All about the TCS Information Security Challenge August 2020
Hi, I was taking a small test of documenting the loopholes of a security challenge and found that the security issues were easy to make understand to the general public by showing a small test given by TCS. So, I decided to make a post upon this.I know this is something different than usual but in this challenge I saw some real world cases which I can briefly explain to you all.
First I mention the challenge questions then I am gonna mention my submission to this challenge. Hope, you all will understand it.
The Challenge Question:
About the Challenge : Given below is a typical day in the life of a B.Tech student - Rohan.
What is Required:
Identify the different IT security and data privacy related weaknesses/loopholes in below four different scenes and also mention the possible ways to prevent or overcome them.
*******************************************************************************************************
World has now come out of corona pandemic and is gearing up for routine life. Rohan is in fifth semester of his B.Tech tenure and is getting ready for a usual day in college. He shares his hostel room with Jai, a budding hacker who is always looking to trap his friends and make them victims of IT or cyber threats.
Scene 1:
Colleges have re-opened now and Rohan wants to update his status in facebook to let the world know. He opens his laptop with no password required to login. He has written his facebook password on a sticky note pasted on the back of his laptop and logs into facebook home page. Rohan is an extrovert and wants everyone to look into his profile and view personal photos too. Rohan has never read privacy policy of facebook and uses a very simple password to login to facebook.
A message pops-up on Rohan's laptop on out-dated anti-virus software. Rohan ignores the message as he feels who is going to harm him.
Scene 2:
Rohan greets his friends in the college and heads to college's IT lab. Rohan has received an email on his college email id about a scheme which can double money in just 2 days. Rohan gets super-excited and clicks the link in the email without checking who is the sender of the email. Link opens to a registration form and Rohan shares his personal details like phone no, bank account no, etc.
Scene 3:
Rohan is busy working in IT lab. He receives a call from his father to check whether he has received Rs. 5000 sent for his monthly needs. Rohan finds that he has a class now and asks his room-mate Jai to check his bank account. Rohan shares his login credentials to check the balance and other details. Rohan also pings him the OTP received to login to bank's portal.
Scene 4:
Rohan had a hectic day so far. He needs to submit a photocopy of his health records to university's health department to support that he is medically fit to appear for sports tournament. Rohan goes to photocopy machine but forgets to take the original health records back. Those are found lying on the photocopy table.
My Submission:
In this era Information is equivalent to power, and if your information is reached to a Hacker whose sole purpose is to create trouble for others then one can be in great danger.
Similar situations which are the opportunities for such a hacker are listed under all the scenes given:
Scene 1:
IT Security weakness/loophole:
- Rohan's laptop has no password to login
- Rohan's facebook password is very weak as it is simple
- Rohan's laptop has out-dated anti-virus software
Data Privacy related weakness/loophole:
- Rohan has written his Facebook password is on a sticky note and that too at the back of his laptop
- Rohan's personal photos can be used to blackmail him by any means
- Rohan has not read the privacy policy of Facebook
/*************************************/
Scene 2:
IT Security weakness/loophole:
- Rohan clicked on unverified link through an unknown email sender which can also be a malicious link
Data Privacy related weakness/loophole:
- Rohan shared his personal details to an unknown non reliable( untrusted ) source who can misuse them easily
/*************************************/
Scene 3:
IT Security weakness/loophole:
- Rohan shared his bank login credentials and OTP to his friend Jai which is a budding Black Hat Hacker
Data Privacy related weakness/loophole:
- All Rohan's bank details are with Jai now who can easily misuse it
/*************************************/
Scene 4:
IT Security weakness/loophole:
- Rohan didn't take it seriously to take back the original health records back with him
Data Privacy related weakness/loophole:
- His whole medical history can be used to take advantage of his illness and to harm him
/*************************************/
Observation: After observing these scenes, in my opinion Rohan is a very uncaring guy who doesn't give attention to the data leaks he does every then and now.
/*************************************/
The possible ways to prevent or over come all these above mentioned weaknesses are mentioned below:
Scene 1:
Rohan must:
- put a strong password of at least 8 characters for logging into his laptop as well as into his Facebook account.
- update his antivirus regularly
- immediately scrape the sticky note at the back of his laptop and change his Facebook password
- not make his personal photos public
- read thoroughly the privacy policy of the Facebook and follow them immediately
/*************************************/
Scene 2:
Rohan must:
- not click on any link from an untrusted source
- not share his personal details to any untrusted source
/*************************************/
Scene 3:
Rohan must:
- not share his bank credentials to anyone even his friends as this can be misused pretty badly
/*************************************/
Scene 4:
Rohan must:
- be careful while handling his original documents as they are very important source of information for anyone with evil deeds.
