164 |
164 |
165 \begin{tikzpicture} |
165 \begin{tikzpicture} |
166 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
166 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
167 {\normalsize\color{darkgray} |
167 {\normalsize\color{darkgray} |
168 \begin{minipage}{10cm}\raggedright\small |
168 \begin{minipage}{10cm}\raggedright\small |
169 The Guardian (2006): ``Chip-and-PIN is so effective in this country that fraudsters are starting to move their activities overseas,'' |
169 ``Chip-and-PIN is so effective in this country that fraudsters are starting to move their activities overseas,'' |
170 said Emile Abu-Shakra, spokesman for Lloyds TSB. |
170 said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006). |
171 \end{minipage}}; |
171 \end{minipage}}; |
172 \end{tikzpicture}\bigskip |
172 \end{tikzpicture}\bigskip |
173 |
173 |
174 |
174 |
175 \begin{itemize} |
175 \begin{itemize} |
183 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
183 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
184 |
184 |
185 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
185 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
186 \mode<presentation>{ |
186 \mode<presentation>{ |
187 \begin{frame}[c] |
187 \begin{frame}[c] |
188 \frametitle{\begin{tabular}{c}BUT\ldots\end{tabular}} |
188 \frametitle{\begin{tabular}{c}Let's see\ldots\end{tabular}} |
189 |
189 |
190 |
190 |
191 \begin{textblock}{1}(3,4) |
191 \begin{textblock}{1}(3,4) |
192 \begin{tabular}{c} |
192 \begin{tabular}{c} |
193 \includegraphics[scale=0.3]{pics/bank.png}\\[-2mm] |
193 \includegraphics[scale=0.3]{pics/bank.png}\\[-2mm] |
224 \begin{frame}[c] |
224 \begin{frame}[c] |
225 \frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}} |
225 \frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}} |
226 |
226 |
227 |
227 |
228 \begin{itemize} |
228 \begin{itemize} |
229 \item ``tamperesitant'' terminal playing Tetris on |
229 \item A ``tamperesitant'' terminal playing Tetris on |
230 \textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}\\ |
230 \textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}.\\ |
231 \textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})} |
231 \textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})} |
232 \end{itemize} |
232 \end{itemize} |
233 |
233 |
234 |
234 |
235 \includegraphics[scale=0.2]{pics/tetris.jpg} |
235 \includegraphics[scale=0.2]{pics/tetris.jpg} |
243 \begin{frame}[c] |
243 \begin{frame}[c] |
244 \frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}} |
244 \frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}} |
245 |
245 |
246 |
246 |
247 \begin{itemize} |
247 \begin{itemize} |
248 \item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts |
248 \item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts\smallskip |
249 \item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been |
249 \item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been |
250 expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months |
250 expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months |
251 before over mobile phone networks to criminals in Lahore, Pakistan |
251 before over mobile phone networks to criminals in Lahore, Pakistan |
252 \end{itemize} |
252 \end{itemize} |
253 |
253 |
263 \includegraphics[scale=0.01]{pics/andersonbook1.jpg}\; |
263 \includegraphics[scale=0.01]{pics/andersonbook1.jpg}\; |
264 \includegraphics[scale=1.5]{pics/anderson.jpg} |
264 \includegraphics[scale=1.5]{pics/anderson.jpg} |
265 \end{flushright} |
265 \end{flushright} |
266 |
266 |
267 \begin{itemize} |
267 \begin{itemize} |
268 \item Man-in-the-middle attacks by the group around Ross Anderson\medskip |
268 \item man-in-the-middle attacks by the group around Ross Anderson\medskip |
269 \end{itemize} |
269 \end{itemize} |
270 |
270 |
271 \begin{center} |
271 \begin{center} |
272 \includegraphics[scale=0.5]{pics/chip-attack.png} |
272 \mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{pics/chip-attack.png} |
273 \end{center} |
273 \end{center} |
|
274 |
|
275 |
|
276 \begin{textblock}{1}(11.5,13.7) |
|
277 \begin{tabular}{l} |
|
278 \footnotesize on BBC Newsnight\\[-2mm] |
|
279 \footnotesize in 2010 or \textcolor{blue}{\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}} |
|
280 \end{tabular} |
|
281 \end{textblock} |
274 |
282 |
275 \end{frame}} |
283 \end{frame}} |
276 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
284 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
277 |
285 |
278 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
