586 \end{frame}} |
586 \end{frame}} |
587 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
587 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
588 |
588 |
589 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
589 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
590 \mode<presentation>{ |
590 \mode<presentation>{ |
|
591 \begin{frame}[t] |
|
592 \begin{itemize} |
|
593 \item While cookies are per web-page, this can be easily circumvented. |
|
594 \end{itemize} |
|
595 |
|
596 \begin{textblock}{1}(1.5,4.5) |
|
597 \begin{tabular}{c} |
|
598 \includegraphics[scale=0.07]{pics/servers.png}\\[-2mm] |
|
599 \small Pet Store\\[-2mm] |
|
600 \small Dot.com\\[-2mm] |
|
601 \end{tabular} |
|
602 \end{textblock} |
|
603 |
|
604 \begin{textblock}{1}(1.5,8) |
|
605 \begin{tabular}{c} |
|
606 \includegraphics[scale=0.07]{pics/servers.png}\\[-2mm] |
|
607 \small Dating.com |
|
608 \end{tabular} |
|
609 \end{textblock} |
|
610 |
|
611 \begin{textblock}{1}(10.5,7.5) |
|
612 \begin{tabular}{c} |
|
613 \includegraphics[scale=0.07]{pics/servers.png}\\[-2mm] |
|
614 \small Evil-Ad-No\\[-2mm] |
|
615 \small Privacy.com |
|
616 \end{tabular} |
|
617 \end{textblock} |
|
618 |
|
619 \begin{textblock}{1}(6,10.5) |
|
620 \begin{tabular}{c} |
|
621 \includegraphics[scale=0.16]{pics/rman.png}\\[-1mm] |
|
622 \small you |
|
623 \end{tabular} |
|
624 \end{textblock} |
|
625 |
|
626 \begin{textblock}{1}(4,5) |
|
627 \begin{tikzpicture}[scale=1] |
|
628 \draw[white] (0,0.5) node (X) {}; |
|
629 \draw[white] (5.7,-1) node (Y) {}; |
|
630 \draw[red, ->, line width = 0.5mm] (X) -- (Y); |
|
631 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
632 \end{tikzpicture} |
|
633 \end{textblock} |
|
634 |
|
635 \begin{textblock}{1}(4,7.9) |
|
636 \begin{tikzpicture}[scale=1] |
|
637 \draw[white] (0,0) node (X) {}; |
|
638 \draw[white] (5.7,0) node (Y) {}; |
|
639 \draw[red, ->, line width = 0.5mm] (X) -- (Y); |
|
640 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
641 \end{tikzpicture} |
|
642 \end{textblock} |
|
643 |
|
644 \begin{textblock}{1}(3.3,9.3) |
|
645 \begin{tikzpicture}[scale=1.2] |
|
646 \draw[white] (0,0) node (X) {}; |
|
647 \draw[white] (1.5,-1) node (Y) {}; |
|
648 \draw[red, <->, line width = 2mm] (X) -- (Y); |
|
649 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
650 \draw[white] (0.9,0.3) node (X1) {}; |
|
651 \draw[white] (1.9,-1) node (Y1) {}; |
|
652 \draw[red, <->, line width = 2mm] (X1) -- (Y1); |
|
653 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X1)!.5!(Y1) $) {}; |
|
654 \end{tikzpicture} |
|
655 \end{textblock} |
|
656 |
|
657 \begin{textblock}{1}(8.6,10.1) |
|
658 \begin{tikzpicture}[scale=0.9] |
|
659 \draw[white] (0,0) node (X) {}; |
|
660 \draw[white] (-2,-1) node (Y) {}; |
|
661 \draw[red, <->, line width = 0.5mm] (X) -- (Y); |
|
662 \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {}; |
|
663 \end{tikzpicture} |
|
664 \end{textblock} |
|
665 |
|
666 |
|
667 |
|
668 \end{frame}} |
|
669 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
670 |
|
671 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
672 \mode<presentation>{ |
591 \begin{frame}[c] |
673 \begin{frame}[c] |
592 \frametitle{\begin{tabular}{c}My First Webapp\end{tabular}} |
674 \frametitle{\begin{tabular}{c}My First Webapp\end{tabular}} |
593 |
675 |
594 {\bf GET request:}\smallskip |
676 {\bf GET request:}\smallskip |
595 \begin{enumerate} |
677 \begin{enumerate} |
697 |
780 |
698 \end{frame}} |
781 \end{frame}} |
699 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
782 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
700 |
783 |
701 |
784 |
702 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
785 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
703 \mode<presentation>{ |
786 \mode<presentation>{ |
704 \begin{frame}[c] |
787 \begin{frame}[c] |
705 \frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}} |
788 \frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}} |
706 |
789 |
707 \begin{itemize} |
790 \begin{itemize} |
708 \item passwords are {\bf not} stored in clear text |
791 \item passwords are \alert{\bf not} stored in clear text |
709 \end{itemize} |
792 \item instead \texttt{/etc/shadow} contains |
|
793 \end{itemize} |
|
794 |
|
795 {\small |
|
796 \texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info} |
|
797 } |
|
798 |
|
799 \begin{itemize} |
|
800 \item \texttt{\$} is separator |
|
801 \item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6}) |
|
802 \item \texttt{QIGCa} is salt |
|
803 \item \texttt{ruJs8AvmrknzKTzM2TYE} $\rightarrow$ password + salt |
|
804 \end{itemize} |
|
805 |
|
806 \textcolor{gray}{\small |
|
807 (\texttt{openssl passwd -1 -salt QIGCa pippo}) |
|
808 } |
710 % Unix password |
809 % Unix password |
711 % http://ubuntuforums.org/showthread.php?p=5318038 |
810 % http://ubuntuforums.org/showthread.php?p=5318038 |
712 |
811 |
713 \end{frame}} |
812 \end{frame}} |
714 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
813 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
715 |
814 |
716 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
815 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
717 \mode<presentation>{ |
816 \mode<presentation>{ |
718 \begin{frame}[c] |
817 \begin{frame}[c] |
719 \frametitle{\begin{tabular}{c}Password Blunders\end{tabular}} |
818 \frametitle{\begin{tabular}{c}Password Blunders\end{tabular}} |
720 |
819 |
721 in late 2009, when an SQL injection attack against online games |
820 |
722 service RockYou.com exposed 32 million plaintext passwords |
821 \begin{itemize} |
723 |
822 \item in late 2009, when an SQL injection attack against online games |
724 1.3 million Gawker credentials exposed in December 2010 contained MD5 hashes |
823 service RockYou.com exposed 32 million \alert{plaintext} passwords |
|
824 |
|
825 \item 1.3 million Gawker credentials exposed in December 2010 containing |
|
826 unsalted(?) \alert{MD5} hashes |
|
827 |
|
828 \item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked |
725 % linkedIn password |
829 % linkedIn password |
726 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
830 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
727 |
831 \end{itemize}\medskip |
728 |
832 |
729 |
833 \small |
730 Web user maintains 25 separate accounts but uses just 6.5 passwords |
834 Web user maintains 25 separate accounts but uses just 6.5 passwords |
731 |
835 |
732 \end{frame}} |
836 \end{frame}} |
733 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
837 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
734 |
838 |
735 %For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits. |
839 %For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits. |
736 |
840 |
737 |
841 |
738 % rainbow tables |
842 % rainbow tables |
739 % http://en.wikipedia.org/wiki/Rainbow_table |
843 % http://en.wikipedia.org/wiki/Rainbow_table |
740 |
844 |
741 |
845 |
742 |
846 |
743 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
847 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
744 \mode<presentation>{ |
848 \mode<presentation>{ |
745 \begin{frame}[c] |
849 \begin{frame}[c] |
746 \frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}} |
850 \frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}} |
747 |
851 |
748 \begin{itemize} |
852 \begin{itemize} |
777 \end{textblock}} |
881 \end{textblock}} |
778 |
882 |
779 |
883 |
780 |
884 |
781 \end{frame}} |
885 \end{frame}} |
782 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
886 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
783 |
887 |
784 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
888 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
785 \mode<presentation>{ |
889 \mode<presentation>{ |
786 \begin{frame}[c] |
890 \begin{frame}[c] |
787 \frametitle{\begin{tabular}{c}Passwords\end{tabular}} |
891 \frametitle{\begin{tabular}{c}Passwords\end{tabular}} |
788 |
892 |
789 \begin{itemize} |
893 How to recover from a breakin?\pause\medskip |
790 \item How do recover from a breakin? |
894 |
791 \end{itemize} |
895 \begin{itemize} |
792 |
896 \item Do not send passwords in plain text. |
793 \end{frame}} |
897 \item Security questions are tricky to get right. |
794 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
898 \item QQ (Chinese Skype) authenticates you via contacts. |
795 |
899 \end{itemize} |
796 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
900 |
|
901 \end{frame}} |
|
902 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
903 |
|
904 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
797 \mode<presentation>{ |
905 \mode<presentation>{ |
