Lesson 5.5 and 5.6

• Legal and Ethical Concerns
  • License Types
  • Legal and Ethically
  • Reflection
• Safe Computing
  • Personal Identifiable Information (PII)
  • Security
  • Reflection

Legal and Ethical Concerns

License Types

Open Source MIT License

• Code is used freely
• Only closed source versions may be created and distributed
  • GH project could be private
• Author of software is credited (i.e. in comments)

Open Source GPL License

• Code is used freely
• NO distributing closed source versions
  • GH project must be public
• i.e. Linux and Ubuntu
• i.e., Qualcomm keeps their code away from GPL to protect their patents

Legal and Ethically

• IMPORTANT to comply with terms of licenses and to cite sources
• Many of us do not legally and ethically handle media content, brekaing terms of license
• Open Source usage in CSP is educational use and ethical
• Individuals and companies are required to figure out techniques and business models in order to use Open Source software according to terms of license
• i.e., Red Hat used GPL license and gave away software for free, and this became their business model
• Open Source software is crucial to businesses!

Reflection

Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.

Our group chose to use the MIT license. This makes code more accessable and distributable, which can be beneficial to other users, as it is more flexible.

Safe Computing

Personal Identifiable Information (PII)

• All information posted is added to Searchable PII

✅	☑	❌
- Name - Email (junk email) - Picture - High school - College - Properties - State/city (present and past) - Credit reports	- Birth date - Place of birth - Address - Phone number - Maiden names of mother and grandma - Driver license number	- Credentials for access - Two-factor authentication (financial accounts) - SSN - Tax records

Security

• Establish multi-factor authentication when possible, or biometrics
• Malware is sent in attachments, and puts viruses on your computer
• Phishing is unknown sources enticing you into responses
  • i.e. Amazon asking for login information
  • Check closely at email source/address
• Symmetric encryption: type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information
• Assymetric cryptography (public-key cryptography): process that uses a pair of related keys – one public key and one private key – to encrypt and decrypt a message and protect it from unauthorized access or use

Reflection

Describe PII you have seen on project in CompSci Principles.
The public and private keys on our repositories for APCSP is an example of assymmetric cryptography and PII.

What are your feelings about PII and your personal exposure?
I think PIIs are essential in user experience. However, the information in these PIIs MUST be kept secure, so that your site is safe and able to be utilized. This makes PII have a sort of dangerous aspect, as if leaked, it could cause identity theft, stolen information, etc.

Describe good and bad passwords? What is another step that is used to assist in authentication.
A good password includes several types of characters, such as letters, numbers, and symbols. For example: A*f34?. A bad password includes only a couple or even one type of character, or has an easily guessed pattern. For example, abc123.

Try to describe Symmetric and Asymmetric encryption.
Symmetric encryption is the process where only one key is used to both encrypt and decript data, whereas assymmetric encryption is the process in which two keys are used, one public to encrypt, and one private to decrypt. Symmetric is more efficient but assymmetric is much more secure.

Provide an example of encryption we used in AWS deployment.
AES-256 is the technology used to encrypt data in AWS deployment.

Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
An example of phishing from firsthand experience is years ago on Instagram. Someone that “knew” DM’ed me, basically saying that this link puts together a collage of pictures of both our accounts. I clicked the link, and there was a normal looking sign in page. For some reason, I didn’t find anything suspiscious about this, and entered my login information. This led to the person behind that account hacking to take my information and log in to my Instagram account, and send that same link to many others in my following list. Now I know to never click on suspicious links, even if it looks professional.
Some phishing techinques are attachments sent through emails, an unknown site asking for your log in information, or anything sent from accounts pretending to be a site or service you may use.