Tag: Claire

You wouldn’t fall for that, would you?

A barometer from 1810.
Wheel Barometer, also known as Banjo Barometer, Barnasconi, Leeds, c. 1810 – Museum of Science and Industry (Chicago), via Wikimedia Commons under a CC0 licence.

There’s an old science joke about a physics professor who gives, as weekend homework, the task to use a barometer* to measure the height of the physics building. Back in class on Monday the professor invites the students to share their working. The class discuss how they measured the pressure at the base of the building, climbed to the top and measured it again then used a mathematical formula to work out the height. One of the students admitted that he’d saved a bit of time, measurements and calculations by simply knocking on the door of the janitor’s office and saying “If you will tell me the height of this building, I will give you this beautiful barometer.

Social engineering

One of the simplest and often quickest ways to ‘hack’ into someone’s account doesn’t involve any hacking (or cracking) at all. People lose lots of money, time and anxious sleep to mistakes made because they were distracted and fell for something which was cleverly designed to fool them. Most cyberattacks happen not because someone guessed a password but because someone willingly handed it over.

Phishing attempts can involve little more than making a fake website look like a real one and hoping people don’t notice that the address doesn’t look right. Someone clicks on the link, perhaps in an email or a text message telling them that there’s something wrong with their account that they need to deal with urgently, and enters their email address and password – handing their account details to the scammer. Worse, when people re-use an email address with the same password on multiple sites the scammers suddenly have access to a great deal more of their private information and perhaps even access to their money (e.g. if they have stored payment details with their account).

Back in the 1980s ‘Claire’ managed to hack into a computer network with incredible ease as her son explained in a series of posts. Claire, known as someone who was ‘good with computers’, was invited to a meeting by the CEO of a company that made security systems. She visited his office, taking the lift all the way up to the penthouse office, where he offered her “an eye-watering sum” if she was able to break into his system within a week.

Offer accepted she took the lift all the way down to the building’s basement where the computer lab was. She found a stack of papers and stood outside the lab door looking busy and needing to get on with her work but struggling to get in with all the papers. One of the lab technicians helps her into the room (how kind! she’s ever so grateful!) where she makes her way to an unused computer, sits down and calls out “What’s today’s password?”. And someone tells her. It took her less than 20 minutes!

It is easy to be tricked

I (PC) was at a workshop about security. As part of it we were shown a website that could tell you how safe your password was. It gave an estimate of how long any password could be cracked in. If you typed in 1234 then it would tell you that was cracked in fractions of seconds. A word in any dictionary (even a Tolkien one) likewise. Longer passwords would take longer than shorter ones. Mix in capitals and it would take longer still, and so on. Everyone was told to type in their passwords to find out how good they were at thinking up a password. Virtually everyone did so and many found out that their passwords were not very good… others celebrated the fact that they were good at choosing a password. However, perhaps it didn’t matter either way! Everyone who typed in an actual password had just given away their password to a website that may or may not have been secure…

Never give up your password to anyone and certainly not to a computer program. Don’t even tell others the rules you use to create one!

How easy are you to scam?

Try Google’s phishing quiz and see how you do.

How do you decide a website is safe? You do not judge it by looking at the website itself. You look elsewhere to a trusted source and find information that way! Either way do not ever enter personal data and passwords into a source unless you are absolutely sure.

You can also try Take Five‘s quiz to see how ‘Scamsceptible’ (susceptible to scams) you are based on how well you slept last night and if you have lots of things on your mind distracting you. Take Five is a campaign to encourage people to pause (and take five minutes) when they get a message they’re not sure about and double-check that it’s genuine.

– Jo Brodie and Paul Curzon, Queen Mary University of London

Part of a series of ‘whimsical fun in computing’ to celebrate April Fool’s (all month long!).

Find out about some of the rather surprising things computer scientists have got up to when they're in a playful mood.

Subscribe to be notified whenever we publish a new post to the CS4FN blog.

This page is funded by EPSRC on research agreement EP/W033615/1.

QMUL CS4FN EPSRC logos