--- a/slides/slides01.tex	Thu Sep 10 09:45:10 2015 +0100
+++ b/slides/slides01.tex	Sun Sep 20 22:09:58 2015 +0100
@@ -9,7 +9,7 @@
 \hfuzz=220pt 
 
 % beamer stuff 
-\renewcommand{\slidecaption}{APP 01, King's College London}
+\renewcommand{\slidecaption}{SEN 01, King's College London}
 
 \lstset{language=JavaScript,
         style=mystyle,
@@ -23,12 +23,11 @@
 \begin{frame}
 \frametitle{%
   \begin{tabular}{@ {}c@ {}}
-  \LARGE Access Control and \\[-3mm] 
-  \LARGE Privacy Policies (1)\\[-6mm] 
+  \LARGE Security Engineering (1)\\[-3mm] 
   \end{tabular}}
 
   \begin{center}
-  \includegraphics[scale=1.3]{../pics/barrier.jpg}
+  \includegraphics[scale=0.3]{../pics/barrier.jpg}
   \end{center}
 
   \normalsize
@@ -46,90 +45,12 @@
 \begin{frame}
 
 \begin{center}
-\includegraphics[scale=2.1]{../pics/barrier.jpg}
-\end{center}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}
-
-\begin{center}
-\begin{tikzpicture}[scale=1.3]
-  %\draw[very thick, scale=1] (0, 0) grid (6, -4);
-  \draw (0,0) node (X) {\includegraphics[scale=0.1]{../pics/rman.png}};
-  \draw (6,0) node (Y) {\includegraphics[scale=0.1]{../pics/gman.png}};
-  \node[below] at (X.south) {Alice};
-  \node[below] at (Y.south) {Bob};
-  
-  \draw[red,<->,line width = 3mm] (X) -- (Y);
-  \node [inner sep=5pt,label=above:{\begin{tabular}{c}
-                                    secure/private\\
-                                    communication
-                                    \end{tabular}}] 
-  at ($ (X)!.5!(Y) $) {};
-
-  \draw (1.0,-1.5) node {\includegraphics[scale=0.05]{../pics/nsa.png}};
-  \draw (2.4,-1.5) node {\includegraphics[scale=0.3]{../pics/gchq.jpg}};
-  \draw (1.7,-2.3) node {\huge\ldots};
-  \draw (4.2,-1.5) node {\includegraphics[scale=0.05]{../pics/apple.png}};
-  \draw (5.4,-1.7) node {\includegraphics[scale=0.15]{../pics/google.png}};
-  \draw (5.0,-2.3) node {\huge\ldots};
-\end{tikzpicture}
-\end{center}
-
-\begin{center}
-\includegraphics[scale=0.1]{../pics/snowden.jpg}
+\includegraphics[scale=0.5]{../pics/barrier.jpg}
 \end{center}
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}
-
-\begin{center}
-\includegraphics[scale=0.45]{../pics/lavabit-email.jpg}
-\end{center}
-\small{}\mbox{}\hfill{}
-Lavabit email service closed down on 8 August 2013. \\
-\mbox{}\hfill{}\url{www.goo.gl/bgSrVp}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}
-\frametitle{Also Bad Guys}
-
-\begin{textblock}{1}(4,2.5)
-  \begin{tikzpicture}[scale=1.3]
-  \draw (0,0) node (X) {\includegraphics[scale=0.1]{../pics/rman.png}};
-  \draw (4,0) node (Y) {\includegraphics[scale=0.1]{../pics/gman.png}};
-  \draw[red, <->, line width = 2mm] (X) -- (Y);
-  \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(1,5)
-\begin{bubble}[11cm]
-\small
-Anonymous Hacker operating a 10k bonnet using the ZeuS
-hacking tool wrote:\medskip\\ ``FYI I do not cash out the bank
-accounts or credit cards, I just sell the information (I know,
-its just as bad...), there isn't even a law against
-such in most countries, dealing with stolen information is
-most of the time a legally greyzone (I was just as surprised
-when I looked it up), I'm not talking about 3rd world
-countries, but about European like Spain (The Mariposa botnet
-owner never got charged, because a botnet isn't illegal, only
-abusing CC information is, but that did other guys).''
-\hfill{}\url{www.goo.gl/UWluh0}
-\end{bubble}
-\end{textblock}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}
@@ -140,7 +61,7 @@
 \end{center}
 
