--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crawler.scala Wed Sep 26 02:08:55 2012 +0100
@@ -0,0 +1,144 @@
+import io.Source
+import scala.util.matching.Regex
+
+// gets the first ~10K of a page
+def get_page(url: String) : String = {
+ try {
+ Source.fromURL(url).take(10000).mkString
+ }
+ catch {
+ case e => {
+ println(" Problem with: " + url)
+ ""
+ }
+ }
+}
+
+// non-existing page -> returns the empty string
+get_page("""http://www.foobar.com""")
+
+
+// staring URL for the crawler
+val startURL = """http://www.inf.kcl.ac.uk/staff/urbanc/"""
+
+// starts with an "
+// then either http or https
+// then ://
+// then any character that is not "
+// finally "
+val http_pattern = """\"((?:http|https)://(?:[^\"])*)\"""".r
+val http_pattern = """\"(https?://[^\"]*)\"""".r
+
+def unquote(s: String) = s.drop(1).dropRight(1)
+
+def get_all_URLs(page: String) : Set[String] = {
+ (http_pattern.findAllIn(page)).map { unquote(_) }.toSet
+}
+
+// get all urls in startURL
+get_all_URLs(get_page(startURL))
+
+// number of all urls in startURL
+get_all_URLs(get_page(startURL)).toList.length
+
+
+// naive version - seraches until a given depth
+// visits pages potentially more than once
+def crawl(url: String, n: Int) : Unit = {
+ if (n == 0) ()
+ else {
+ println("Visiting: " + n + " " + url)
+ for (u <- get_all_URLs(get_page(url))) crawl(u, n - 1)
+ }
+}
+
+crawl(startURL, 2)
+
+
+//breadth-first version without visiting
+//pages twice
+def bf_crawl(todo: Set[String], visited: Set[String], n: Int) : Unit = {
+ if (n == 0) ()
+ else {
+ val new_todo = todo.flatMap {
+ url => {
+ if (visited.contains(url)) Set[String]()
+ else {
+ println("Visiting: " + n + " " + url)
+ get_all_URLs(get_page(url))
+ }
+ }
+ }
+ bf_crawl(new_todo, visited union todo, n - 1)
+ }
+}
+
+bf_crawl(Set(startURL1), Set(), 2)
+
+
+//breadth-first version without visiting
+//pages twice and only in "my" domain
+val my_pattern = """urbanc""".r
+
+// breadth first search avoiding double searches
+def bf_crawl2(todo: Set[String], visited: Set[String], n: Int) : Unit = {
+ if (n == 0) ()
+ else {
+ val new_todo = todo.flatMap {
+ url => {
+ if (visited.contains(url)) Set[String]()
+ else if (my_pattern.findFirstIn(url) == None) Set[String]()
+ else {
+ println("Visiting: " + n + " " + url);
+ get_all_URLs(get_page(url))
+ }
+ }
+ }
+ bf_crawl2(new_todo, visited union todo, n - 1)
+ }
+}
+
+bf_crawl2(Set(startURL1), Set(), 5)
+
+// email harvester
+// from
+// http://net.tutsplus.com/tutorials/other/8-regular-expressions-you-should-know/
+
+val email_pattern = """([a-z0-9_\.-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})""".r
+
+def bf_crawl3(todo: Set[String], visited: Set[String], n: Int) : Unit = {
+ if (n == 0) ()
+ else {
+ val new_todo = todo.flatMap {
+ url => {
+ if (visited.contains(url)) Set[String]()
+ else {
+ println("Visiting: " + n + " " + url);
+ val page = get_page(url)
+ println(email_pattern.findAllIn(page).mkString("\n"))
+ get_all_URLs(get_page(url))
+ }
+ }
+ }
+ bf_crawl3(new_todo, visited union todo, n - 1)
+ }
+}
+
+bf_crawl3(Set(startURL1), Set(), 3)
+
+
+// depth-first version does not work,
+// because it might visit pages at depth 1
+// while it still wants to visit them at
+// depth 2
+var visited = Set("")
+
+def crawl(url: String, n: Int) : Unit = {
+ if (n == 0) ()
+ else if (visited.contains(url)) () //println("Already visited: " + n + " " + url)
+ else {
+ println("Visiting: " + n + " " + url);
+ visited += url
+ for (u <- getAllURLs(getURLpage(url))) crawl(u, n - 1);
+ }
+}
--- a/slides01.tex Tue Sep 25 21:01:23 2012 +0100
+++ b/slides01.tex Wed Sep 26 02:08:55 2012 +0100
@@ -71,7 +71,7 @@
showstringspaces=false}
% beamer stuff
-\renewcommand{\slidecaption}{APP 01, King's College London, 25.~September 2012}
+\renewcommand{\slidecaption}{AFL 01, King's College London, 26.~September 2012}
\begin{document}
@@ -81,12 +81,15 @@
\begin{frame}<1>[t]
\frametitle{%
\begin{tabular}{@ {}c@ {}}
- \LARGE Access Control and \\[-3mm]
- \LARGE Privacy Policies (1)\\[-6mm]
+ \\[-3mm]
+ \LARGE Automata and \\[-2mm]
+ \LARGE Formal Languages (1)\\[-3mm]
\end{tabular}}
\begin{center}
- %\includegraphics[scale=1.3]{pics/barrier.jpg}
+ \includegraphics[scale=0.3]{pics/ante1.jpg}\hspace{5mm}
+ \includegraphics[scale=0.31]{pics/ante2.jpg}\\
+ \footnotesize\textcolor{gray}{Antikythera automaton, 100 BC (Archimedes?)}
\end{center}
\normalsize
@@ -104,183 +107,46 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
-\begin{frame}
-
-\begin{center}
-%\includegraphics[scale=2.1]{pics/barrier.jpg}
-\end{center}
-
-\end{frame}}
- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Security Engineers\end{tabular}}
-
-According to Bruce Schneier, {\bf security engineers} require
-a particular {\bf mindset}:\bigskip
-
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize\color{darkgray}
-\begin{minipage}{10cm}\raggedright\small
-``Security engineers --- at least the good ones --- see the world dif$\!$ferently.
-They can't walk into a store without noticing how they might shoplift. They can't
-use a computer without wondering about the security vulnerabilities. They can't
-vote without trying to figure out how to vote twice. They just can't help it.''
-\end{minipage}};
-\end{tikzpicture}
-
-\begin{flushright}
-%\includegraphics[scale=0.0087]{pics/schneierbook1.jpg}\;
-%\includegraphics[scale=0.0087]{pics/schneierbook2.jpg}\;
-%\includegraphics[scale=0.85]{pics/schneier.png}
-\end{flushright}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN\end{tabular}}
-
-\begin{center}
-%\includegraphics[scale=0.3]{pics/creditcard1.jpg}\;
-%\includegraphics[scale=0.3]{pics/creditcard2.jpg}
-\end{center}
-\begin{itemize}
-\item Chip-and-PIN was introduced in the UK in 2004
-\item before that customers had to sign a receipt\medskip
-\item Is Chip-and-PIN a more secure system?
-\end{itemize}
-
-\begin{flushright}
-\small\textcolor{gray}{(Some other countries still use the old method.)}
-\end{flushright}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Yes \ldots\end{tabular}}
-
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize\color{darkgray}
-\begin{minipage}{10cm}\raggedright\small
-``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities overseas,''
-said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).
-\end{minipage}};
-\end{tikzpicture}\bigskip
-
-
-\begin{itemize}
-\item mag-stripe cards cannot be cloned anymore
-\item stolen or cloned cards need to be used abroad
-\item fraud on lost, stolen and counterfeit credit cards was down \pounds{}60m (24\%) on 2004's figure
-\end{itemize}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}But let's see \ldots\end{tabular}}
-
-
-\begin{textblock}{1}(3,4)
+\begin{textblock}{1}(2,5)
\begin{tabular}{c}
-%\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
-\small Bank
+\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
+\small Server
\end{tabular}
\end{textblock}
-\begin{textblock}{1}(7,4.5)
-\begin{tabular}{c}
-%\includegraphics[scale=3]{pics/store.png}\\[-2mm]
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{1}(4.5,9.9)
-\begin{tabular}{c}
-%\includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
-\small costumer / you
-\end{tabular}
-\end{textblock}
-
-\only<2->{
-\begin{textblock}{1}(4.5,7.5)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1,-1) node (Y) {};
- \draw[red, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}}
-
-\only<3->{
-\begin{textblock}{1}(6.8,7.5)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1,1) node (Y) {};
- \draw[red, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\begin{textblock}{1}(5.6,4)
+ \begin{tikzpicture}[scale=1.1]
+ \draw[white] (0,1) node (X) {};
+ \draw[white] (2,1) node (Y) {};
+ \draw[white] (0,0) node (X1) {};
+ \draw[white] (2,0) node (Y1) {};
+ \draw[white] (0,-1) node (X2) {};
+ \draw[white] (2,-1) node (Y2) {};
+ \draw[red, <-, line width = 2mm] (X) -- (Y);
+ \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};
+ \draw[red, ->, line width = 2mm] (X1) -- (Y1);
+ \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X1)!.5!(Y1) $) {};
+ \draw[red, <-, line width = 2mm] (X2) -- (Y2);
+ \node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X2)!.5!(Y2) $) {};
\end{tikzpicture}
\end{textblock}
-\begin{textblock}{1}(4.8,5.9)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1.4,0) node (Y) {};
- \draw[red, <->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}}
-\only<4->{
-\begin{textblock}{1}(12,6.5)
+\begin{textblock}{1}(9,5.5)
\begin{tabular}{c}
-%\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
-\small card\\[-2mm]\small terminal\\[-2mm] \small producer
+\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
+\small Browser
\end{tabular}
\end{textblock}
-\begin{textblock}{1}(10,7)
- \begin{tikzpicture}[scale=1.6]
- \draw[white] (0,0) node (X) {};
- \draw[white] (-1,0.6) node (Y) {};
- \draw[red, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}
-
-
+\only<2>{
+\begin{textblock}{10}(2,13.5)
\begin{itemize}
-\item A ``tamperesitant'' terminal playing Tetris on
-\textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}.\\
-\textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})}
+\item programming languages, compilers
\end{itemize}
-
-
-%\includegraphics[scale=0.2]{pics/tetris.jpg}
+\end{textblock}}
\end{frame}}
@@ -289,62 +155,93 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}
+
+transforming strings into structured data\\[10mm]
+{\LARGE\bf Lexing}\medskip\\
+\hspace{5mm}(recognising ``words'')\\[6mm]
-\begin{itemize}
-\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts\smallskip
-\item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been
-expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months
-before over mobile phone networks to criminals in Lahore, Pakistan
-\end{itemize}
-
+{\LARGE\bf Parsing}\medskip\\
+\hspace{5mm}(recognising ``sentences'')
+
\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Chip-and-PIN is Broken\end{tabular}}
-\begin{flushright}
-%\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
-%\includegraphics[scale=1.5]{pics/anderson.jpg}
-\end{flushright}
+The subject is quite old:
\begin{itemize}
-\item man-in-the-middle attacks by the group around Ross Anderson\medskip
+\item Turing Machines, 1936
+\item first compiler for COBOL, 1957 (Grace Hopper)
+\item but surprisingly research papers are still published now
\end{itemize}
-\begin{center}
-\mbox{}\hspace{-20mm}%\includegraphics[scale=0.5]{pics/chip-attack.png}
-\end{center}
+\begin{flushright}
+\includegraphics[scale=0.3]{pics/hopper.jpg}\\
+\footnotesize\textcolor{gray}{Grace Hopper}
+\end{flushright}
+
+{\footnotesize\textcolor{gray}{(she made it to David Letterman's Tonight Show, \url{http://www.youtube.com/watch?v=aZOxtURhfEU})}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}This Course\end{tabular}}
-\begin{textblock}{1}(11.5,13.7)
-\begin{tabular}{l}
-\footnotesize on BBC Newsnight\\[-2mm]
-\footnotesize in 2010 or \textcolor{blue}{\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}}
-\end{tabular}
-\end{textblock}
-
+\begin{itemize}
+\item regular expression / regular expression matching
+\item a bit of sets (of strings)
+\item automata
+\item the Myhill-Nerode theorem
+\item parsing
+\item grammars
+\item a small interpreter / webbrowser
+\end{itemize}
+
\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}This Course\end{tabular}}
+
+\begin{itemize}
+\item the ultimate goal is to implement a small web-browser (really small)\bigskip
+\end{itemize}
+
+Let's start with:
+
+\begin{itemize}
+\item a web-crawler
+\item an email harvester
+\item a web-scraper
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN is Really Broken\end{tabular}}
+\frametitle{\begin{tabular}{c}Scala\end{tabular}}
+
+\footnotesize a simple function for reading webpages
-\begin{flushright}
-%\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
-%\includegraphics[scale=1.5]{pics/anderson.jpg}
-\end{flushright}
+{\lstset{language=Scala}\fontsize{8}{10}\selectfont
+\texttt{\lstinputlisting{app0.scala}}}\pause\bigskip
-\begin{itemize}
-\item same group successfully attacked this year card readers and ATM machines
-\item the problem: several types of ATMs generate poor random numbers, which are used as nonces
-\end{itemize}
+\footnotesize
+{\lstset{language=Scala}\fontsize{8}{10}\selectfont
+\texttt{\lstinputlisting{app1.scala}}}
+
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -352,170 +249,8 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem \ldots\end{tabular}}
-\begin{textblock}{1}(3,4)
-\begin{tabular}{c}
-%\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
-\small Bank
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{1}(7,4.5)
-\begin{tabular}{c}
-%\includegraphics[scale=3]{pics/store.png}\\[-2mm]
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{1}(12,6.5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
-\small terminal\\[-2mm] \small producer
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{1}(4.5,9.9)
-\begin{tabular}{c}
-%\includegraphics[scale=0.13]{pics/rman.png}\\[-1mm]
-\small costumer / you
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{1}(4.5,7.5)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1,-1) node (Y) {};
- \draw[gray, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(6.8,7.5)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1,1) node (Y) {};
- \draw[gray, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(4.8,5.9)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1.4,0) node (Y) {};
- \draw[gray, <->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(10,7)
- \begin{tikzpicture}[scale=1.6]
- \draw[white] (0,0) node (X) {};
- \draw[white] (-1,0.6) node (Y) {};
- \draw[gray, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{14}(1,13.5)
-\begin{itemize}
-\item the burden of proof for fraud and financial liability was shifted to the costumer
-\end {itemize}
-\end{textblock}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Being Screwed Again\end{tabular}}
-
-
-\begin{flushright}
-%\includegraphics[scale=0.3]{pics/rbssecure.jpg}
-\end{flushright}
-
-\begin{itemize}
-\item {\bf Responsibility}\\
-``You understand that you are financially responsible for all uses of RBS Secure.''\\
-\textcolor{lightgray}{\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}}
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Web Applications\end{tabular}}
-
-
-\begin{textblock}{1}(2,5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
-\small Servers from\\[-2mm]
-\small Dot.com Inc.
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{1}(5.6,6)
- \begin{tikzpicture}[scale=2.5]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1,0) node (Y) {};
- \only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
- \only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
- \only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
- \node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
- \end{tikzpicture}
-\end{textblock}
-
-
-\begin{textblock}{1}(9,5.5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
-\small Client(s)
-\end{tabular}
-\end{textblock}
-
-\begin{textblock}{13}(1,13)
-\begin{itemize}
-\item What are pitfalls and best practices?
-\end{itemize}
-\end{textblock}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Scala + Play\end{tabular}}
-
-\footnotesize a simple response from the server:
-
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app0.scala}}}\bigskip
-
-\footnotesize
-alternative response:\\
-
-{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-\texttt{\lstinline{Ok("<H1>Hello world!</H1>").as(HTML)}}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app1.scala}}}
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -704,296 +439,23 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-\begin{center}
-%\includegraphics[scale=1.8]{pics/barrier.jpg}
-\end{center}
-
-\begin{itemize}
-\item data integrity needs to be ensured
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\mbox{}\\[-7mm]
-
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app3.scala}}}
-
-\small
-\begin{itemize}
-\item the counter/hash pair is intended to prevent tampering
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}SHA-1\end{tabular}}
-
-\begin{itemize}
-\item SHA-1 is a cryptographic hash function\\
-(MD5, SHA-256, SHA-512, \ldots)
-\item message $\rightarrow$ digest
-\item no known attack exists, except brute force\bigskip\pause
-\item but dictionary attacks are very ef$\!$fective for extracting passwords (later)
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\mbox{}\\[-9mm]
-
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app4.scala}}}
-
-\begin{textblock}{1}(9,1)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (3,0) node (Y) {};
- \draw[red, <-, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(6.6,4.9)
- \begin{tikzpicture}[scale=1.3]
- \draw[white] (0,0) node (X) {};
- \draw[white] (1,-1) node (Y) {};
- \draw[red, <-, line width = 2mm] (X) -- (Y);
- \node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
- \end{tikzpicture}
-\end{textblock}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}
-
-\begin{itemize}
-\item passwords are \alert{\bf not} stored in clear text
-\item instead \texttt{/etc/shadow} contains
-\end{itemize}
-
-{\small
-\texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info}
-}
-
-\begin{itemize}
-\item \texttt{\$} is separator
-\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
-\item \texttt{QIGCa} is salt
-\item \texttt{ruJs8AvmrknzKTzM2TYE} $\rightarrow$ password + salt
-\end{itemize}
-
-\textcolor{gray}{\small
-(\texttt{openssl passwd -1 -salt QIGCa pippo})
-}
-% Unix password
-% http://ubuntuforums.org/showthread.php?p=5318038
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Password Blunders\end{tabular}}
-
-
-\begin{itemize}
-\item in late 2009, when an SQL injection attack against online games
-service RockYou.com exposed 32 million \alert{plaintext} passwords
-
-\item 1.3 million Gawker credentials exposed in December 2010 containing
-unsalted(?) \alert{MD5} hashes
-
-\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn
-% linkedIn password
-% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
-\end{itemize}\medskip
-
-\small
-Web user maintains 25 separate accounts but uses just 6.5 passwords
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits.
-
-
-% rainbow tables
-% http://en.wikipedia.org/wiki/Rainbow_table
-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}
+\frametitle{\begin{tabular}{c}Exam\end{tabular}}
\begin{itemize}
-\item How fast can hackers crack SHA-1 passwords? \pause
-
-\item The answer is 2 billion attempts per second\\
-using a Radeon HD 7970
-\end{itemize}
-
-\begin{center}
-\begin{tabular}{@ {\hspace{-12mm}}rl}
-password length & time\smallskip\\\hline
-5 letters & 5 secs\\
-6 letters & 500 secs\\
-7 letters & 13 hours\\
-8 letters & 57 days\\
-9 letters & 15 years\\
-\end{tabular}
-\end{center}
-
-\small
-5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\
-(1 letter - upper case, lower case, digits, symbols $\approx$ 100)
-
-\only<2->{
-\begin{textblock}{1}(12,5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.3]{pics/radeon.jpg}\\[-6mm]
-\footnotesize graphics card\\[-1mm]
-\footnotesize ca.~\pounds{}300
-\end{tabular}
-\end{textblock}}
-
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Passwords\end{tabular}}
-
-How to recover from a breakin?\pause\medskip
-
-\begin{itemize}
-\item Do not send passwords in plain text.
-\item Security questions are tricky to get right.
-\item QQ (Chinese Skype) authenticates you via contacts.
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}This Course\end{tabular}}
-
-\begin{itemize}
-\item break-ins (buffer overflows)
-\item access control\\ (role based, data security / data integrity)
-\item protocols\\
-(specification)
-\item access control logic
-\item privacy
-\begin{quote}
-Scott McNealy: \\``You have zero privacy anyway. Get over it.''
-\end{quote}
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Books + Homework\end{tabular}}
-
-\begin{itemize}
-\item there is no single book I am following
-\begin{center}
-%\includegraphics[scale=0.012]{pics/andersonbook1.jpg}
-%\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg}
-\end{center}\medskip\pause
-
-\item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\
+\item The question ``Is this relevant for the exams?'' is not appreciated!\bigskip\\
Whatever is in the homework sheets (and is not marked optional) is relevant for the
-exam. No code needs to be written.
+exam.\\ No code needs to be written.
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}}
-
-\begin{itemize}
-\item Never store passwords in plain text.\medskip
-\item Always salt your hashes!\medskip
-\item Use an existing algorithm; do not write your own!
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}}
-
-\begin{itemize}
-\item What are you trying to protect?
-\item What properties are you trying to enforce?\medskip
-
-\item Who are the attackers? Capabilities? Motivations?
-\item What kind of attack are we trying to protect?
-\item Who can fix any vulnerabilities?\medskip
-
-\item What are the weaknesses of the system?
-\item What will successful attacks cost us?
-\item How likely are the attacks?
-\end{itemize}
-
-\small
-\textcolor{gray}{Security almost always is {\bf not} free!}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Security Mindset\end{tabular}}
-
-\begin{itemize}
-\item How things can go wrong.
-\item Think outside the box.
-\end{itemize}\bigskip
-
-The difference between being criminal is to only \alert{\bf think} about how things can go wrong.
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
