# HG changeset patch # User Christian Urban # Date 1468926529 -3600 # Node ID 5144851466419b096a291124218f771cfca0f181 # Parent aebcaa545f81280d850e0bd27b569437fe22960e updated home works diff -r aebcaa545f81 -r 514485146641 handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r aebcaa545f81 -r 514485146641 handouts/ho01.tex --- a/handouts/ho01.tex Thu Jul 14 13:07:23 2016 +0100 +++ b/handouts/ho01.tex Tue Jul 19 12:08:49 2016 +0100 @@ -693,7 +693,19 @@ \url{http://goo.gl/83Ho0N} \end{center} -\noindent Clearly, passwords are a technology that comes to +\noindent Or the passwords from eHarmony + +\begin{center} +\url{https://goo.gl/W63Xhw} +\end{center} + +\noindent The attack used dictionaries with up to 15 Billion +entries.\footnote{Compare this with the full brute-force space +of $62^8$} If eHarmony had properly salted their passwords, +the attack would have taken 31 years. + + +Clearly, passwords are a technology that comes to the end of its usefulness, because brute force attacks become more and more powerful and it is unlikely that humans get any better in remembering (securely) longer and longer passwords. diff -r aebcaa545f81 -r 514485146641 hws/hw01.pdf Binary file hws/hw01.pdf has changed diff -r aebcaa545f81 -r 514485146641 hws/hw01.tex --- a/hws/hw01.tex Thu Jul 14 13:07:23 2016 +0100 +++ b/hws/hw01.tex Tue Jul 19 12:08:49 2016 +0100 @@ -48,25 +48,6 @@ unlocks the doors? Which threat could be thwarted by that? -\item And another one: Imagine you have at home a broadband - contract with TalkTalk. You do not like their service - and want to switch to Virgin, say. The procedure - between the Internet providers is that you contact - Virgin and set up a new contract and they will - automatically inform TalkTalk to terminate the old - contract. TalkTalk will then send you a letter to - confirm that you want to terminate. If they do not hear - from you, they will proceed with terminating - the contract and will request any outstanding - cancellation fees. Virgin on the other hand sends you a - new router and paperwork about the new contract. - Obviously this way of doing things is meant to make - switching as convenient as possible. Still can - you imagine situations in which this way of switching - providers can cause you a lot of headaches? For - this consider that TalkTalk needs approximately 14 days - to reconnect you and might ask for reconnection fees. - \item And another one: A water company installed devices that transmit meter readings when their company car drives by. How can this transmitted data be abused, if not @@ -94,10 +75,7 @@ % be done. This is something. Therefore, we must do it." % Never mind if the something makes any sense or not. -\item And another one: Imagine you are researching security - products (e.g.~CCTV, alarms etc) on a helpful website. - They ask you for your address details? Think about - whether this can be bad for you. + %\item Imagine there was recently a break in where computer criminals @@ -117,6 +95,13 @@ Under which circumstance should users be required to change their password? +\item The biggest dictionary for dictionary attacks I know + contains 15 Billion entries. If you try out all of these + 15 Billion entries in order to hack one password how + much percent of the full brute-force space did you + cover. For this assume passwords use 62 charcaters and + are typically 8 characters long. + \item What are good uses of cookies (that is browser cookies)? \item Why is making bank customers liable for financial fraud a bad diff -r aebcaa545f81 -r 514485146641 hws/hw02.pdf Binary file hws/hw02.pdf has changed diff -r aebcaa545f81 -r 514485146641 hws/hw02.tex --- a/hws/hw02.tex Thu Jul 14 13:07:23 2016 +0100 +++ b/hws/hw02.tex Tue Jul 19 12:08:49 2016 +0100 @@ -8,6 +8,25 @@ \HEADER \begin{enumerate} +\item Another question for thinking like an attacker: Imagine + you have at home a broadband contract with TalkTalk. You + do not like their service and want to switch to Virgin, + say. The procedure between the Internet providers is + that you contact Virgin and set up a new contract and + they will automatically inform TalkTalk to terminate the + old contract. TalkTalk will then send you a letter to + confirm that you want to terminate. If they do not hear + from you, they will proceed with terminating the + contract and will request any outstanding cancellation + fees. Virgin on the other hand sends you a new router + and paperwork about the new contract. Obviously this way + of doing things is meant to make switching as convenient + as possible. Still can you imagine situations in which + this way of switching providers can cause you a lot of + headaches? For this consider that TalkTalk needs + approximately 14 days to reconnect you and might ask for + reconnection fees. + \item Often problems in e-voting are due to difficulties with authentication. Keep this in mind for what could go wrong with the following discount offered by an diff -r aebcaa545f81 -r 514485146641 hws/hw05.pdf Binary file hws/hw05.pdf has changed diff -r aebcaa545f81 -r 514485146641 hws/hw05.tex --- a/hws/hw05.tex Thu Jul 14 13:07:23 2016 +0100 +++ b/hws/hw05.tex Tue Jul 19 12:08:49 2016 +0100 @@ -8,6 +8,12 @@ \HEADER \begin{enumerate} +\item Imagine you are researching security products + (e.g.~CCTV, alarms etc) on a helpful website. They ask + you for your address details? Think about whether this + can be bad for you. + + \item What can attacker that controls the network do to a communication between a client and a server?