\documentclass{article}

\usepackage{../style}

\begin{document}

\section*{Homework 1}

\begin{enumerate}

\item {\bf (Optional)} If you want to have a look at the code

  presented in the lectures, install \texttt{Node.js} available (for free) from

\begin{center}

\url{http://nodejs.org}

\end{center}

It needs aslo the Node-packages Express, Cookie-Parser, Body-Parser and 

Crypto. They can be easily installed using the Node package manager \texttt{npm}.

\item Practice thinking like an attacker. Assume the following situation:

  \begin{quote}\it

    Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip

    \noindent

    \begin{tabular}{@ {}l}

      Write the first 100 digits of pi:\\

      3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

    \end{tabular}

  \end{quote}

\noindent

Think of ways how you can cheat in this exam? How would you defend

against such cheats.

\item Here is another puzzle where you can practice thinking like an

  attacker: Consider modern car keys. They wirelessly open and close

  the central locking system of the car. Whenever you lock the car,

  the car ``responds'' by flashing the indicator lights. Can you think

  of a security relevant purpose for that? (Hint: Imagine you are in

  the business of stealing cars. What attack would be easier to

  perform if the lights do not flash?)

\item Explain what hashes and salts are. Describe how they can be used

  for ensuring data integrity and storing password information.

\item What is the difference between a brute force attack and a 

  dictionary attack on passwords? 

\item What are good uses of cookies (that is browser cookies)?

\item Why is making bank customers liable for financial fraud a bad

design choice for credit card payments?

\end{enumerate}

\end{document}

%%% Local Variables: 

%%% mode: latex

%%% TeX-master: t

%%% End: