5.5

  1. When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your personal blog.
  • Types of Licenses:
    • Open Source Licenses
      • Definition: Allows anyone to use the program without needing to pay
      • Example: MIT License
    • Closed Source Licenses
      • Definition: Require payment to authors based on what user makes from distribution
    • Creative Commons Zero v1.0 Universal
      • Definition: Allows for the public to use the material without any copyright restrictions
    • Open Source MIT License
      • Definition: Allows for code to be used and then made into a closed source version for distribution
      • Requirements: Authors still want credit (comments)
    • Open Source GPL License
      • Definition: People can do anything with the project except distribute
      • Example: GNU GPLv3
  1. In your blog, summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic.

  • Reasons for Choosing Open Source GPL for Group Project

    • To allow others to use and learn from the program
    • To prevent unauthorized distribution for personal gain
    • To promote open access to such programs

  • Legality and Ethics Considerations

    • Giving credit to sources used
    • Using digital rights to prevent piracy
    • Support for income generation by large companies

  • Use of Open Source Licenses in Class

    • Encouraging learning and sharing of code
    • Understanding the role of licenses in income generation for companies
    • Balancing open access with profitability considerations
  1. Make a license for your personal (blog) and Team repositories for the CPT project. Be sure to have a license for both Team GitHub repositories (frontend/backend). Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.

  • Reasons for Choosing Open Source GPL License

    • To allow others to modify the code for learning purposes
    • To prevent unauthorized distribution for personal gain
    • To promote learning and experimentation with coding

  • Use of GPL License for Fastpages and Group Flask and Github Pages Website

    • Encouraging exploration and development of code
    • Balancing open access with the need to protect intellectual property
    • Fostering a community of learning and innovation in coding

5.6

  1. Describe PII you have seen on project in CompSci Principles.
  • Password usage in example CPT project
  • Classroom-specific information (class numbers, periods, etc.)
  • Names, emails, birthdays
  1. What are your feelings about PII and your personal exposure?
  • Violation of Privacy Rights
    • PII includes sensitive information such as full name, address, social security number, etc.
    • Sharing this information without consent can be a violation of privacy rights
  • Increased Risk of Identity Theft and Fraud
    • PII is often used by criminals to steal identities and commit fraud
    • Sharing PII can increase the risk of identity theft and fraud
  • Legal Consequences
    • Many laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union, regulate the handling of PII
    • Sharing PII without proper safeguards and consent can result in legal consequences
  • Damaged Reputation
    • Sharing PII can damage the reputation of both the individual and the organization involved
    • Trust and credibility can be lost, leading to negative consequences for both parties
  1. Describe good and bad passwords? What is another step that is used to assist in authentication.

  • Characteristics of Good Passwords

    • Length
      • Longer passwords are more secure
    • Complexity
      • A mix of upper and lower case letters, numbers, and symbols makes a password stronger
    • Uniqueness
      • Avoid using easily guessable information such as birthdate, name, etc.
    • Regular Updates
      • Regularly changing passwords adds an extra layer of security

  • Characteristics of Bad Passwords

    • Short Length
      • Shorter passwords can be easily cracked
    • Lack of Complexity
      • Using only letters or simple patterns makes passwords easy to guess
    • Commonness
      • Using commonly used passwords such as “password123” or “123456” is not secure
    • Infrequency of Updates
      • Not regularly changing passwords leaves the password vulnerable to being cracked

  • Additional Step for Authentication

    • Two-Factor Authentication (2FA)
      • Adds an extra layer of security by requiring a second form of identification, such as a fingerprint or code sent to a phone
      • Increases the difficulty for unauthorized access to an account
  1. Try to describe Symmetric and Asymmetric encryption.

  • Symmetric Encryption

    • Definition
      • Symmetric encryption uses the same key for both encryption and decryption of data
    • Process
      • The sender and receiver must both have the same key in order to encrypt and decrypt the data
    • Advantages
      • Faster and more efficient than asymmetric encryption
      • Suitable for large amounts of data

  • Asymmetric Encryption

    • Definition
      • Asymmetric encryption uses two different keys for encryption and decryption of data
    • Process
      • The sender uses the recipient’s public key to encrypt the data, and the recipient uses their private key to decrypt the data
    • Advantages
      • More secure than symmetric encryption
      • Suitable for exchanging small amounts of data, such as keys for symmetric encryption
  1. Provide an example of encryption we used in AWS deployment.
  • SSH into AWS Box
    • Definition
      • Secure Shell (SSH) is a protocol used for secure access to remote servers
    • Use in AWS Deployment
      • SSH is used to securely log into an AWS instance and manage it from a remote location
    • Process
      • A user generates an SSH key pair, with a private key kept on their local machine and a public key added to the AWS instance
      • The user can then use the private key to log into the AWS instance and securely access and manage it
    • Advantages
      • Provides secure access to AWS instances
      • Enhances the security of data by avoiding the need to transmit login credentials over the network
  1. Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.

  • Hypothetical Phishing Scheme

    • Definition
      • A phishing scheme is a fraudulent attempt to steal sensitive information, such as login credentials or financial information, by posing as a trustworthy entity
    • Example
      • A phishing email that appears to be from a well-known bank or financial institution, asking the recipient to click on a link to update their account information
      • The link takes the recipient to a fake website that looks like the real bank’s site, where they are prompted to enter their login credentials and other sensitive information
    • Result
      • If the recipient enters their information, the phisher can use it to access their accounts and steal their money or sensitive data

  • Other Phishing Techniques

    • Email Spoofing
      • Creating fake emails that appear to be from a trusted source, such as a bank or a friend
    • Social Engineering
      • Manipulating people into revealing confidential information, such as passwords or credit card numbers
    • SMiShing
      • Phishing attacks via text message
    • Vishing
      • Phishing attacks via phone calls
    • Spear Phishing
      • Targeted phishing attacks that use personal information, such as the recipient’s name, to make the email appear more credible