798 \begin{frame}[c] |
906 \begin{frame}[c] |
799 \frametitle{\begin{tabular}{c}This Course\end{tabular}} |
907 \frametitle{\begin{tabular}{c}This Course\end{tabular}} |
800 |
908 |
801 \begin{itemize} |
909 \begin{itemize} |
802 \item breakins (buffer overflows) |
910 \item break-ins (buffer overflows) |
803 \item access control (role based, data security / data integrity) |
911 \item access control\\ (role based, data security / data integrity) |
804 \item protocols |
912 \item protocols\\ |
|
913 (specification) |
805 \item access control logic |
914 \item access control logic |
806 \item privacy |
915 \item privacy |
807 \begin{quote} |
916 \begin{quote} |
808 Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
917 Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
809 \end{quote} |
918 \end{quote} |
810 \end{itemize} |
919 \end{itemize} |
811 |
920 |
812 \end{frame}} |
921 \end{frame}} |
813 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
922 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
814 |
923 |
815 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
924 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
816 \mode<presentation>{ |
925 \mode<presentation>{ |
817 \begin{frame}[c] |
926 \begin{frame}[c] |
818 \frametitle{\begin{tabular}{c}Homework\end{tabular}} |
927 \frametitle{\begin{tabular}{c}Books + Homework\end{tabular}} |
819 |
928 |
820 |
929 \begin{itemize} |
821 \end{frame}} |
930 \item there is no single book I am following |
822 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
931 \begin{center} |
823 |
932 \includegraphics[scale=0.012]{pics/andersonbook1.jpg} |
|
933 \includegraphics[scale=0.23]{pics/accesscontrolbook.jpg} |
|
934 \end{center}\medskip\pause |
|
935 |
|
936 \item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\ |
|
937 |
|
938 Whatever is in the homework sheets (and is not marked optional) is relevant for the |
|
939 exam. |
|
940 \end{itemize} |
|
941 |
|
942 \end{frame}} |
|
943 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
944 |
|
945 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
946 \mode<presentation>{ |
|
947 \begin{frame}[c] |
|
948 \frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}} |
|
949 |
|
950 \begin{itemize} |
|
951 \item Never store passwords in plain text.\medskip |
|
952 \item Always salt your hashes!\medskip |
|
953 \item Use an existing algorithm; do not write your own! |
|
954 \end{itemize} |
|
955 |
|
956 \end{frame}} |
|
957 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
824 |
958 |
825 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
959 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
826 \mode<presentation>{ |
960 \mode<presentation>{ |
827 \begin{frame}[c] |
961 \begin{frame}[c] |
828 \frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}} |
962 \frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}} |
829 |
963 |
830 \begin{itemize} |
964 \begin{itemize} |
831 \item What are we trying to protect? |
965 \item What are you trying to protect? |
832 \item What properties are we trying to enforce?\medskip |
966 \item What properties are you trying to enforce?\medskip |
833 |
967 |
834 \item Who are the attackers? Capabilities? Motivations? |
968 \item Who are the attackers? Capabilities? Motivations? |
835 \item What kind of attack are we trying to protect? |
969 \item What kind of attack are we trying to protect? |
836 \item Who can fix any vulnerabilities?\medskip |
970 \item Who can fix any vulnerabilities?\medskip |
837 |
971 |
838 \item What are the weaknesses of the system? |
972 \item What are the weaknesses of the system? |
839 \item What will successful attacks cost us? |
973 \item What will successful attacks cost us? |
840 \item How likely are the attacks?\medskip |
974 \item How likely are the attacks? |
841 |
975 \end{itemize} |
842 \item Security almost always is {\bf not} free! |
976 |
843 \end{itemize} |
977 \small |
|
978 \textcolor{gray}{Security almost always is {\bf not} free!} |
844 |
979 |
845 \end{frame}} |
980 \end{frame}} |
846 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
981 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
847 |
982 |
848 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
983 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |