# HG changeset patch # User Christian Urban # Date 1415295715 0 # Node ID 0b9a16ddd625e9614ef38bd59b5731fc4a5389fd # Parent 47e06cb75837f6c90de4251fc734dd90f08f3c94 updated diff -r 47e06cb75837 -r 0b9a16ddd625 handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r 47e06cb75837 -r 0b9a16ddd625 handouts/ho02.tex --- a/handouts/ho02.tex Thu Nov 06 12:32:05 2014 +0000 +++ b/handouts/ho02.tex Thu Nov 06 17:41:55 2014 +0000 @@ -449,9 +449,11 @@ For example a good-enough and workable in-lecture online voting system where students' votes are anonymous and students cannot tamper with the outcome, I am sure, can be implemented. -\bigskip + -\noindent If you want to know more about e-voting, I recommend +\subsubsection*{Further Reading} + +If you want to know more about e-voting, I recommend the highly entertaining online course by Alex Halderman at Coursera. diff -r 47e06cb75837 -r 0b9a16ddd625 handouts/ho03.pdf Binary file handouts/ho03.pdf has changed diff -r 47e06cb75837 -r 0b9a16ddd625 handouts/ho03.tex --- a/handouts/ho03.tex Thu Nov 06 12:32:05 2014 +0000 +++ b/handouts/ho03.tex Thu Nov 06 17:41:55 2014 +0000 @@ -487,13 +487,15 @@ amount of time. If we now use an address that lets us jump to any address in the grey area we are done. The target machine will execute these \pcode{NOP} operations until it reaches the -shellcode. A moment of thought should convince you that this -trick can hugely improve our odds of finding the right -address---depending on the size of the buffer, it might only -take a few tries to get the shellcode to run. And then we are -in. The code for such an attack is shown in Figure~\ref{C3}. -It is directly taken from the original paper about ``Smashing -the Stack for Fun and Profit'' (see pointer given at the end). +shellcode. That is why this NOP-part is often called +\emph{NOP-sledge}. A moment of thought should convince you +that this trick can hugely improve our odds of finding the +right address---depending on the size of the buffer, it might +only take a few tries to get the shellcode to run. And then we +are in. The code for such an attack is shown in +Figure~\ref{C3}. It is directly taken from the original paper +about ``Smashing the Stack for Fun and Profit'' (see pointer +given at the end). \begin{figure}[p] \lstinputlisting[language=C]{../progs/C3.c} diff -r 47e06cb75837 -r 0b9a16ddd625 handouts/ho05.pdf Binary file handouts/ho05.pdf has changed diff -r 47e06cb75837 -r 0b9a16ddd625 handouts/ho05.tex --- a/handouts/ho05.tex Thu Nov 06 12:32:05 2014 +0000 +++ b/handouts/ho05.tex Thu Nov 06 17:41:55 2014 +0000 @@ -661,7 +661,7 @@ Now the big question is, why on earth does this splitting of messages in half and additional message exchange help with defending against person-in-the-middle attacks? Well, -let's try to be such an attacker. As before we intercept +let's try to be an attacker. As before we intercept the messages where public keys are exchanged and inject our own. @@ -772,7 +772,7 @@ With this the protocol has ended. $E$ was able to decrypt all messages, but what messages did $A$ and $B$ receive and from whom? Do you notice that $A$ and $B$ will find out that -something strange has happened and probably not talk on this +something strange is going on and probably not talk on this channel anymore? I leave you to think about it. Recall from the beginning that a person-in-the middle