--- a/handouts/ho01.tex	Thu Feb 11 11:25:47 2016 +0000
+++ b/handouts/ho01.tex	Fri Feb 12 05:33:38 2016 +0000
@@ -118,8 +118,13 @@
 authorisation. Even though the banks involved trumpeted their
 system as being absolutely secure and indeed fraud rates
 initially went down, security researchers were not convinced
-(especially not the group around Ross Anderson). To begin with,
-the Chip-and-PIN system introduced a ``new player'' into the
+(especially not the group around Ross
+Anderson).\footnote{Actually, historical data about fraud
+showed that first fraud rates went up (while early problems to
+do with the introduction of Chip-and-PIN we exploited), then
+down, but recently up again (because criminals getting more
+familiar with the technology and how it can be exloited).} To begin with, the
+Chip-and-PIN system introduced a ``new player'' into the
 system that needed to be trusted: the PIN terminals and their
 manufacturers. It was claimed that these terminals were
 tamper-resistant, but needless to say this was a weak link in
@@ -206,8 +211,12 @@
 cards such that they get all data that was on the Magstripe,
 except for three digits (the CVV number). Remember,
 Chip-and-PIN cards were introduced exactly for preventing
-this.
+this. Ross Anderson also talked about his research at the
+BlackHat Conference in 2014:
 
+\begin{center}
+\url{https://www.youtube.com/watch?v=ET0MFkRorbo}
+\end{center}
 
 \subsection*{Of Cookies and Salts}