Michelle MazurekIt's UMD annual security training time again! As many of you know, this stuff is a preoccupation of mine. I'll document a few of the worst howlers here.
The first module is on phishing. The content isn't too bad (mostly) but some of the quiz questions are baffling. Why is it important that I know what cute name the training module has given to the practice of using vv for w or 0 for O to support domain impersonation?
File under truthy: "Most viruses do not even require users to forward the email—they scan a users' mailbox for email addresses and automatically send the infected message to all of the addresses they find." ... not exactly wrong, but also not especially relevant here in 2023?
Picking up where I left off, onto the data security module. Nice to know that the university has solved the tricky question of what counts as PII!
"Non PII data is simply data that is anonymous. It can't be used to
distinguish or trace an individual's identity."
(Plus a guest appearance from everyone's favorite trope that won't die, warnings about public wifi networks. I'm guessing I'll see this one at least twice more before the end.)
"Always change the default password that came with your router" seems like great advice for, perhaps, 2012? Do any routers come with unrandomized "default" passwords anymore?
Proud as always of my personal favorite UMD CS alum https://www.cs.umd.edu/article/2023/03/computer-science-alum-kyle-orland-authors-new-book-about-puzzling-origins
Computer Science Alum Kyle Orland Authors New Book About the Puzzling Origins of Minesweeper
Kyle Orland (B.S. ’04, computer science; B.A. ’04, journalism) played the computer game Minesweeper anywhere he could find a personal computer as a kid in the ’90s: the computer nook in his middle school’s library, the home office of a friend’s parents and even the computer section of his local Circuit City while his mom shopped.The deceptively simple Microsoft game, which challenges players to click cells without detonating hidden mines, came pre-installed on more than 4 billion personal computers sold between 1992 and 2012.
Adam Shostack 
@mmazurek I agree philosophically , maybe it’s an attention test?
@adamshostack I'm sure that's the intention but the overall effect is quite silly. I just did the "physical security" module and got quizzed on a statistic about how often laptops are stolen in the U.S. (answer is putatively every 53 seconds; citation needed).