Mercurial Mercurial > hg > sen-material / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho01.tex
changeset 446 64c20ed7941a
parent 445 9ad6445a0354
child 450 f3d5e57ca00a 
--- a/handouts/ho01.tex	Tue Jan 19 14:37:33 2016 +0000
+++ b/handouts/ho01.tex	Thu Feb 11 09:33:01 2016 +0000
@@ -6,7 +6,8 @@
 
 
 \begin{document}
-\fnote{\copyright{} Christian Urban, 2014, 2015}
+\fnote{\copyright{} Christian Urban, 
+King's College London, 2014, 2015, 2016}
 
 %Ross anderson
 %https://youtu.be/FY2YKxBxOkg
@@ -47,7 +48,7 @@
 
 \noindent In this module I like to teach you this security
 mindset. This might be a mindset that you think is very
-foreign to you---after all we are all good citizens and not
+foreign to you---after all we are all good citizens and do not
 hack into things. However, I beg to differ: You have this
 mindset already when in school you were thinking, at least
 hypothetically, about ways in which you can cheat in an exam
@@ -97,7 +98,7 @@
 but plays an important role. To illustrate this lets look at
 an example. 
 
-\subsubsection*{Chip-and-PIN is Surely More Secure?}
+\subsubsection*{Chip-and-PIN is Surely More Secure, No?}
 
 The questions is whether the Chip-and-PIN system used with
 modern credit cards is more secure than the older method of
@@ -129,7 +130,7 @@
 Chip-and-PIN, you need to be able to vet quite closely the
 supply chain of such terminals. This is something that is
 mostly beyond the control of customers who need to use these
-terminals.
+terminals. 
 
 To make matters worse for Chip-and-PIN, around 2009 Ross
 Anderson and his group were able to perform man-in-the-middle
@@ -160,15 +161,15 @@
 customers must have been negligent losing their PIN and
 customers had almost no way of defending themselves in such
 situations. That is why the work of \emph{ethical} hackers
-like Ross Anderson's group was so important, because they and
+like Ross Anderson's group is so important, because they and
 others established that the banks' claim that their system is
 secure and it must have been the customer's fault, was bogus.
 In 2009 the law changed and the burden of proof went back to
 the banks. They need to prove whether it was really the
 customer who used a card or not. The current state of affairs,
-however, is that standing up for your right requires you 
-to be knowledgeable\ldots{}if not, the banks are happy to 
-take advantage of you.
+however, is that standing up for your right requires you to be
+knowledgeable, potentially having to go to court\ldots{}if
+not, the banks are happy to take advantage of you.
 
 This is a classic example where a security design principle
 was violated: Namely, the one who is in the position to
@@ -201,11 +202,11 @@
 \url{https://www.youtube.com/watch?v=XeZbVZQsKO8}
 \end{center}
 
-\noindent They claim that they can actually clone with 
-Chip-and-PINs cards such that they get all data that was
-on the Magstripe, except for three digits (the CVV number).
-Remember Chip-and-PINs cards were introduced exactly for 
-preventing this.
+\noindent They claim that they are able to clone Chip-and-PINs
+cards such that they get all data that was on the Magstripe,
+except for three digits (the CVV number). Remember,
+Chip-and-PIN cards were introduced exactly for preventing
+this.
 
 
 \subsection*{Of Cookies and Salts}
sen-material