diff -r ddac52c0014c -r 690d778b9127 hws/hw01.tex --- a/hws/hw01.tex Sun Mar 01 00:11:13 2015 +0000 +++ b/hws/hw01.tex Fri Apr 17 11:49:10 2015 +0100 @@ -12,8 +12,9 @@ \url{http://nodejs.org} \end{center} -It needs aslo the Node-packages Express, Cookie-Parser, Body-Parser and -Crypto. They can be easily installed using the Node package manager \texttt{npm}. +It needs also the Node-packages Express, Cookie-Parser, +Body-Parser and Crypto. They can be easily installed using the +Node package manager \texttt{npm}. \item Practice thinking like an attacker. Assume the following situation: @@ -32,33 +33,57 @@ Think of ways how you can cheat in this exam? How would you defend against such cheats. -\item Here is another puzzle where you can practice thinking like an - attacker: Consider modern car keys. They wirelessly open and close - the central locking system of the car. Whenever you lock the car, - the car ``responds'' by flashing the indicator lights. Can you think - of a security relevant purpose for that? (Hint: Imagine you are in - the business of stealing cars. What attack would be easier to - perform if the lights do not flash?) +\item Here is another puzzle where you can practice thinking + like an attacker: Consider modern car keys. They + wirelessly open and close the central locking system of + the car. Whenever you lock the car, the car ``responds'' + by flashing the indicator lights. Can you think of a + security relevant purpose for that? (Hint: Imagine you + are in the business of stealing cars. What attack would + be easier to perform if the lights do not flash?) + Should the car also make a ``beep noise'' when it + unlocks the doors? Which threat could be thwarted + by that? -\item Imagine you are at your home a broadband contract with - TalkTalk. You do not like their service and want to - switch, say, to ???. The procedure between the Internet - providers is that you contact ??? and set up a new - contract and they will automatically inform TalkTalk to - terminate the old contract. TalkTalk will then send you - a letter to confirm that you want to terminate. If they - do not hear from you otherwise, they will terminate the - contract and will request any outstanding cancellation - fees. Can you imagine in which situations this way of - doing things can cause you a lot of headaches? For this - consider that TalkTalk needs approximately 14 days to - reconnect you. +\item And another one: Imagine you have at home a broadband + contract with TalkTalk. You do not like their service + and want to switch, say, to Virgin. The procedure + between the Internet providers is that you contact + Virgine and set up a new contract and they will + automatically inform TalkTalk to terminate the old + contract. TalkTalk will then send you a letter to + confirm that you want to terminate. If they do not hear + from you otherwise, they will proceed with terminating + the contract and will request any outstanding + cancellation fees. Virgin on the other hand sends you a + new router and paperwork about the new contract. + Obviously this way of doing things is meant to make + switching for you as convenient as possible. Still can + you imagine in which situations this way of switching + providers can cause you a lot of headaches to you? For + this consider that TalkTalk needs approximately 14 days + to reconnect you and might ask for reconnection fees. -\item A water company has a device that transmits the meter - reading when their company car drives by. How can this - transmitted data be abused, if not properly encrypted? - If you identified an abuse, then how would you - encrypt the data so that such an abuse is prevented. +\item And another one: A water company installed devices that + transmit meter readings when their company car drives + by. How can this transmitted data be abused, if not + properly encrypted? If you identified an abuse, then how + would you encrypt the data so that such an abuse is + prevented. Hint: Consider the fact that every person + uses approximately 120l of water every day. + +\item And another one: Nowadays everybody is scared at a bomb + going off at a big event, say a football game. To + mitigate such a threat, you order expensive metal + detectors and hire a security team that will staff these + detectors at each game. Think whether people are really + safer at a football game with metal detectors or not. + Hint: People certainly might *\emph{feel}* safer by + going through metal detectors, but the question is + whether they *\emph{are}* safer. Hint: Consider how + people arrive at such an event: within a relative short + amount of time, thousands, if not more, spectators will + arrive at your football game. %\item Imagine there was recently a break in where computer criminals % stole a large password database containing