as usernames, passwords, credit card numbers, etc.

E.g. a message from your bank, warning of account problems that need your login to fix them, fake e-Transfers, etc.

24
Q

What are Ransomware Attacks?

A

Threaten to publish the victim’s data or to block access to it unless a ransom is paid.

Target private users, companies or critical infrastructure, e.g. medical labs, voting machines, hospitals, school systems, etc.

25
Q

What is a (computer) Trojan Horse?

A

Trojan Horse: a game, a video, music, etc. with hidden code in an otherwise useful program, e.g.

Opens a backdoor allowing malicious actors to access your computer secretly, e.g. via Internet

Installs a keylogger that records your keyboard input, e.g. credit card information, and sends it to the bad guys

26
Q

What is Spyware?

A

tracks user activities, interests and/or location, e.g. turns on camera or microphone

27
Q

What is Adware?

A

shows unwanted advertisements; sometimes users agree to seeing ads in exchange for a service, e.g. Spotify

28
Q

How are Servers attacked?

A

Servers provide services to eligible users over the network – they can ́t be sealed off, e.g. online banking, D2L, etc.

Attackers try to get access to servers in excess of usual and intended services, e.g.
* Try to find loopholes to gain root access: highest privilege level that allows to change configurations and install software, e.g. a backdoor that allows attackers to come back any time
* Confuse services with unexpected requests and exploit errors, e.g. retrieve confidential/private information

29
Q

What is a Denial-of-Service Attack?

A

Villains frequently try to collect a ransom by disrupting services with Denial-of-Service (DoS) Attacks:

Flooding the targeted resource with huge numbers of requests in an attempt to overload the system

To prevent legitimate requests from being answered

Distributed DoS (DDoS):
* DoS attack carried out by a collection of compromised internet devices (servers, private computers, but also game consoles, TVs, etc.) a.k.a. botnets (network of web robots)

30
Q

What are some attacks on Information in Transit?

A

Internet: IP packets pass through multiple gateways/routers
* We may not know which nodes (routers) had access to packets

LAN: a “sniffer” may read all (broadcasted) network traffic
* Owners of Wi-Fi Access Points, e.g. public Wi-Fi in stores, may eavesdrop on us

Man-in-the-middle attack
* Intercept a message, modify it and pass it on
* E.g.: attacker might read and forward an encrypted password, but change the request

31
Q

How to Protect Information in Transit – Virtual Private Network (VPN)

A

Often provided by organizations (companies, colleges, etc.) to allow secure access to central resources, e.g. file servers

Between remote sites (branch offices, campuses)

For a single user that is off site, e.g. sales person

Connecting to a VPN typically adds a new network device with a new IP address (see ipconfig)

32
Q

What is a VPN?

A

Camosun uses a VPN for off-campus access to labs and servers, and probably a VPN to connect LANs at Interurban and Lansdowne with each other

VPNs use encryption to communicate in a secure tunnel across public networks (Internet)

This keeps the bad guys away from the internal network

“Virtual” means: a private network imitated by software

33
Q

What is a Password Manager?

A

Safely stores all your passwords (in an encrypted file)

You can use a separate password for each account without having to remember them, your password manager does the job

You need to remember only the master password to unlock the password manager (a.k.a. password safe)

34
Q

Password Manager Benefits

A
  1. No memorization of passwords!
  2. Highly secure passwords can be generated for you
  3. They can alert to phishing sites
  4. They are a digital inheritance – help your beneficiaries when you die. The pw vault can be accessed by a dedicated administrator.
  5. Saves time
  6. Can sync across operating systems
  7. Can protect your identity
35
Q

What makes a Good Password?

A

Good passwords are easy to remember and strong

How to create a password that is easy to remember?
* Derive it from a phrase that is easy to remember for you, e.g.
* Ewing is my favourite building at Camosun => Eimfb@C

What is a strong password?
* Not too short, e.g. 8 or more characters
* Out of a large character set: uppercase and lowercase letters, numerals, possibly also special characters (%§!?/$), etc.

36
Q

How is Password Strength determined?

A

Strength: number of possible combinations of symbols

Strength of PINs using decimals : 10 choices for each decimal digit
* 2-digit pin: 00-99; 4-digit pin: 0000-9999, etc.

Alphanumeric passwords with upper/lowercase letters, and numerals => approx. 60 choices per character
* 2-character password: 602 = 3600 possible combinations
* 4 characters: 604 = 12,960,000 possible combinations
* 8 characters: 608 = 167,961,600,000,000

Remember exponential complexity? => 60N combinations
* For every additional character, possible combinations are multiplied by 60

37
Q

What are some attacks on Passwords?

A

Dictionary attack
* Try out all words in a dictionary; many people use real words as passwords

Brute-force attack (also exhaustive key search)
* Try out all possible combinations, shorter keys before long keys

Combined “intelligent” approach
1. Use “social engineering” or research to guess the password: birthdays, names of loved ones, pets, favourite places, common lazy or default passwords
2. If not successful, do a dictionary attack
3. If not successful, apply brute force

38
Q

Safe Computing – Important (Part 1)

A

Spam: Never respond. See if you can use a spam filter (if your e-mail provider doesn ́t use one automatically)

Use an anti virus scanner. Windows built-in is sufficient. Update!

Links and attachments in e-mails
* Think twice before opening attachments and clicking on any links.
* Never fall for an offering that looks suspicious or too good to be true.

Passwords
* Choose “strong” passwords and use different ones, especially for critical services (e.g. banking)
* A common password for “throw away” accounts may be ok
* Use a password manager and multi-factor (two-factor) authentication

39
Q

Defending Yourself

A

The first step is to acknowledge that nothing is 100% secure (in the digital and in the real world alike)

Like in the analog world, do what is feasible with reasonable effort
* E.g. lock the front door during the night
* E.g. get a flu shot, avoid sick people when possible
=> Let hackers target less cautious people

How cautious are you? How much can you and how much are you willing to do? There is a trade-off between effort and security gain.

Our textbook identifies the three levels of defense categories: “important for everybody”, for “cautious” and “paranoid” people