46 be easier to perform if the lights do not flash?) |
46 be easier to perform if the lights do not flash?) |
47 Should the car also make a ``beep noise'' when it |
47 Should the car also make a ``beep noise'' when it |
48 unlocks the doors? Which threat could be thwarted |
48 unlocks the doors? Which threat could be thwarted |
49 by that? |
49 by that? |
50 |
50 |
51 \item And another one: Imagine you have at home a broadband |
|
52 contract with TalkTalk. You do not like their service |
|
53 and want to switch to Virgin, say. The procedure |
|
54 between the Internet providers is that you contact |
|
55 Virgin and set up a new contract and they will |
|
56 automatically inform TalkTalk to terminate the old |
|
57 contract. TalkTalk will then send you a letter to |
|
58 confirm that you want to terminate. If they do not hear |
|
59 from you, they will proceed with terminating |
|
60 the contract and will request any outstanding |
|
61 cancellation fees. Virgin on the other hand sends you a |
|
62 new router and paperwork about the new contract. |
|
63 Obviously this way of doing things is meant to make |
|
64 switching as convenient as possible. Still can |
|
65 you imagine situations in which this way of switching |
|
66 providers can cause you a lot of headaches? For |
|
67 this consider that TalkTalk needs approximately 14 days |
|
68 to reconnect you and might ask for reconnection fees. |
|
69 |
|
70 \item And another one: A water company installed devices that |
51 \item And another one: A water company installed devices that |
71 transmit meter readings when their company car drives |
52 transmit meter readings when their company car drives |
72 by. How can this transmitted data be abused, if not |
53 by. How can this transmitted data be abused, if not |
73 properly encrypted? If you identified an abuse, then how |
54 properly encrypted? If you identified an abuse, then how |
74 would you encrypt the data so that such an abuse is |
55 would you encrypt the data so that such an abuse is |
92 %% CYA security - cover-your-ass |
73 %% CYA security - cover-your-ass |
93 % It's an attitude I've seen before: "Something must |
74 % It's an attitude I've seen before: "Something must |
94 % be done. This is something. Therefore, we must do it." |
75 % be done. This is something. Therefore, we must do it." |
95 % Never mind if the something makes any sense or not. |
76 % Never mind if the something makes any sense or not. |
96 |
77 |
97 \item And another one: Imagine you are researching security |
78 |
98 products (e.g.~CCTV, alarms etc) on a helpful website. |
|
99 They ask you for your address details? Think about |
|
100 whether this can be bad for you. |
|
101 |
79 |
102 |
80 |
103 %\item Imagine there was recently a break in where computer criminals |
81 %\item Imagine there was recently a break in where computer criminals |
104 % stole a large password database containing |
82 % stole a large password database containing |
105 |
83 |
115 think it is good policy to require users to change their |
93 think it is good policy to require users to change their |
116 password every 3 months (as King's did until recently)? |
94 password every 3 months (as King's did until recently)? |
117 Under which circumstance should users be required to |
95 Under which circumstance should users be required to |
118 change their password? |
96 change their password? |
119 |
97 |
|
98 \item The biggest dictionary for dictionary attacks I know |
|
99 contains 15 Billion entries. If you try out all of these |
|
100 15 Billion entries in order to hack one password how |
|
101 much percent of the full brute-force space did you |
|
102 cover. For this assume passwords use 62 charcaters and |
|
103 are typically 8 characters long. |
|
104 |
120 \item What are good uses of cookies (that is browser cookies)? |
105 \item What are good uses of cookies (that is browser cookies)? |
121 |
106 |
122 \item Why is making bank customers liable for financial fraud a bad |
107 \item Why is making bank customers liable for financial fraud a bad |
123 design choice for credit card payments? |
108 design choice for credit card payments? |
124 |
109 |