Halderman. I think they are the world experts in the area of

security engineering. I especially like that they argue that a

security engineer requires a certain \emph{security mindset}.

Bruce Schneier for example writes:

\noindent In this module I like to teach you this security

mindset. This might be a mindset that you think is very

foreign to you (after all we are all good citizens). I beg to

differ: You have this mindset already when in school you were

thinking, at least hypothetically, in which ways you can cheat

in an exam (whether it is about hiding notes or looking over

the shoulders of your fellow pupils). Right? To defend a

system, you need to have this kind mindset and be able to

think like an attacker. This will include understanding

techniques that can be used to compromise security and privacy

in systems. This will many times result in insights where

well-intended security mechanism made a system actually less

secure.\smallskip 

{\Large\bf Warning!} However, don’t be evil! Using those

techniques in the real world may violate the law or King’s

rules, and it may be unethical. Under some circumstances, even

probing for weaknesses of a system may result in severe

penalties, up to and including expulsion, civil fines, and

jail time. Acting lawfully and ethically is your

responsibility. Ethics requires you to refrain from doing

harm. Always respect privacy and rights of others. Do not

tamper with any of King's systems. If you try out a technique,

always make doubly sure you are working in a safe environment

so that you cannot cause any harm, not even accidentically.

Don't be evil. Be an ethical hacker.

In this lecture I want to make you familiar with the security

mindset and dispel the myth that encryption is the answer to

security (it certainly is one answer, but by no means a

sufficient one). This is actually an important thread going

through the whole course: We will assume that encryption works

perfectly, but still attack ``things''. By ``works perfectly''

we mean that we will assume encryption is a black box and, for

example, will not look at the underlying

mathematics.\footnote{Though fascinating it might be.}