286 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
284 \includegraphics[scale=0.01]{pics/andersonbook1.jpg}\; |
292 \includegraphics[scale=0.01]{pics/andersonbook1.jpg}\; |
285 \includegraphics[scale=1.5]{pics/anderson.jpg} |
293 \includegraphics[scale=1.5]{pics/anderson.jpg} |
286 \end{flushright} |
294 \end{flushright} |
287 |
295 |
288 \begin{itemize} |
296 \begin{itemize} |
289 \item same group successfully attacked last this year card readers and ATM machines |
297 \item same group successfully attacked this year card readers and ATM machines |
290 \item the problem: several types of ATMs generate poor random numbers, which are used as nonces |
298 \item the problem: several types of ATMs generate poor random numbers, which are used as nonces |
291 \end{itemize} |
299 \end{itemize} |
292 |
300 |
293 \end{frame}} |
301 \end{frame}} |
294 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
302 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
382 \end{textblock} |
390 \end{textblock} |
383 |
391 |
384 \end{frame}} |
392 \end{frame}} |
385 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
393 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
386 |
394 |
|
395 |
|
396 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
397 \mode<presentation>{ |
|
398 \begin{frame}[c] |
|
399 \frametitle{\begin{tabular}{c}Scala + Play\end{tabular}} |
|
400 |
|
401 {\lstset{language=Scala}\fontsize{8}{10}\selectfont |
|
402 \texttt{\lstinputlisting{app0.scala}}}\bigskip |
|
403 |
|
404 \footnotesize |
|
405 alternative response:\\ |
|
406 |
|
407 {\lstset{language=Scala}\fontsize{8}{10}\selectfont |
|
408 \texttt{Ok("<H1>Hello world!</H1>").as(HTML)}} |
|
409 \end{frame}} |
|
410 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
411 |
|
412 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
413 \mode<presentation>{ |
|
414 \begin{frame}[c] |
|
415 |
|
416 {\lstset{language=Scala}\fontsize{8}{10}\selectfont |
|
417 \texttt{\lstinputlisting{app1.scala}}} |
|
418 |
|
419 |
|
420 \end{frame}} |
|
421 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
422 |
387 % linkedIn password |
423 % linkedIn password |
388 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
424 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
389 |
425 |
390 % rainbow tables |
426 % rainbow tables |
391 % http://en.wikipedia.org/wiki/Rainbow_table |
427 % http://en.wikipedia.org/wiki/Rainbow_table |
397 \mode<presentation>{ |
433 \mode<presentation>{ |
398 \begin{frame}[c] |
434 \begin{frame}[c] |
399 \frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}} |
435 \frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}} |
400 |
436 |
401 \begin{itemize} |
437 \begin{itemize} |
402 \item How fast can hackers crack passwords? \pause |
438 \item How fast can hackers crack SHA-1 passwords? \pause |
403 |
439 |
404 \item The answer is 2 billion per second using a Radeon HD 7970 |
440 \item The answer is 2 billion attempts per second\\ |
405 \end{itemize} |
441 using a Radeon HD 7970 |
406 |
442 \end{itemize} |
407 |
443 |
408 \begin{center} |
444 \begin{center} |
409 \begin{tabular}{rl} |
445 \begin{tabular}{@ {\hspace{-12mm}}rl} |
410 password length & time\smallskip\\\hline |
446 password length & time\smallskip\\\hline |
411 5 letters & 5 secs\\ |
447 5 letters & 5 secs\\ |
412 6 letters & 500 secs\\ |
448 6 letters & 500 secs\\ |
413 7 letters & 13 hours\\ |
449 7 letters & 13 hours\\ |
414 8 letters & 57 days\\ |
450 8 letters & 57 days\\ |
415 9 letters & 15 years\\ |
451 9 letters & 15 years\\ |
416 \end{tabular} |
452 \end{tabular} |
417 \end{center} |
453 \end{center} |
418 |
454 |
419 \small |
455 \small |
420 5 letters $=$ 100$^5$ $=$ 10 billion combinations\\ |
456 5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ |
421 (1 letter $\approx$ upper case, lower case, digits, symbols) |
457 (1 letter - upper case, lower case, digits, symbols $\approx$ 100) |
|
458 |
|
459 \only<2->{ |
|
460 \begin{textblock}{1}(12,5) |
|
461 \begin{tabular}{c} |
|
462 \includegraphics[scale=0.3]{pics/radeon.jpg}\\[-6mm] |
|
463 \footnotesize graphics card\\[-1mm] |
|
464 \footnotesize ca.~\pounds{}300 |
|
465 \end{tabular} |
|
466 \end{textblock}} |
|
467 |
|
468 |
422 |
469 |
423 \end{frame}} |
470 \end{frame}} |
424 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
471 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
425 |
472 |
426 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
473 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |