equal
deleted
inserted
replaced
6 |
6 |
7 |
7 |
8 \begin{document} |
8 \begin{document} |
9 \fnote{\copyright{} Christian Urban, |
9 \fnote{\copyright{} Christian Urban, |
10 King's College London, 2014, 2015, 2016} |
10 King's College London, 2014, 2015, 2016} |
|
11 |
|
12 % passwords at dropbox |
|
13 %%https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/ |
|
14 |
11 |
15 |
12 %Ross anderson |
16 %Ross anderson |
13 %https://youtu.be/FY2YKxBxOkg |
17 %https://youtu.be/FY2YKxBxOkg |
14 %http://www.scmagazineuk.com/amazon-launches-open-source-tls-implementation-s2n/article/424360/ |
18 %http://www.scmagazineuk.com/amazon-launches-open-source-tls-implementation-s2n/article/424360/ |
15 |
19 |
27 % https://nakedsecurity.sophos.com/2017/01/10/stolen-details-of-3-3m-hello-kitty-fans-including-kids-published-online/ |
31 % https://nakedsecurity.sophos.com/2017/01/10/stolen-details-of-3-3m-hello-kitty-fans-including-kids-published-online/ |
28 % |
32 % |
29 |
33 |
30 % IoT |
34 % IoT |
31 % https://nakedsecurity.sophos.com/2015/10/26/the-internet-of-things-stop-the-things-i-want-to-get-off/ |
35 % https://nakedsecurity.sophos.com/2015/10/26/the-internet-of-things-stop-the-things-i-want-to-get-off/ |
|
36 |
|
37 % cloning creditc cards and passports |
|
38 %https://www.youtube.com/watch?v=-4_on9zj-zs |
|
39 |
32 |
40 |
33 \section*{Handout 1 (Security Engineering)} |
41 \section*{Handout 1 (Security Engineering)} |
34 |
42 |
35 |
43 |
36 Much of the material and inspiration in this module is taken |
44 Much of the material and inspiration in this module is taken |
111 mechanism (the amount of reliance we can put on the mechanism) |
119 mechanism (the amount of reliance we can put on the mechanism) |
112 and finally the incentives (the motive that the people |
120 and finally the incentives (the motive that the people |
113 guarding and maintaining the system have to do their job |
121 guarding and maintaining the system have to do their job |
114 properly, and also the motive that the attackers have to try |
122 properly, and also the motive that the attackers have to try |
115 to defeat your policy). The last point is often overlooked, |
123 to defeat your policy). The last point is often overlooked, |
116 but plays an important role. To illustrate this lets look at |
124 but plays an important role. To illustrate this let's look at |
117 an example. |
125 an example. |
118 |
126 |
119 \subsubsection*{Chip-and-PIN is Surely More Secure, No?} |
127 \subsubsection*{Chip-and-PIN is Surely More Secure, No?} |
120 |
128 |
121 The questions is whether the Chip-and-PIN system used with |
129 The questions is whether the Chip-and-PIN system used with |
220 If you want to watch an entertaining talk about attacking |
228 If you want to watch an entertaining talk about attacking |
221 Chip-and-PIN cards, then this talk from the 2014 Chaos |
229 Chip-and-PIN cards, then this talk from the 2014 Chaos |
222 Computer Club conference is for you: |
230 Computer Club conference is for you: |
223 |
231 |
224 \begin{center} |
232 \begin{center} |
225 \url{https://www.youtube.com/watch?v=XeZbVZQsKO8} |
233 \url{https://goo.gl/zuwVHb} |
226 \end{center} |
234 \end{center} |
227 |
235 |
228 \noindent They claim that they are able to clone Chip-and-PINs |
236 \noindent They claim that they are able to clone Chip-and-PINs |
229 cards such that they get all data that was on the Magstripe, |
237 cards such that they get all data that was on the Magstripe, |
230 except for three digits (the CVV number). Remember, |
238 except for three digits (the CVV number). Remember, |