Cybersecurity: Crash Course Computer Science #31
ฝัง
- เผยแพร่เมื่อ 24 มิ.ย. 2024
- Cybersecurity is a set of techniques to protect the secrecy, integrity, and availability of computer systems and data against threats. In today’s episode, we’re going to unpack these three goals and talk through some strategies we use like passwords, biometrics, and access privileges to keep our information as secure, but also as accessible as possible. From massive Denial of Service, or DDos attacks, to malware and brute force password cracking there are a lot of ways for hackers to gain access to your data, so we’ll also discuss some strategies like creating strong passwords, and using 2-factor authentication, to keep your information safe.
Check out Computerphile’s wonderful video on how to choose a password!
• How to Choose a Passwo...
Pre-order our limited edition Crash Course: Computer Science Floppy Disk Coasters here!
store.dftba.com/products/comp...
Produced in collaboration with PBS Digital Studios: / pbsdigitalstudios
Want to know more about Carrie Anne?
about.me/carrieannephilbin
The Latest from PBS Digital Studios: • All PBS Digital Studio...
Want to find Crash Course elsewhere on the internet?
Facebook - / youtubecrash. .
Twitter - / thecrashcourse
Tumblr - / thecrashcourse
Support Crash Course on Patreon: / crashcourse
CC Kids: / crashcoursekids
Please enter your new password:
"cabbage"
Sorry, the password must be more than 8 characters.
"boiled cabbage"
Sorry, the password must contain 1 numerical character.
"1 boiled cabbage"
Sorry, the password cannot have blank spaces.
"50bloodyboiledcabbages"
Sorry, the password must contain at least one upper case character.
"50BLOODYboiledcabbages"
Sorry, the password cannot use more than one upper case character consecutively.
"50BloodyBoiledCabbagesShovedUpYourArse,IfYouDon'tGiveMeAccessnow”
Sorry, the password cannot contain punctuation.
“ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessnow”
Sorry, that password is already in use.
thanks. been a while since I had a belly cramp laughing.
Thanks for making me read all that 😂
That was hilarious!
LMAO 🤣 crying😂😂😂😂😂😂🤣😅
RaymondHng that is everything
1:50 “that shows who your enemy is.” *shows a little girl on her computer*
A formidable foe.
She stole a bunch of info about me I'm not proud of and some disgusting info I am proud of.
I learned the same things in a 8 hour online course. Truly a Crash Course
Remember to change your face every 90 days to prevent hackers from getting into your account.
my face already include at least one symbol, at least one upper case letter and at least one number
Meanwhile in a plastic surgeon...
That's only if you used facial recognition (which is biometric) as the authentication mechanism. Just simply use long passwords.
Using this to prep myself for a Master's in Cybersecurity. This broke down everything way better than most of the material I have read.
You're killing me with the "I'd take it ALL" ATM comment. I'm sitting here dying!
One thing I would like to see stressed is that two-factor authentication has to ask for two *different types* of authentication. Asking for a password _and_ a PIN is still only one-factor, because they are both things that you have remembered (or written down), so if someone has got hold of your password file they can enter one, two or twenty passwords correctly - asking for more than one doesn't stop them. This was something that online banking got very wrong for quite some time, although most banks seem to have got it sorted out now.
This is a great video. Explains the topic enough so that non-technical people understand the threats and how to mitigate them. Great job!
Just love going back from time to time to watch some of this amazing course episodes!
Spot on with everything. I really enjoy the series! I have a pretty decent amount of experience with IT stuff, but I still manage to learn at least one new bit of info with every video. :D
As a "cybersecurity"† professional, this is an excellent episode. Well written, well delivered. Just the right amount of detail for a "class," while not being so over-simplified to be actually wrong. (I see that too often, newspaper articles, TV news segments that oversimplify to the point that what they say is wrong, not just "simplified.")
†I freaking *HATE* the word/prefix "cyber".
Anonymous Freak Yes, it sounds cheesy, and used to refer to something else...
How did you get your first job and what do you recommend learning for Cyber security
It is a guilty pleasure every time Carrieanne says "doobalidoo".
This video is bologna, if people don't click on random links in their emails, how will I ever give away my millions?
Lololol
I laughed way more than I should have
dude thats racist
Seeing as this account is a satirical parody of the Nigerian prince email spams, it is not racist as it is just a reference to an actual occurrence.
Even so, if there was no such thing as the Nigerian Prince email spam (which there still very much is lmao) the only adjective this account title uses is Nigerian, which describes ones place of origin or citizenship. If anything this account is nationalist, not racist.
In conclusion, you have incorrectly analyzed the process and purpose I use to deliver humor in my comments and will not be receiving my horded millions of dollars.
Gabriel Agbese you got rekt dude
I love this series. Thank you for all your hard work.
That's amazing! I've got the same combination on my luggage!
May the Schwartz be with you.
Fun fact: At 55,000 views there's a 99.59% chance she guessed someone's pin.
Assuming that people PINs are evenly and randomly distributed.
1 - (9999/10000)^55000
I love math.
Nice one XD
And assuming everyone has viewed it only once.
The thing is though, 2580 is a straight line down the keypad and we all know everyone hates straight lines
i work as a senior cybersec engineer in incident response and threat intelligence. love it!
I work in security and I approve this message. Excellent video!
Going into Cybersecurity and this is so cool
FINALLY!!!! The reason why I watch this!
Hi, I appreciate you. I needed the information you gave as a seo and digital marketing specialist. I did not come across a channel or person who described terms like Internet, TCIP as simple as you. Thanks again...
1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!
This video is incredible! Thank you so much!
A 12 minute long course this really is a crash course!
Good episode! Would be nice to hear an indictment of modern operating systems (especially windows) that were designed in pretty much the least secure way possible.
I AM brazillian and I love yours vídeos. Thank you.
I appreciate these videos so much! I've learned enough to know that I want to learn more -- and I'm hoping to get Security+ certified next year!
Amy Jay good luck, Amy! Security+ was my first certification and it's a great starting point.
Some military jobs make us get the very in only 9 days of education with no experience. Often we have to test a couple times, but it's doable. The 501 version is gunna be killer though, so study up!
Briana Pierce haha. That sounds like learn to code in one weekend. Why even bother to study software engineering if you can learn that in one weekend or becoming a security consultant in 9 days. You gotta be kidding me.
I'm doin dat! I'm also getting Net+ and I already have my A+
Well, we manage to successfully do our jobs. Don't get me wrong, some people never make it through. But if you find the time we get amusing, you should realize that we take the exact same test as you, getthe exact same cert, and do our jobs effectively.
Thanks for making these videos.I'm on my way to becoming a+ certified and cross reference a lot of the things you illustrate
leogomez4u skip it, read the books get hands on, grab your network+, ccna, security +, even an MCSA. A + knowledge is great but the cert isn’t worth the money.
Don't listen to them, A+ is your concrete to your house, network+, and Sec+, and etc are the walls and the roofs.
Actually Net+ is your concrete, walls and roof with Windows and doors while Security+ is your fence. The more experience with Security+ the higher the fence. A+ would be more like building the shed in the back. Nice to have but not important enough to live in or off (the cert).
I wonder why nobody in these videos ever mentions the possibility to use words from different laguages. It increases the possible combinations even more! :D
I do that all the time, I really stopped using English anymore lmao
I was going to make a comment about password length vs diversity of characters. Rainbow tables let me crack anything less than 14 characters really easy but anything more gets weird.
One method I used to use was take a Chinese word, change the diphthongs to produce many different words and then string them all together in English. Easy for me to remember but really hard for a computer to guess.
Like house horse mother. You go over the rainbow tables. Yep go look it up. It does not require a bunch of hard to remember special characters and numbers.
One of my fun games at work is just repeating the same thing in as many languages as I can think of at the time. But sequential translations get weird.
My favorite pattern is English, Spanish, German. Add slang and it gets weird really fast
Long list, English, Spanish, (Taino if Puerto Rican), Portuguese, French, Romanian [short story later], German, Swedish, Dutch, Arabic (Burbur if they are Moroccan, like Ara means give me in Arabic but write or sign your name in Burbur), Uzbeki, Turkish, then Russian and then Polish.
It makes sense in my head, don't judge me. I was telling a joke to a Puerto Rican woman last year and she stopped me in the intro telling me she knew Taino and knew what the word meant. It was a play on words. The only time that joke has failed me.
Two points on Romanian. The first was a woman on her phone who just could not be bothered to get of her phone. So I said something to her in Russian.
She was like why are you talking to me in Russian, and I was like because you are not paying attention to me in English and my Romanian is poor.
The second was a Romanian women who would not get off her phone. So I got annoyed and started talking to her mother who was born in Romania.
The mother then spent the next two minutes berating her daughter for not knowing how to pronounce words correctly in Romanian.
Jewish mothers...
I will try that method.
I was wondering how you would do this in one short video... Not bad!
This was really well done. Thanks!
Password requirements aren't more secure in practice - consider the two following passwords: "Passw0rd!" or "da-ba-dee-ba-doo". The second is much more secure, as the only feasible way to guess the password is brute force with letters and symbols, and most likely numbers too, but doesn't have digits nor capital letters. The first can be cracked using a dictionary attack with mutation.
This gonna help a lot... Thanks a lot
I'm interested in psychology, tech, and bio. Y not combine the three and go into comp systems to research the "brain" and artificial intelligence of computers?! That's how I got here :). I've recently discovered the (huge and overwhelming) world of cyber tech but as a Russian speaking blond 5' girl, I think it would be cool to get a job in this field. I'm 14 and new to this but it's super interesting and these vids help
Carrie Anne keep it real. No access to ATMs or she'll take all of it xD
that ceramic cat collection doesn't buy itself XD
Is that a Spy Kids _and_ a Ben 10 reference in the thubnail!? Respect.
_Mit_Whit _Gaming_ though it’s a really weird one because ones from the most disliked 3rd film Spy Kids 3d and the other is from Omniverse
Jepersprepur IKR?! 😂
_Mit_Whit _Gaming_ mmmhmmm
Now I'm sad I didn't get the Ben 10 reference
_Mit_Whit _Gaming_ The actual name of the black and red humanoid in 9:18 is actually "Malware", a villain from Ben 10: Omniverse, they might have used the character since Malware is a best symbol for the error
I love this video and I love that lady teaching it everything about this is good
I love her enthusiasm
I'm majoring in this starting next year!!!
tcbobb16 tcb Illinois State
How’s it going so far
Updates, please don't drop out
I receive so many call indicating "I'm with your computer security and your computer has been compromised, I am looking at your computer security systems and we need to fix it right away" I call BS and almost always the line goes dead. Can even the companies that are legitimate see into your computer without your knowledge?
0:18 Legendary bike Favorit.
Would have been nice to go over capability-based security as an alternative to ACLs.
Learned a lot thanks .
I'd love an episode on neural networks.
This is a great video, it's more difficult to do these animated vids than to just have a talking head spitting a script. Nice job guys
Brilliant and easy to understand! Thank you! Even the jokes are funny. XD
I updated everything I have access to, after this video.
My new password is Ceramic_cat_figurines. Ooops, maybe not. Another great episode. Thanks!
Please do a video about Block-chain!
Correct Horse Battery Staple
Hunter2
"Lil' Bobby tables we call him...i hope you learned to sanitize your database inputs."
funny, go change your password now
That's actually a bad password.
Lol I just mentioned brute force hacking in a earlier video were you were describing brute coding XD
Confidentiality - data that only authorised people can read
Integrity - data that only authorised people can modify
Availability - data which authorised people should have access to
Almost. The last one is simply Authorization. Availability refers to the "ability to access data when we need it".
The Parkerian hexad, although considered to be a more complete model, is not widely known as the CIA triad. It consists of: Confidentiality, Integrity, Availability, Possession, Authenticity, and Utility.
Possession - physical dispostion of media on which data is stored in.
Authenticity - data that can be properly attributed to the owner/creator.
Utility - data that is useful depending on content and format.
7:04 and what if an attacker compromises your fingers? :o
Great vid. Thanks :)
Great intro course.
I JUST LEARNED HOW THIS CYBERSECURITY WORKS
This series is so great I can even forgive Carrie-Anne's, 'tongue down the back of Green Bros. trousers' comment at 5:19.
For someone who is complete new to the field of I.T/cybersecurity is it a bad idea to start off with a Cyber security proficiency 1 class?
4:08 you have to remember, it doesn't just have to generate those numbers, it also has to enter them in, for example even python, a really freaking slow language, can count from 0 to 10000 in 0.0009965896606445312 seconds, pretty freaking fast! But if you want python to print each individual number, it will take about 4.403296709060669 seconds, although entering the numbers might not take as long as printing each one, it would still take at least a second
I am biggest fan of u .Can u make more videos on cyber security cryptography etc
2:24 Oh, that's what _safe mode_ means
Enrolling into school for this next year.
Open source for security is a topic that came up for our (Germany) election software, because the old one was hidden and faulty, could be a right step imo.
Alternately (though I don't know how well this works in a federal system with different layers of elections), just use pencil and paper for voting like the Brits do.
Pen is better in this case since pencil writing can be erased.
if the topic is security... how is pen and paper more secure than Open source?
I was comparing pen to pencil.
my bad. I should had clarified I was refering to Andrew Farrell
Correct horse battery staple! Yay!
BIBA!! I appreciated that
Thanks for the video
Awesome video !
I would like to make a subtle yet important distinction
ALLOWING the option to use 9 or more capital and lowercase adding symbols spaces and numbers makes the number of possible passwords increase and is therefore more sucure
REQUIRING a password to contain those things to be valid lowers the number making passwords less sucure harder to remember and more annoying to create and encourages users to have the same password for multiple accounts (don't do that)
thanks. Very useful
interesting you explain with direct with pictures ... i need lesson computer science
Hi Love the videos and was wondering if I should get a VPN or not. Do I need one really? I keep getting ads that try and scare me into getting one but they are not cheap.
NOTHING IS TOTALLY SAFE!!GOOD VIDEO!!😀😊
Good video
It would have been nice to mention seL4, where the authors have formally verified correctness of the kernel.
Why didn't you use the CISSP standard definitions for confidentiality, integrity, and availability? Integrity is less about the authorized person accessing the data, and more about the data itself being complete or whole.
Good topic explanation
Wow what a video
Fantastic 🎉
"Cyber Security is like the Jedi Order trying to bring Peace and Justice to the Cyberverse" *Decides to go back to school and study Cyber Security*
Hello
I've benefited alot from your video but I'm asking if you could give me some useful information about administration of security??
Is the kid in the sandbox one of the Green brothers doing a cameo?
Ross Parlette: John, I think.
If you ever see a system either show you your password or say you can't have a password longer than 16 characters, you know that site isn't storing your password securely.
If you are implementing a system to check a user's password it is important not to store the password itself but instead when the user sets their password:
1) Generate a random string and stick it at the end of the password (called a 'salt')
2) Run the password+salt through a 1-way hash function like bcrypt
3) Store both the salt and the hashed+salted password in your database.
Then, when your user goes to log in, read the salt from the database, add it to the login, run it through bcrypt and check if it matches the hashed+salted password.
Even better, rely on someone else who knows what they are doing to do it for you. Even the experts get this stuff wrong from time to time and you're not an expert. Use a well known, heavily tested and actively updated library for anything security related. If you're doing anything other than something like library.storepassword(username, password) and library.startsession(username, password), you're probably doing something wrong.
Exactly right, though you'll need to know how things work at the layer of abstraction I described to know what to look for in a library.
Don't roll crypto yourself except for fun & practice.
>or say you can't have a password longer than 16 characters
Some companies do this for customer support reasons. They do a check on the string they're sent _prior_ to running the hash on it, so it can still be done securely. But longer passwords are more likely to be forgotten, so some large organisations might choose to restrict password length to reduce the burden on their customer support lines.
If they can send you your password upon request though. Yeah, that's completely indefensible. They _might_ be able to email you your password immediately after you first set it (although that is a terrible idea because email is a terribly insecure protocol) without compromising database security, but at any other point they should not have access to your plaintext password.
@Jim Cullen you're right. Its a signal that they're storing the password, but not actually a guaruntee.
But really what they should do to accomplish their goal is actively suggest passphrases. But people are often silly.
I wish more companies would encourage using password managers. Passphrases are okay, but they're no where near as good as an equally long pseudo-random password. And if they form sensible sentence structures (as opposed to being completely randomly chosen words), passphrases are even worse.
Using good 2FA (*not* SMS-based 2FA) on more sites would also be nice.
i like your video because it is my lesson , please explain more with use pictures exemples direct ...it is my lesson
As an IT major with a focus on Cybersecurity, this video is very informative and provides a good understanding of my career future
What is the program for these animations?
I love your video thank you
Thank you!
Thanks so much, im only 13 and this interests me so much! I went to a cyber security competition a few weeks back and it was amazing! I placed 2nd place w/ only a little background knowledge that I learned from coding in various languages/reverse engineering a lot over the years! 🙂😀😀
Congrats! Follow your dream Dargon, Remember, The only thing you need is passion and curiosity!!!
Thijs Vandaele True!! Thank you.
You should post this kind of stuff on your TH-cam channel
Learn Kali Linux
Install gentoo hardened.
Thank you.
I’m seriously hoping we go over airgaps and compartmentalization, because they are the true implementation of write up, read down. You gave a very dangerous idea that privileged information can be held on a system that processes unprivileged information. What you should do is keep them all in different systems that are physically separate from each other. The only way you can send information from a less privileged system to a higher level is to cross a physical air gap between machines.
Compartmentalization is just a fancy way to say keeping information available to those that need to know it. A CFO would certainly need access to a businesses finance information, but even if he has a high level of access, there is no reason that he should have access to the R and D information.
Still an admirable job for something so broad as “security” you boiled down several months of training into less than 15 minutes. You get my “eh close enough” seal of approval!
Anyone know the titles of all the books on the prop shelf?
Love theese videos puts me right to sleep
I wish the schools around me make this a BS major. But they're only MA thus far. I'm going to try the MA program.
xBroken_Truths Travel to a good school. You only establish yourself as an adult(go to college) once, make it count.
Which is better, changing a 8 digit pin to a 10 digit pin, or allowing letters and symbols in your 8 character long pin.
Has anyone noticed Dr.Zoidberg from Futurama
awww man.. now I have to change my pin.
Thank you
Was that a Spy Kids 3-D Game Over reference?
I thought the phrase was going to end with "what if an attacker compromises your finger"
Ouch!
can we get a crash course electrical engineering?