Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw01.tex
changeset 382 5b943e29b717
parent 380 948f4b39d55d
child 384 3a7c08f2bf5d
equal deleted inserted replaced
381:036a762b02cf 382:5b943e29b717 
     2 \usepackage{../style}
 
     2 \usepackage{../style}
 
     3 
     3 
     4 \begin{document}
 
     4 \begin{document}
 
     5 
     5 
     6 \section*{Homework 1}
 
     6 \section*{Homework 1}
 
       
     7 
       
     8 \HEADER
 
       
     9 
     7 
    10 
     8 \begin{enumerate}
 
    11 \begin{enumerate}
 
     9 \item {\bf (Optional)} If you want to have a look at the code
 
    12 \item {\bf (Optional)} If you want to have a look at the code
 
    10   presented in the lectures, install \texttt{Node.js} available (for free) from
 
    13   presented in the lectures, install \texttt{Node.js} available (for free) from
 
    11 \begin{center}
 
    14 \begin{center}
 
    45       unlocks the doors? Which threat could be thwarted
 
    48       unlocks the doors? Which threat could be thwarted
 
    46       by that?
 
    49       by that?
 
    47 
    50 
    48 \item And another one: Imagine you have at home a broadband
 
    51 \item And another one: Imagine you have at home a broadband
 
    49       contract with TalkTalk. You do not like their service
 
    52       contract with TalkTalk. You do not like their service
 
    50       and want to switch, say, to Virgin. The procedure
 
    53       and want to switch to Virgin, say. The procedure
 
    51       between the Internet providers is that you contact
 
    54       between the Internet providers is that you contact
 
    52       Virgine and set up a new contract and they will
 
    55       Virgin and set up a new contract and they will
 
    53       automatically inform TalkTalk to terminate the old
 
    56       automatically inform TalkTalk to terminate the old
 
    54       contract. TalkTalk will then send you a letter to
 
    57       contract. TalkTalk will then send you a letter to
 
    55       confirm that you want to terminate. If they do not hear
 
    58       confirm that you want to terminate. If they do not hear
 
    56       from you otherwise, they will proceed with terminating
 
    59       from you, they will proceed with terminating
 
    57       the contract and will request any outstanding
 
    60       the contract and will request any outstanding
 
    58       cancellation fees. Virgin on the other hand sends you a
 
    61       cancellation fees. Virgin on the other hand sends you a
 
    59       new router and paperwork about the new contract.
 
    62       new router and paperwork about the new contract.
 
    60       Obviously this way of doing things is meant to make
 
    63       Obviously this way of doing things is meant to make
 
    61       switching for you as convenient as possible. Still can
 
    64       switching as convenient as possible. Still can
 
    62       you imagine in which situations this way of switching
 
    65       you imagine situations in which this way of switching
 
    63       providers can cause you a lot of headaches to you? For
 
    66       providers can cause you a lot of headaches? For
 
    64       this consider that TalkTalk needs approximately 14 days
 
    67       this consider that TalkTalk needs approximately 14 days
 
    65       to reconnect you and might ask for reconnection fees.
 
    68       to reconnect you and might ask for reconnection fees.
 
    66       
    69       
    67 \item And another one: A water company installed devices that
 
    70 \item And another one: A water company installed devices that
 
    68       transmit meter readings when their company car drives
 
    71       transmit meter readings when their company car drives
 
    70       properly encrypted? If you identified an abuse, then how
 
    73       properly encrypted? If you identified an abuse, then how
 
    71       would you encrypt the data so that such an abuse is
 
    74       would you encrypt the data so that such an abuse is
 
    72       prevented. Hint: Consider the fact that every person
 
    75       prevented. Hint: Consider the fact that every person
 
    73       uses approximately 120l of water every day.
 
    76       uses approximately 120l of water every day.
 
    74 
    77 
    75 \item And another one: Nowadays everybody is scared at a bomb
 
    78 %\item And another one: Nowadays everybody and their
 
    76       going off at a big event, say a football game. To
 
    79 %      grandmother seems to be scared about a bomb going off at
 
    77       mitigate such a threat, you order expensive metal
 
    80 %      a big event, say a football game. To mitigate such a
 
    78       detectors and hire a security team that will staff these
 
    81 %      threat, you order expensive metal detectors and hire a
 
    79       detectors at each game. Think whether people are really
 
    82 %      security team that will staff these detectors at each
 
    80       safer at a football game with metal detectors or not.
 
    83 %      game. Think whether people are really safer at a
 
    81       Hint: People certainly might *\emph{feel}* safer by
 
    84 %      football game with metal detectors or not. Hint: People
 
    82       going through metal detectors, but the question is
 
    85 %      certainly might *\emph{feel}* safer by going through
 
    83       whether they *\emph{are}* safer. Hint: Consider how
 
    86 %      metal detectors, but the question is whether they
 
    84       people arrive at such an event: within a relative short
 
    87 %      *\emph{are}* safer. Hint: Consider how people arrive at
 
    85       amount of time, thousands, if not more, spectators will
 
    88 %      such an event: within a relative short amount of time,
 
    86       arrive at your football game.
 
    89 %      thousands, if not more, spectators will arrive at your
 
       
    90 %      football game.
 
    87 
    91 
    88 %% CYA security - cover-your-ass
 
    92 %% CYA security - cover-your-ass
 
    89 % It's an attitude I've seen before: "Something must 
    93 % It's an attitude I've seen before: "Something must 
    90 % be done. This is something. Therefore, we must do it." 
    94 % be done. This is something. Therefore, we must do it." 
    91 % Never mind if the something makes any sense or not.
 
    95 % Never mind if the something makes any sense or not.
 
    92     
    96     
    93 \item And another one: Imagine you are researching security
 
    97 \item And another one: Imagine you are researching security
 
    94       products (e.g.~CCTV, alarms etc) on a 
    98       products (e.g.~CCTV, alarms etc) on a helpful website.
 
    95       helpful website. They ask you for you address details?
 
    99       They ask you for you address details? Think about
 
    96       Think about whether this can be bad for you.
 
   100       whether this can be bad for you.
 
    97 
   101 
    98 
   102 
    99 %\item Imagine there was recently a break in where computer criminals
 
   103 %\item Imagine there was recently a break in where computer criminals
 
   100 %  stole a large password database containing 
   104 %  stole a large password database containing 
   101 
   105 
   105 \item What is the difference between a brute force attack and a 
   109 \item What is the difference between a brute force attack and a 
   106   dictionary attack on passwords? 
   110   dictionary attack on passwords? 
   107   
   111   
   108 \item Even good passwords consisting of 8 characters, can be 
   112 \item Even good passwords consisting of 8 characters, can be 
   109   broken in around 50 days (obviously this time varies a lot and
 
   113   broken in around 50 days (obviously this time varies a lot and
 
   110   also gets shorterand shorter). Do you think it is good 
   114   also gets shorter and shorter). Do you think it is good 
   111   policy to require users to change their password every 3 
   115   policy to require users to change their password every 3 
   112   months (as King's did until recently)? Under which 
   116   months (as King's did until recently)? Under which 
   113   circumstance should users be required to change their 
   117   circumstance should users be required to change their 
   114   password?
 
   118   password?
 
   115 
   119
sen-material