 \centering
-\begin{bubble}[9cm]
+\begin{bubble}[10cm]
 \small
 There is some consensus that the NSA can probably not
 brute-force magically better than the ``public''. 
@@ -748,84 +669,6 @@
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[t]
-\begin{itemize}
-\item While cookies are per web-page, this can be easily circumvented.
-\end{itemize}
-
-\begin{textblock}{1}(1.5,4.5)
-\begin{tabular}{c}
-\includegraphics[scale=0.07]{../pics/servers.png}\\[-2mm]
-\small Pet Store\\[-2mm] 
-\small Dot.com\\[-2mm] 
-\end{tabular}
-\end{textblock}
-  
-\begin{textblock}{1}(1.5,8)
-\begin{tabular}{c}
-\includegraphics[scale=0.07]{../pics/servers.png}\\[-2mm]
-\small Dating.com
-\end{tabular}
-\end{textblock}  
-
-\begin{textblock}{1}(10.5,7.5)
-\begin{tabular}{c}
-\includegraphics[scale=0.07]{../pics/servers.png}\\[-2mm]
-\small Evil-Ad-No\\[-2mm]
-\small Privacy.com
-\end{tabular}
-\end{textblock}  
-
-\begin{textblock}{1}(6,10.5)
-\begin{tabular}{c}
-\includegraphics[scale=0.16]{../pics/rman.png}\\[-1mm]
-\small you
-\end{tabular}
-\end{textblock}  
-
-\begin{textblock}{1}(4,5)
-  \begin{tikzpicture}[scale=1]
-  \draw[white] (0,0.5) node (X) {};
-  \draw[white] (5.7,-1) node (Y) {};
-  \draw[red, ->, line width = 0.5mm] (X) -- (Y);
-  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-  \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(4,7.9)
-  \begin{tikzpicture}[scale=1]
-  \draw[white] (0,0) node (X) {};
-  \draw[white] (5.7,0) node (Y) {};
-  \draw[red, ->, line width = 0.5mm] (X) -- (Y);
-  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-  \end{tikzpicture}
-\end{textblock}
-
-\begin{textblock}{1}(3.3,9.3)
-  \begin{tikzpicture}[scale=1.2]
-  \draw[white] (0,0) node (X) {};
-  \draw[white] (1.5,-1) node (Y) {};
-  \draw[red, <->, line width = 2mm] (X) -- (Y);
-  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-  \draw[white] (0.9,0.3) node (X1) {};
-  \draw[white] (1.9,-1) node (Y1) {};
-  \draw[red, <->, line width = 2mm] (X1) -- (Y1);
-  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X1)!.5!(Y1) $) {};
-  \end{tikzpicture}
-\end{textblock}  
-
-\begin{textblock}{1}(8.6,10.1)
-  \begin{tikzpicture}[scale=0.9]
-  \draw[white] (0,0) node (X) {};
-  \draw[white] (-2,-1) node (Y) {};
-  \draw[red, <->, line width = 0.5mm] (X) -- (Y);
-  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-  \end{tikzpicture}
-\end{textblock}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
@@ -860,7 +703,7 @@
 \begin{frame}[c]
 
 \begin{center}
-\includegraphics[scale=1.8]{../pics/barrier.jpg}
+\includegraphics[scale=0.5]{../pics/barrier.jpg}
 \end{center}
 
 \begin{itemize}
@@ -949,10 +792,10 @@
 }
 
 \begin{itemize}
-\item \texttt{\$} is separator
+\item \texttt{\$} is the separator
 \item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
-\item \texttt{QIGCa} is salt
-\item \texttt{ruJs8AvmrknzKTzM2TYE} $\rightarrow$ password + salt
+\item \texttt{QIGCa} is the salt
+\item \texttt{ruJs8AvmrknzKTzM2TYE.} $\rightarrow$ password + salt
 \end{itemize}
 
 \textcolor{gray}{\small
@@ -1015,6 +858,10 @@
 \item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn
 % linkedIn password
 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
+
+\item in July 2015, hackers leaked a password database from 
+Ashley Madison containing 31 million passwords, many of them 
+poorly hashed
 \end{itemize}\medskip
 
 \small
@@ -1078,7 +925,6 @@
 \begin{itemize}
 \item Do not send passwords in plain text.
 \item Security questions are tricky to get right.
-\item QQ (Chinese Skype) authenticates you via contacts.
 \end{itemize}
 
 \end{frame}
@@ -1089,20 +935,76 @@
 \frametitle{This Course}
 
 \begin{itemize}
+\item electronic voting
 \item break-ins (buffer overflows)
 \item access control\\ (role based, data security / data integrity)
-\item electronic voting
-\item protocols (specification)
-\item access control logic
+\item protocols
+\item zero-knowledge proofs
 \item privacy
 \begin{quote}
 Scott McNealy: \\``You have zero privacy anyway. Get over it.''
 \end{quote}
-\item zero-knowledge proofs
+\item trust, bitcoins
+\item static analysis
 \end{itemize}
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Books + Homework}
+
+\begin{itemize}
+\item There is no single book I am following, but
+
+  \begin{center}
+    \includegraphics[scale=0.012]{../pics/andersonbook1.jpg}
+    %%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg}
+  \end{center}\medskip\pause
+
+\item The question ``\emph{Is this relevant for the exams?}''
+      is not appreciated!\medskip\\
+
+  Whatever is in the homework (and is not marked optional) is
+  relevant for the exam. No code needs to be written.
+  
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Further Information}
+
+For your personal interest:
+
+\begin{itemize}
+\item RISKS mailing list 
+\item Schneier's Crypto newsletter
+\item Google+ Ethical Hacker group
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Take-Home Points}
+
+\begin{itemize}
+\item Never store passwords in plain text.\medskip
+\item Always salt your hashes!\medskip
+\item Use an existing crypto algorithm; do not write your own!\medskip
+\item Make the party responsible for losses that is in the position to improve 
+security.
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
@@ -1189,60 +1091,9 @@
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Books + Homework}
-
-\begin{itemize}
-\item There is no single book I am following
-
-  \begin{center}
-    \includegraphics[scale=0.012]{../pics/andersonbook1.jpg}
-    %%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg}
-  \end{center}\medskip\pause
-
-\item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\
-
-  Whatever is in the homework (and is not marked optional) is relevant for the
-  exam. No code needs to be written.
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Further Information}
-
-For your personal interest:
-
-\begin{itemize}
-\item RISKS mailing list 
-\item Schneier's Crypto newsletter
-\item Google+ Ethical Hacker group
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+\end{document}
 
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Take-Home Points}
-
-\begin{itemize}
-\item Never store passwords in plain text.\medskip
-\item Always salt your hashes!\medskip
-\item Use an existing crypto algorithm; do not write your own!\medskip
-\item Make the party responsible for losses that is in the position to improve 
-security.
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-
-\end{document}
 
 %%% Local Variables:  
 %%% mode: xelatex