23 \definecolor{javared}{rgb}{0.6,0,0} % for strings |
23 \definecolor{javared}{rgb}{0.6,0,0} % for strings |
24 \definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments |
24 \definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments |
25 \definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords |
25 \definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords |
26 \definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc |
26 \definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc |
27 |
27 |
|
28 \makeatletter |
|
29 \lst@CCPutMacro\lst@ProcessOther {"2D}{\lst@ttfamily{-{}}{-{}}} |
|
30 \@empty\z@\@empty |
|
31 \makeatother |
|
32 |
28 \lstset{language=Java, |
33 \lstset{language=Java, |
29 basicstyle=\ttfamily, |
34 basicstyle=\consolas, |
30 keywordstyle=\color{javapurple}\bfseries, |
35 keywordstyle=\color{javapurple}\bfseries, |
31 stringstyle=\color{javagreen}, |
36 stringstyle=\color{javagreen}, |
32 commentstyle=\color{javagreen}, |
37 commentstyle=\color{javagreen}, |
33 morecomment=[s][\color{javadocblue}]{/**}{*/}, |
38 morecomment=[s][\color{javadocblue}]{/**}{*/}, |
34 numbers=left, |
39 numbers=left, |
45 for,if,implicit,import,match,mixin,% |
50 for,if,implicit,import,match,mixin,% |
46 new,null,object,override,package,% |
51 new,null,object,override,package,% |
47 private,protected,requires,return,sealed,% |
52 private,protected,requires,return,sealed,% |
48 super,this,throw,trait,true,try,% |
53 super,this,throw,trait,true,try,% |
49 type,val,var,while,with,yield}, |
54 type,val,var,while,with,yield}, |
50 otherkeywords={=>,<-,<\%,<:,>:,\#,@}, |
55 otherkeywords={=>,<-,<\%,<:,>:,\#,@,->}, |
51 sensitive=true, |
56 sensitive=true, |
52 morecomment=[l]{//}, |
57 morecomment=[l]{//}, |
53 morecomment=[n]{/*}{*/}, |
58 morecomment=[n]{/*}{*/}, |
54 morestring=[b]", |
59 morestring=[b]", |
55 morestring=[b]', |
60 morestring=[b]', |
56 morestring=[b]""" |
61 morestring=[b]""" |
57 } |
62 } |
58 |
63 |
59 \lstset{language=Scala, |
64 \lstset{language=Scala, |
60 basicstyle=\ttfamily, |
65 basicstyle=\consolas, |
61 keywordstyle=\color{javapurple}\bfseries, |
66 keywordstyle=\color{javapurple}\bfseries, |
62 stringstyle=\color{javagreen}, |
67 stringstyle=\color{javagreen}, |
63 commentstyle=\color{javagreen}, |
68 commentstyle=\color{javagreen}, |
64 morecomment=[s][\color{javadocblue}]{/**}{*/}, |
69 morecomment=[s][\color{javadocblue}]{/**}{*/}, |
65 numbers=left, |
70 numbers=left, |
81 \begin{frame}<1>[t] |
87 \begin{frame}<1>[t] |
82 \frametitle{% |
88 \frametitle{% |
83 \begin{tabular}{@ {}c@ {}} |
89 \begin{tabular}{@ {}c@ {}} |
84 \\ |
90 \\ |
85 \LARGE Access Control and \\[-3mm] |
91 \LARGE Access Control and \\[-3mm] |
86 \LARGE Privacy Policies (2)\\[-6mm] |
92 \LARGE Privacy Policies (3)\\[-6mm] |
87 \end{tabular}}\bigskip\bigskip\bigskip |
93 \end{tabular}}\bigskip\bigskip\bigskip |
88 |
94 |
89 %\begin{center} |
95 %\begin{center} |
90 %\includegraphics[scale=1.3]{pics/barrier.jpg} |
96 %\includegraphics[scale=1.3]{pics/barrier.jpg} |
91 %\end{center} |
97 %\end{center} |
92 |
98 |
93 \normalsize |
99 \normalsize |
94 \begin{center} |
100 \begin{center} |
95 \begin{tabular}{ll} |
101 \begin{tabular}{ll} |
96 Email: & christian.urban at kcl.ac.uk\\ |
102 Email: & christian.urban at kcl.ac.uk\\ |
97 Of$\!$fice: & S1.27 (1st floor Strand Building)\\ |
103 Office: & S1.27 (1st floor Strand Building)\\ |
98 Slides: & KEATS (also home work is there) |
104 Slides: & KEATS (also home work is there) |
99 \end{tabular} |
105 \end{tabular} |
100 \end{center} |
106 \end{center} |
101 |
107 |
102 |
108 |
103 \end{frame}} |
109 \end{frame}} |
104 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
110 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
105 |
111 |
106 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
107 \mode<presentation>{ |
|
108 \begin{frame}[c] |
|
109 \frametitle{\begin{tabular}{c}Homework\end{tabular}} |
|
110 |
|
111 |
|
112 \ldots{} I have a question about the homework.\\[3mm] |
|
113 Is it required to submit the homework before\\ |
|
114 the next lecture?\\[5mm] |
|
115 |
|
116 Thank you!\\ |
|
117 Anonymous |
|
118 |
|
119 \end{frame}} |
|
120 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
121 |
112 |
122 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
113 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
123 \mode<presentation>{ |
114 \mode<presentation>{ |
124 \begin{frame}[c] |
115 \begin{frame}[c] |
125 |
116 |
126 \begin{center} |
117 \begin{center} |
127 \begin{tabular}[t]{c} |
118 \begin{tabular}[t]{c} |
128 \includegraphics[scale=1.2]{pics/barrier.jpg}\\ |
119 \includegraphics[scale=1.2]{pics/barrier.jpg}\\ |
129 future lectures |
120 first lecture |
130 \end{tabular}\;\;\; |
121 \end{tabular}\;\;\; |
131 \onslide<2>{ |
