44 |
43 |
45 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
44 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
46 \begin{frame} |
45 \begin{frame} |
47 |
46 |
48 \begin{center} |
47 \begin{center} |
49 \includegraphics[scale=2.1]{../pics/barrier.jpg} |
48 \includegraphics[scale=0.5]{../pics/barrier.jpg} |
50 \end{center} |
49 \end{center} |
51 |
50 |
52 \end{frame} |
51 \end{frame} |
53 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
52 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
54 |
53 |
55 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56 \begin{frame} |
|
57 |
|
58 \begin{center} |
|
59 \begin{tikzpicture}[scale=1.3] |
|
60 %\draw[very thick, scale=1] (0, 0) grid (6, -4); |
|
61 \draw (0,0) node (X) {\includegraphics[scale=0.1]{../pics/rman.png}}; |
|
62 \draw (6,0) node (Y) {\includegraphics[scale=0.1]{../pics/gman.png}}; |
|
63 \node[below] at (X.south) {Alice}; |
|
64 \node[below] at (Y.south) {Bob}; |
|
65 |
|
66 \draw[red,<->,line width = 3mm] (X) -- (Y); |
|
67 \node [inner sep=5pt,label=above:{\begin{tabular}{c} |
|
68 secure/private\\ |
|
69 communication |
|
70 \end{tabular}}] |
|
71 at ($ (X)!.5!(Y) $) {}; |
|
72 |
|
73 \draw (1.0,-1.5) node {\includegraphics[scale=0.05]{../pics/nsa.png}}; |
|
74 \draw (2.4,-1.5) node {\includegraphics[scale=0.3]{../pics/gchq.jpg}}; |
|
75 \draw (1.7,-2.3) node {\huge\ldots}; |
|
76 \draw (4.2,-1.5) node {\includegraphics[scale=0.05]{../pics/apple.png}}; |
|
77 \draw (5.4,-1.7) node {\includegraphics[scale=0.15]{../pics/google.png}}; |
|
78 \draw (5.0,-2.3) node {\huge\ldots}; |
|
79 \end{tikzpicture} |
|
80 \end{center} |
|
81 |
|
82 \begin{center} |
|
83 \includegraphics[scale=0.1]{../pics/snowden.jpg} |
|
84 \end{center} |
|
85 |
|
86 \end{frame} |
|
87 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
88 |
|
89 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
90 \begin{frame} |
|
91 |
|
92 \begin{center} |
|
93 \includegraphics[scale=0.45]{../pics/lavabit-email.jpg} |
|
94 \end{center} |
|
95 \small{}\mbox{}\hfill{} |
|
96 Lavabit email service closed down on 8 August 2013. \\ |
|
97 \mbox{}\hfill{}\url{www.goo.gl/bgSrVp} |
|
98 |
|
99 \end{frame} |
|
100 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
101 |
|
102 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
103 \begin{frame} |
|
104 \frametitle{Also Bad Guys} |
|
105 |
|
106 \begin{textblock}{1}(4,2.5) |
|
107 \begin{tikzpicture}[scale=1.3] |
|
108 \draw (0,0) node (X) {\includegraphics[scale=0.1]{../pics/rman.png}}; |
|
109 \draw (4,0) node (Y) {\includegraphics[scale=0.1]{../pics/gman.png}}; |
|
110 \draw[red, <->, line width = 2mm] (X) -- (Y); |
|
111 \end{tikzpicture} |
|
112 \end{textblock} |
|
113 |
|
114 \begin{textblock}{1}(1,5) |
|
115 \begin{bubble}[11cm] |
|
116 \small |
|
117 Anonymous Hacker operating a 10k bonnet using the ZeuS |
|
118 hacking tool wrote:\medskip\\ ``FYI I do not cash out the bank |
|
119 accounts or credit cards, I just sell the information (I know, |
|
120 its just as bad...), there isn't even a law against |
|
121 such in most countries, dealing with stolen information is |
|
122 most of the time a legally greyzone (I was just as surprised |
|
123 when I looked it up), I'm not talking about 3rd world |
|
124 countries, but about European like Spain (The Mariposa botnet |
|
125 owner never got charged, because a botnet isn't illegal, only |
|
126 abusing CC information is, but that did other guys).'' |
|
127 \hfill{}\url{www.goo.gl/UWluh0} |
|
128 \end{bubble} |
|
129 \end{textblock} |
|
130 |
|
131 \end{frame} |
|
132 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
133 |
54 |
134 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
55 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
135 \begin{frame} |
56 \begin{frame} |
136 \frametitle{This is a Misconception!} |
57 \frametitle{This is a Misconception!} |
137 |
58 |
138 \begin{center} |
59 \begin{center} |
139 \includegraphics[scale=0.55]{../pics/cryptographic-small.png} |
60 \includegraphics[scale=0.55]{../pics/cryptographic-small.png} |
140 \end{center} |
61 \end{center} |
141 |
62 |
142 \centering |
63 \centering |
143 \begin{bubble}[9cm] |
64 \begin{bubble}[10cm] |
144 \small |
65 \small |
145 There is some consensus that the NSA can probably not |
66 There is some consensus that the NSA can probably not |
146 brute-force magically better than the ``public''. |
67 brute-force magically better than the ``public''. |
147 \end{bubble} |
68 \end{bubble} |
148 |
69 |
746 \end{textblock}} |
667 \end{textblock}} |
747 |
668 |
748 \end{frame} |
669 \end{frame} |
749 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
670 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
750 |
671 |
751 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
752 \begin{frame}[t] |
|
753 \begin{itemize} |
|
754 \item While cookies are per web-page, this can be easily circumvented. |
|
755 \end{itemize} |
|
756 |
|
757 \begin{textblock}{1}(1.5,4.5) |
|
758 \begin{tabular}{c} |
|
759 \includegraphics[scale=0.07]{../pics/servers.png}\\[-2mm] |
|
760 \small Pet Store\\[-2mm] |
|
761 \small Dot.com\\[-2mm] |
|
762 \end{tabular} |
|
763 \end{textblock} |
|
764 |
|
765 \begin{textblock}{1}(1.5,8) |
|
766 \begin{tabular}{c} |
|
767 \includegraphics[scale=0.07]{../pics/servers.png}\\[-2mm] |
|
768 \small Dating.com |
|
769 \end{tabular} |
|
770 \end{textblock} |
|
771 |
|
772 \begin{textblock}{1}(10.5,7.5) |
|
773 \begin{tabular}{c} |
|
774 \includegraphics[scale=0.07]{../pics/servers.png}\\[-2mm] |
|
775 \small Evil-Ad-No\\[-2mm] |
|
776 \small Privacy.com |
|
777 \end{tabular} |
|
778 \end{textblock} |
|
779 |
|
780 \begin{textblock}{1}(6,10.5) |
|
781 \begin{tabular}{c} |
|
782 \includegraphics[scale=0.16]{../pics/rman.png}\\[-1mm] |
|
783 \small you |
|
784 \end{tabular} |
|
785 \end{textblock} |
|
786 |
|
787 \begin{textblock}{1}(4,5) |
|
788 \begin{tikzpicture}[scale=1] |
|
789 \draw[white] (0,0.5) node (X) {}; |
|
790 \draw[white] (5.7,-1) node (Y) {}; |
|
791 \draw[red, ->, line width = 0.5mm] (X) -- (Y); |
|
792 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
793 \end{tikzpicture} |
|
794 \end{textblock} |
|
795 |
|
796 \begin{textblock}{1}(4,7.9) |
|
797 \begin{tikzpicture}[scale=1] |
|
798 \draw[white] (0,0) node (X) {}; |
|
799 \draw[white] (5.7,0) node (Y) {}; |
|
800 \draw[red, ->, line width = 0.5mm] (X) -- (Y); |
|
801 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
802 \end{tikzpicture} |
|
803 \end{textblock} |
|
804 |
|
805 \begin{textblock}{1}(3.3,9.3) |
|
806 \begin{tikzpicture}[scale=1.2] |
|
807 \draw[white] (0,0) node (X) {}; |
|
808 \draw[white] (1.5,-1) node (Y) {}; |
|
809 \draw[red, <->, line width = 2mm] (X) -- (Y); |
|
810 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
811 \draw[white] (0.9,0.3) node (X1) {}; |
|
812 \draw[white] (1.9,-1) node (Y1) {}; |
|
813 \draw[red, <->, line width = 2mm] (X1) -- (Y1); |
|
814 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X1)!.5!(Y1) $) {}; |
|
815 \end{tikzpicture} |
|
816 \end{textblock} |
|
817 |
|
818 \begin{textblock}{1}(8.6,10.1) |
|
819 \begin{tikzpicture}[scale=0.9] |
|
820 \draw[white] (0,0) node (X) {}; |
|
821 \draw[white] (-2,-1) node (Y) {}; |
|
822 \draw[red, <->, line width = 0.5mm] (X) -- (Y); |
|
823 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
824 \end{tikzpicture} |
|
825 \end{textblock} |
|
826 |
|
827 \end{frame} |
|
828 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
829 |
672 |
830 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
673 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
831 \begin{frame}[c] |
674 \begin{frame}[c] |
832 \frametitle{My First Real Webapp} |
675 \frametitle{My First Real Webapp} |
833 |
676 |
1013 unsalted(?) \alert{MD5} hashes |
856 unsalted(?) \alert{MD5} hashes |
1014 |
857 |
1015 \item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn |
858 \item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn |
1016 % linkedIn password |
859 % linkedIn password |
1017 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
860 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
|
861 |
|
862 \item in July 2015, hackers leaked a password database from |
|
863 Ashley Madison containing 31 million passwords, many of them |
|
864 poorly hashed |
1018 \end{itemize}\medskip |
865 \end{itemize}\medskip |
1019 |
866 |
1020 \small |
867 \small |
1021 (web user maintains 25 separate accounts but uses just 6.5 passwords.) |
868 (web user maintains 25 separate accounts but uses just 6.5 passwords.) |
1022 |
869 |
1076 How to recover from a break in?\pause\medskip |
923 How to recover from a break in?\pause\medskip |
1077 |
924 |
1078 \begin{itemize} |
925 \begin{itemize} |
1079 \item Do not send passwords in plain text. |
926 \item Do not send passwords in plain text. |
1080 \item Security questions are tricky to get right. |
927 \item Security questions are tricky to get right. |
1081 \item QQ (Chinese Skype) authenticates you via contacts. |
|
1082 \end{itemize} |
928 \end{itemize} |
1083 |
929 |
1084 \end{frame} |
930 \end{frame} |
1085 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
931 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1086 |
932 |
1087 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
933 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1088 \begin{frame}[c] |
934 \begin{frame}[c] |
1089 \frametitle{This Course} |
935 \frametitle{This Course} |
1090 |
936 |
1091 \begin{itemize} |
937 \begin{itemize} |
|
938 \item electronic voting |
1092 \item break-ins (buffer overflows) |
939 \item break-ins (buffer overflows) |
1093 \item access control\\ (role based, data security / data integrity) |
940 \item access control\\ (role based, data security / data integrity) |
1094 \item electronic voting |
941 \item protocols |
1095 \item protocols (specification) |
942 \item zero-knowledge proofs |
1096 \item access control logic |
|
1097 \item privacy |
943 \item privacy |
1098 \begin{quote} |
944 \begin{quote} |
1099 Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
945 Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
1100 \end{quote} |
946 \end{quote} |
1101 \item zero-knowledge proofs |
947 \item trust, bitcoins |
|
948 \item static analysis |
1102 \end{itemize} |
949 \end{itemize} |
1103 |
950 |
1104 \end{frame} |
951 \end{frame} |
1105 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
952 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
953 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
954 \begin{frame}[c] |
|
955 \frametitle{Books + Homework} |
|
956 |
|
957 \begin{itemize} |
|
958 \item There is no single book I am following, but |
|
959 |
|
960 \begin{center} |
|
961 \includegraphics[scale=0.012]{../pics/andersonbook1.jpg} |
|
962 %%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg} |
|
963 \end{center}\medskip\pause |
|
964 |
|
965 \item The question ``\emph{Is this relevant for the exams?}'' |
|
966 is not appreciated!\medskip\\ |
|
967 |
|
968 Whatever is in the homework (and is not marked optional) is |
|
969 relevant for the exam. No code needs to be written. |
|
970 |
|
971 \end{itemize} |
|
972 |
|
973 \end{frame} |
|
974 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
975 |
|
976 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
977 \begin{frame}[c] |
|
978 \frametitle{Further Information} |
|
979 |
|
980 For your personal interest: |
|
981 |
|
982 \begin{itemize} |
|
983 \item RISKS mailing list |
|
984 \item Schneier's Crypto newsletter |
|
985 \item Google+ Ethical Hacker group |
|
986 \end{itemize} |
|
987 |
|
988 \end{frame} |
|
989 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
990 |
|
991 |
|
992 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
993 \begin{frame}[c] |
|
994 \frametitle{Take-Home Points} |
|
995 |
|
996 \begin{itemize} |
|
997 \item Never store passwords in plain text.\medskip |
|
998 \item Always salt your hashes!\medskip |
|
999 \item Use an existing crypto algorithm; do not write your own!\medskip |
|
1000 \item Make the party responsible for losses that is in the position to improve |
|
1001 security. |
|
1002 \end{itemize} |
|
1003 |
|
1004 \end{frame} |
|
1005 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1006 |
|
1007 |
1106 |
1008 |
1107 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1009 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1108 \begin{frame}[c] |
1010 \begin{frame}[c] |
1109 \frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}} |
1011 \frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}} |
1110 |
1012 |
1187 \end{textblock}} |
1089 \end{textblock}} |
1188 |
1090 |
1189 \end{frame} |
1091 \end{frame} |
1190 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1092 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1191 |
1093 |
1192 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1193 \begin{frame}[c] |
|
1194 \frametitle{Books + Homework} |
|
1195 |
|
1196 \begin{itemize} |
|
1197 \item There is no single book I am following |
|
1198 |
|
1199 \begin{center} |
|
1200 \includegraphics[scale=0.012]{../pics/andersonbook1.jpg} |
|
1201 %%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg} |
|
1202 \end{center}\medskip\pause |
|
1203 |
|
1204 \item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\ |
|
1205 |
|
1206 Whatever is in the homework (and is not marked optional) is relevant for the |
|
1207 exam. No code needs to be written. |
|
1208 \end{itemize} |
|
1209 |
|
1210 \end{frame} |
|
1211 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1212 |
|
1213 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1214 \begin{frame}[c] |
|
1215 \frametitle{Further Information} |
|
1216 |
|
1217 For your personal interest: |
|
1218 |
|
1219 \begin{itemize} |
|
1220 \item RISKS mailing list |
|
1221 \item Schneier's Crypto newsletter |
|
1222 \item Google+ Ethical Hacker group |
|
1223 \end{itemize} |
|
1224 |
|
1225 \end{frame} |
|
1226 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1227 |
|
1228 |
|
1229 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1230 \begin{frame}[c] |
|
1231 \frametitle{Take-Home Points} |
|
1232 |
|
1233 \begin{itemize} |
|
1234 \item Never store passwords in plain text.\medskip |
|
1235 \item Always salt your hashes!\medskip |
|
1236 \item Use an existing crypto algorithm; do not write your own!\medskip |
|
1237 \item Make the party responsible for losses that is in the position to improve |
|
1238 security. |
|
1239 \end{itemize} |
|
1240 |
|
1241 \end{frame} |
|
1242 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1243 |
|
1244 |
|
1245 \end{document} |
1094 \end{document} |
|
1095 |
|
1096 |
1246 |
1097 |
1247 %%% Local Variables: |
1098 %%% Local Variables: |
1248 %%% mode: xelatex |
1099 %%% mode: xelatex |
1249 %%% TeX-master: t |
1100 %%% TeX-master: t |
1250 %%% End: |
1101 %%% End: |