sen-material: comparison slides/slides04.tex

equal deleted inserted replaced

-:dd94cbf9eba7
+:9fc6ec22ad82
 \small
 \begin{itemize}
 \item ``Would be good, if you provide more detailed explanations. I feel
 your slides are not as structured as they could be.''
-\item Please consider reference book chapters to cover core subject
+\item ``Please consider reference book chapters to cover core subject
 areas.''\pause
 \item ``The homework questions don't come directly from the
 slides. So must go look things up.''
 \item ``Could you please put the homework answers online, perhaps
 just before the exam. That's late enough where we should have done
 If you tell your browser to identify itself as Joel's backdoor, instead of (say)
 as Mozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.\medskip
 "What is this string," I hear you ask?
-You will laugh: it is
+You will laugh: it is\pause
 \begin{center}\large
 \pcode{xmlset_roodkcableoj28840ybtide}
 \end{center}
 \end{quote}\bigskip\bigskip
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[fragile]
-CVE-2014-0476 chkrootkit vulnerability 4 Jun'14\medskip
+CVE-2014-0476 \pcode{chkrootkit} vulnerability 4 Jun'14\medskip
 \begin{quote}\rm\small
 Hi,
 we just found a serious vulnerability in the chkrootkit package, which
 may allow local attackers to gain root access to a box in certain
 configurations (\pcode{/tmp} not mounted noexec). Steps to reproduce:
 \begin{itemize}
-\item Put an executable file named \pcode{update} with non-root owner in /tmp (not
+\item Put an executable file named \pcode{update} with non-root owner in
-mounted noexec, obviously)
+\pcode{/tmp} (not mounted noexec, obviously)
 \item Run chkrootkit (as uid \pcode{0})
 \end{itemize}
 Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
 rooting your box, if malicious content is placed inside the file.
 If an attacker knows you are periodically running chkrootkit (like in
-cron.daily) and has write access to \pcode{/tmp} (not mounted noexec), he may
+\pcode{cron.daily}) and has write access to \pcode{/tmp} (not mounted noexec), he may
 easily take advantage of this.
 \end{quote}
 \mbox{}\\[-10mm]
 \hfill\footnotesize\url{http://seclists.org/oss-sec/2014/q2/430}
 \mode<presentation>{
 \begin{frame}[c]
 \begin{center}
 \begin{tabular}{ll}
-\bl{$A \rightarrow B$:} & \bl{$N_a$}\\
+\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
-\bl{$B \rightarrow A$:} & \bl{$\{N_a, N_b\}_{K_{ab}}$}\\
+\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{ab}}$}\\
-\bl{$A \rightarrow B$:} & \bl{$N_b$}\\
+\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
 \end{tabular}
 \end{center}
 The attack (let $A$ decrypt her own messages):
 \begin{center}
 \begin{tabular}{ll}
-\bl{$A \rightarrow E$:} & \bl{$N_a$}\\
+\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
-\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_a$}\\
+\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
-\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_a, N_a\}_{K_{ab}}$}\\
+\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
-\bl{$E \rightarrow A$:} & \bl{$\{N_a, N_a\}_{K_{ab}}$}\\
+\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
-\bl{$A \rightarrow E$:} & \bl{$N_a \;\;(= N_b)$}\\
+\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
 \end{tabular}
 \end{center}\pause
-\small Solutions: \bl{$K_{ab} \not= K_{ba}$} or include an id in the second message
+\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{

changeset 244	9fc6ec22ad82
parent 243	dd94cbf9eba7
child 252	fa151c0a3cf4