122 \onslide<2>{ |
132 \begin{tabular}[t]{c} |
123 \begin{tabular}[t]{c} |
133 \includegraphics[scale=0.32]{pics/trainwreck.jpg}\\ |
124 \includegraphics[scale=0.32]{pics/trainwreck.jpg}\\ |
134 today |
125 today |
142 |
133 |
143 |
134 |
144 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
135 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
145 \mode<presentation>{ |
136 \mode<presentation>{ |
146 \begin{frame}[c] |
137 \begin{frame}[c] |
147 \frametitle{\begin{tabular}{@ {}c@ {}}SmartWater\end{tabular}} |
|
148 |
|
149 \begin{textblock}{1}(1,3) |
|
150 \begin{tabular}{c} |
|
151 \includegraphics[scale=0.15]{pics/SmartWater} |
|
152 \end{tabular} |
|
153 \end{textblock} |
|
154 |
|
155 |
|
156 \begin{textblock}{8.5}(7,3) |
|
157 \begin{itemize} |
|
158 \item seems helpful for preventing cable theft\medskip |
|
159 \item wouldn't be helpful to make your property safe, because of possible abuse\medskip |
|
160 |
|
161 \item security is always a tradeoff |
|
162 \end{itemize} |
|
163 \end{textblock} |
|
164 |
|
165 \end{frame}} |
|
166 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
167 |
|
168 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
169 \mode<presentation>{ |
|
170 \begin{frame}[c] |
|
171 \frametitle{\begin{tabular}{@ {}c@ {}}Plain-text Passwords at IEEE\end{tabular}} |
|
172 |
|
173 \small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:} |
|
174 |
|
175 |
|
176 \begin{itemize} |
|
177 \item IEEE is a standards organisation (not-for-profit) |
|
178 \item many standards in CS are by IEEE\medskip |
|
179 \item 100k plain-text passwords were recorded in logs |
|
180 \item the logs were openly accessible on their FTP server |
|
181 \end{itemize}\bigskip |
|
182 |
|
183 \begin{flushright}\small |
|
184 \textcolor{gray}{\url{http://ieeelog.com}} |
|
185 \end{flushright} |
|
186 |
|
187 \only<2>{ |
|
188 \begin{textblock}{11}(3,2) |
|
189 \begin{tikzpicture} |
|
190 \draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm] |
|
191 {\normalsize\color{darkgray} |
|
192 \begin{minipage}{7.5cm}\raggedright\small |
|
193 \includegraphics[scale=0.6]{pics/IEEElog.jpg} |
|
194 \end{minipage}}; |
|
195 \end{tikzpicture} |
|
196 \end{textblock}} |
|
197 |
|
198 \end{frame}} |
|
199 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
200 |
|
201 |
|
202 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
203 \mode<presentation>{ |
|
204 \begin{frame}[c] |
|
205 \frametitle{\begin{tabular}{@ {}c@ {}}Virgin Mobile (USA)\end{tabular}} |
|
206 |
|
207 \begin{flushright}\small |
|
208 \textcolor{gray}{\url{http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/}} |
|
209 \end{flushright} |
|
210 |
|
211 \begin{itemize} |
|
212 \item for online accounts passwords must be 6 digits |
|
213 \item you must cycle through 1M combinations (online)\pause\bigskip |
|
214 |
|
215 \item he limited the attack on his own account to 1 guess per second, \alert{\bf and} |
|
216 \item wrote a script that cleared the cookie set after each guess\pause |
|
217 \item has been fixed now |
|
218 \end{itemize} |
|
219 |
|
220 |
|
221 |
|
222 \end{frame}} |
|
223 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
224 |
|
225 |
|
226 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
227 \mode<presentation>{ |
|
228 \begin{frame}[c] |
|
229 \frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}} |
138 \frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}} |
230 |
139 |
231 \begin{itemize} |
140 \begin{itemize} |
232 \item ``smashing the stack attacks'' or ``buffer overflow attacks'' |
141 \item ``smashing the stack attacks'' or\\ ``buffer overflow attacks''\medskip |
233 \item one of the most popular attacks;\\ attack of the (last) decade\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows) |
142 \item one of the most popular attacks\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows) |
234 \begin{flushright}\small |
143 \begin{flushright}\small |
235 \textcolor{gray}{\url{http://www.kb.cert.org/vuls}} |
144 \textcolor{gray}{\url{http://www.kb.cert.org/vuls}} |
236 \end{flushright} |
145 \end{flushright} |
237 \medskip |
146 \medskip |
238 \item made popular in an article by Elias Levy\\ (also known as Aleph One):\\ |
147 \item made popular in an article by Elias Levy\\ (also known as Aleph One):\\ |
239 \begin{center} |
148 \begin{center} |
240 {\bf ``Smashing The Stack For Fun and Profit''} |
149 {\bf ``Smashing The Stack For Fun and Profit''} |
241 \end{center}\medskip |
150 \end{center}\medskip |
242 |
151 |
243 \begin{flushright} |
152 \begin{flushright} |
244 \small\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14} |
153 \small\textcolor{gray}{Issue 49, Article 14} |
245 \end{flushright} |
154 \end{flushright} |
246 |
155 |
247 \end{itemize} |
156 \end{itemize} |
248 |
157 |
249 |
158 |