| changeset 534 | 62985f147c85 |
| parent 527 | 968ff3fb17c6 |
| child 541 | 5cd1865d45bd |
| 533:98ae49ffc262 | 534:62985f147c85 |
|---|---|
32 |
32 |
33 \normalsize |
33 \normalsize |
34 \begin{center} |
34 \begin{center} |
35 \begin{tabular}{ll} |
35 \begin{tabular}{ll} |
36 Email: & christian.urban at kcl.ac.uk\\ |
36 Email: & christian.urban at kcl.ac.uk\\ |
37 Office: & S1.27 (1st floor Strand Building)\\ |
37 Office: & N7.07 (North Wing, Bush House)\\ |
38 Slides: & KEATS |
38 Slides: & KEATS |
39 \end{tabular} |
39 \end{tabular} |
40 \end{center} |
40 \end{center} |
41 \end{frame} |
41 \end{frame} |
42 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
42 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
386 |
386 |
387 \begin{textblock}{1}(11.5,13.7) |
387 \begin{textblock}{1}(11.5,13.7) |
388 \begin{tabular}{l} |
388 \begin{tabular}{l} |
389 \footnotesize on BBC Newsnight\\[-2mm] |
389 \footnotesize on BBC Newsnight\\[-2mm] |
390 \footnotesize in 2010 or |
390 \footnotesize in 2010 or |
391 \href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube} |
391 \href{https://www.youtube.com/watch?v=Ks0SOn8hjG8}{youtube} |
392 \end{tabular} |
392 \end{tabular} |
393 \end{textblock} |
393 \end{textblock} |
394 |
394 |
395 \end{frame} |
395 \end{frame} |
396 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
396 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
502 not liable for any damage, because the code is physically |
502 not liable for any damage, because the code is physically |
503 printed and could have been stolen while you paid with your |
503 printed and could have been stolen while you paid with your |
504 card at a store. Same applies if someone cloned your CC |
504 card at a store. Same applies if someone cloned your CC |
505 reading the magnetic stripe or sniffing RFID. Only losing your |
505 reading the magnetic stripe or sniffing RFID. Only losing your |
506 VBV or MCSC password can cause serious trouble.''\\ |
506 VBV or MCSC password can cause serious trouble.''\\ |
507 \hfill{}\url{www.goo.gl/UWluh0} |
507 \hfill{}\url{https://news.ycombinator.com/item?id=3960034} |
508 \end{bubble} |
508 \end{bubble} |
509 |
509 |
510 \end{frame} |
510 \end{frame} |
511 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
511 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
512 |
512 |
527 \footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp} |
527 \footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp} |
528 \end{itemize} |
528 \end{itemize} |
529 |
529 |
530 \end{frame} |
530 \end{frame} |
531 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
531 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
532 |
|
533 |
|
532 |
534 |
533 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
535 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
534 \begin{frame}[c] |
536 \begin{frame}[c] |
535 \frametitle{Web Applications} |
537 \frametitle{Web Applications} |
536 |
538 |
577 \frametitle{JavaScript + Node.js} |
579 \frametitle{JavaScript + Node.js} |
578 |
580 |
579 A simple response from the server: |
581 A simple response from the server: |
580 |
582 |
581 \small |
583 \small |
582 \lstinputlisting{../progs/ap0.js} |
584 \lstinputlisting[xleftmargin=0.5cm]{../progs/ap0.js} |
583 \medskip\pause |
585 \medskip\pause |
584 |
586 |
585 \small |
587 \small |
586 alternative response:\smallskip\\ |
588 an alternative response:\smallskip\\ |
587 |
589 |
588 |
590 |
589 \lstinline{response.write('<H1>Hello World</H1>');} |
591 \hspace{5mm}\lstinline{response.write('<H1>Hello World</H1>');} |
590 |
592 |
591 \end{frame} |
593 \end{frame} |
592 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
594 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
593 |
595 |
594 |
596 |
650 \end{itemize} |
652 \end{itemize} |
651 \end{textblock}} |
653 \end{textblock}} |
652 |
654 |
653 \only<5>{ |
655 \only<5>{ |
654 \begin{textblock}{11}(1,3) |
656 \begin{textblock}{11}(1,3) |
655 \begin{bubble}[10cm]\small |
657 \begin{bubble}[10.2cm]\small |
656 {\bf Cookie Law:}\smallskip\\ ``In May 2011, a |
658 {\bf Cookie Law:}\smallskip\\ ``In May 2011, a |
657 European Union law was passed stating that websites that leave |
659 European Union law was passed stating that websites that leave |
658 non-essential cookies on visitors' devices have to alert the visitor |
660 non-essential cookies on visitors' devices have to alert the visitor |
659 and get acceptance from them. This law applies to both individuals and |
661 and get acceptance from them. This law applies to both individuals and |
660 businesses based in the EU regardless of the nationality of their |
662 businesses based in the EU regardless of the nationality of their |
661 website's visitors or the location of their web host. It is not enough |
663 website's visitors or the location of their web host. It is not enough |
662 to simply update a website's terms and conditions or privacy |
664 to simply update a website's terms and conditions or privacy |
663 policy. The deadline to comply with the new EU cookie law was 26th May |
665 policy. The deadline to comply with the new EU cookie law was 26th May |
664 2012 and failure to do so could mean a fine of up to |
666 2012 and failure to do so could mean a fine of up to |
665 \pounds{500,000}.'' \hfill\small\textcolor{gray}{$\rightarrow$BBC |
667 \pounds{500,000}.''\\ \mbox{}\hfill\small\textcolor{gray}{$\rightarrow$BBC |
666 News}, \url{www.goo.gl/RI4qhh} |
668 News}, \url{http://www.goo.gl/RI4qhh} |
667 \end{bubble} |
669 \end{bubble} |
668 \end{textblock}} |
670 \end{textblock}} |
669 |
671 |
670 \end{frame} |
672 \end{frame} |
671 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
673 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
731 |
733 |
732 \begin{itemize} |
734 \begin{itemize} |
733 \item SHA-1 is a cryptographic hash function\\ |
735 \item SHA-1 is a cryptographic hash function\\ |
734 (MD5, SHA-256, SHA-512, \ldots) |
736 (MD5, SHA-256, SHA-512, \ldots) |
735 \item message $\rightarrow$ digest |
737 \item message $\rightarrow$ digest |
736 \item attacks exist: $2^{80} \rightarrow 2^{61}$ \bigskip\pause |
738 \item attacks exist: $2^{80} \rightarrow 2^{61}$ (should not be used |
739 anymore and browsers stopped accepting SHA-1 certificates)\bigskip\pause |
|
737 \item but dictionary attacks are much more effective for extracting passwords (later) |
740 \item but dictionary attacks are much more effective for extracting passwords (later) |
738 \end{itemize} |
741 \end{itemize} |
739 |
742 |
740 \end{frame} |
743 \end{frame} |
741 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
744 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
864 Ashley Madison containing 31 million passwords, many of them |
867 Ashley Madison containing 31 million passwords, many of them |
865 poorly hashed |
868 poorly hashed |
866 \end{itemize}\medskip |
869 \end{itemize}\medskip |
867 |
870 |
868 \small |
871 \small |
869 (web user maintains 25 separate accounts but uses just 6.5 passwords.) |
872 (users typically maintain 25 separate accounts but use just 6.5 passwords |
873 on average) |
|
870 |
874 |
871 \end{frame}} |
875 \end{frame}} |
872 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
876 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
873 |
877 |
874 %For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits. |
878 %For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits. |
935 \begin{frame}[c] |
939 \begin{frame}[c] |
936 \frametitle{This Course} |
940 \frametitle{This Course} |
937 |
941 |
938 \begin{itemize} |
942 \begin{itemize} |
939 \item electronic voting |
943 \item electronic voting |
940 \item break-ins (buffer overflows) |
944 \item buffer overflows |
941 \item access control\\ (role based, data security / data integrity) |
945 \item access control\\ (role based, data security / data integrity) |
942 \item protocols |
946 \item protocols |
943 \item zero-knowledge proofs |
|
944 \item privacy |
947 \item privacy |
945 \begin{quote} |
948 \begin{quote} |
946 Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
949 Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
947 \end{quote} |
950 \end{quote} |
948 \item trust, bitcoins |
951 \item trust, bitcoins |
949 \item static analysis |
|
950 \end{itemize} |
952 \end{itemize} |
951 |
953 |
952 \end{frame} |
954 \end{frame} |
953 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
955 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
954 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
956 |
955 \begin{frame}[c] |
957 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
956 \frametitle{Books + Homework} |
958 \begin{frame}[c] |
959 \frametitle{Books + Homework + Exam} |
|
957 |
960 |
958 \begin{itemize} |
961 \begin{itemize} |
959 \item There is no single book I am following, but |
962 \item There is no single book I am following, but |
960 |
963 |
961 \begin{center} |
964 \begin{center} |
971 |
974 |
972 \end{itemize} |
975 \end{itemize} |
973 |
976 |
974 \end{frame} |
977 \end{frame} |
975 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
978 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
979 |
|
980 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
981 \begin{frame}[c] |
|
982 \frametitle{There will be 1 Coursework} |
|
983 |
|
984 \begin{itemize} |
|
985 \item worth 10\% |
|
986 \item released on 23 October |
|
987 \item due on 1 December |
|
988 \end{itemize} |
|
989 |
|
990 \end{frame} |
|
991 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
992 |
|
993 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
994 \begin{frame}[c] |
|
995 \frametitle{Lecture Capture} |
|
996 |
|
997 \begin{itemize} |
|
998 \item Hope it works\ldots\medskip\pause |
|
999 \item It is important to use lecture capture wisely: |
|
1000 \begin{itemize} |
|
1001 \item Lecture recordings are a study and revision aid. |
|
1002 \item Statistically, there is a clear and direct link between attendance and |
|
1003 attainment: Students who do not attend lectures, do less well in exams. |
|
1004 \end{itemize} |
|
1005 |
|
1006 \item Attending a lecture is more than watching it online -- if you do not |
|
1007 attend, you miss out! |
|
1008 |
|
1009 \end{itemize} |
|
1010 |
|
1011 \end{frame} |
|
1012 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1013 |
|
976 |
1014 |
977 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1015 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
978 \begin{frame}[c] |
1016 \begin{frame}[c] |
979 \frametitle{Further Information} |
1017 \frametitle{Further Information} |
980 |
1018 |