# HG changeset patch # User Christian Urban # Date 1475585045 -3600 # Node ID 76f9457b8f51f365247600b603c040f371ac4137 # Parent f76e1456b365091732765e46da235755a1a9fd06 updated diff -r f76e1456b365 -r 76f9457b8f51 hws/hw01.pdf Binary file hws/hw01.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw02.pdf Binary file hws/hw02.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw02.tex --- a/hws/hw02.tex Fri Sep 30 19:55:35 2016 +0100 +++ b/hws/hw02.tex Tue Oct 04 13:44:05 2016 +0100 @@ -90,9 +90,10 @@ tallying. What can still go wrong with such a perfectly secure voting system, which is prevented in traditional elections with paper-based ballots? + +\item \POSTSCRIPT \end{enumerate} - \end{document} %%% Local Variables: diff -r f76e1456b365 -r 76f9457b8f51 hws/hw03.pdf Binary file hws/hw03.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw03.tex --- a/hws/hw03.tex Fri Sep 30 19:55:35 2016 +0100 +++ b/hws/hw03.tex Tue Oct 04 13:44:05 2016 +0100 @@ -25,6 +25,8 @@ \item Why does randomising the addresses from where programs are run help defending against buffer overflow attacks? +\item What is a format string attack? + \item Assume format string attacks allow you to read out the stack. What can you do with this information? (Hint: Consider what is stored in the stack.) @@ -37,7 +39,9 @@ \item When filling the buffer that is attacked with a payload (starting a shell), what is the purpose of -padding the string at the beginning with NOP-instructions. +padding the string at the beginning with NOP-instructions. + +\item \POSTSCRIPT \end{enumerate} \end{document} diff -r f76e1456b365 -r 76f9457b8f51 hws/hw04.pdf Binary file hws/hw04.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw05.pdf Binary file hws/hw05.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw06.pdf Binary file hws/hw06.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw07.pdf Binary file hws/hw07.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw08.pdf Binary file hws/hw08.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/hw10.pdf Binary file hws/hw10.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 hws/so04.pdf Binary file hws/so04.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 slides/slides01.pdf Binary file slides/slides01.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 slides/slides01.tex --- a/slides/slides01.tex Fri Sep 30 19:55:35 2016 +0100 +++ b/slides/slides01.tex Tue Oct 04 13:44:05 2016 +0100 @@ -925,7 +925,7 @@ \begin{itemize} \item Do not send passwords in plain text. -\item Security questions are tricky to get right. +\item Security questions are tricky to get right (you cannot hash them). \end{itemize} \end{frame} diff -r f76e1456b365 -r 76f9457b8f51 slides/slides02.pdf Binary file slides/slides02.pdf has changed diff -r f76e1456b365 -r 76f9457b8f51 slides/slides02.tex --- a/slides/slides02.tex Fri Sep 30 19:55:35 2016 +0100 +++ b/slides/slides02.tex Tue Oct 04 13:44:05 2016 +0100 @@ -116,125 +116,15 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] -\frametitle{How to Salt?} - -\begin{center}\tt\small -\begin{tabular}{lcl} -1salt & $\Rightarrow$ & 8189effef4d4f7411f4153b13ff72546dd682c69\\ -2salt & $\Rightarrow$ & 1528375d5ceb7d71597053e6877cc570067a738f\\ -3salt & $\Rightarrow$ & d646e213d4f87e3971d9dd6d9f435840eb6a1c06\\ -4salt & $\Rightarrow$ & 5b9e85269e4461de0238a6bf463ed3f25778cbba\\ -\end{tabular} -\end{center} +\begin{frame}[c] +\frametitle{Exam and Homework} \begin{itemize} -\item in Unix systems: \texttt{hash(salt + password)}, or even -\texttt{hash$^{\texttt{1500}}$(salt + password)}\smallskip\pause -\item Bruce Schneier in cases messages are long: \\ -instead of \texttt{m $\mapsto$ hash(m)},\\ use \texttt{m $\mapsto$ hash(hash(m) + m)} +\item reminder\ldots KEATS \end{itemize} -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}} - -Can you track a user {\bf without}: - -\begin{itemize} -\item Cookies -\item JavaScript -\item LocalStorage/SessionStorage/GlobalStorage -\item Flash, Java or other plugins -\item Your IP address or user agent string -\item Any methods employed by Panopticlick\\ -\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}} -\end{itemize} - -Even when you disabled cookies entirely, have JavaScript turned off and use a VPN -service, and also \ldots \end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame} -\frametitle{Verizon} -\mbox{}\\[-23mm]\mbox{} - -\begin{center} -\includegraphics[scale=0.21]{../pics/verizon.png} -\end{center} -\vfill\footnotesize -\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works} -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Web-Protocol} - -\only<1->{ -\begin{textblock}{1}(2,2) - \begin{tikzpicture}[scale=1.3] - \draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}}; - \end{tikzpicture} -\end{textblock}} - -\only<1->{ -\begin{textblock}{1}(11,2) - \begin{tikzpicture}[scale=1.3] - \draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}}; - \end{tikzpicture} -\end{textblock}} - -\only<1->{ -\begin{textblock}{1}(5,2.5) - \begin{tikzpicture}[scale=1.3] - \draw[white] (0,0) node (X) {}; - \draw[white] (3,0) node (Y) {}; - \draw[red, ->, line width = 2mm] (X) -- (Y); - \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {}; - \end{tikzpicture} -\end{textblock}} - -\only<2->{ -\begin{textblock}{1}(5,6) - \begin{tikzpicture}[scale=1.3] - \draw[white] (0,0) node (X) {}; - \draw[white] (3,0) node (Y) {}; - \draw[red, <-, line width = 2mm] (X) -- (Y); - \node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {}; - \node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {}; - \end{tikzpicture} -\end{textblock}} - -\only<3->{ -\begin{textblock}{1}(4.2,11) - \begin{tikzpicture}[scale=1.3] - \draw[white] (0,0) node (X) {}; - \draw[white] (3,0) node (Y) {}; - \draw[red, ->, line width = 2mm] (X) -- (Y); - \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {}; - \end{tikzpicture} -\end{textblock}} - -\only<4->{ -\begin{textblock}{1}(4.2,13.9) - \begin{tikzpicture}[scale=1.3] - \draw[white] (0,0) node (X) {}; - \draw[white] (3,0) node (Y) {}; - \draw[red, <-, line width = 2mm] (X) -- (Y); - \node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {}; - \end{tikzpicture} -\end{textblock}} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] @@ -253,9 +143,11 @@ \begin{frame}[c] \frametitle{E-Voting} -\begin{bubble}[9cm] +\begin{bubble}[10cm] ``Any electronic voting system should provide at least the same -security, privacy and transparency as the system it replaces.'' + security, privacy and transparency as the system it replaces.''\medskip\\ + + \small\hfill ---Australian Voting Commission \end{bubble} \end{frame} @@ -421,9 +313,9 @@ \mbox{}\\[-12mm] \begin{itemize} \item US used mechanical machines since the 30s, later punch cards, - now DREs and optical scan voting machines + until recently DREs and optical scan voting machines -\item Estonia used in 2007 the Internet for national elections +\item Estonia used in 2007, 2011 and 2015 the Internet for national elections \textcolor{gray}{(there were earlier pilot studies in other countries)} @@ -444,7 +336,7 @@ \frametitle{E-Voting in Estonia} \begin{itemize} -\item worlds first general election that used internet voting (2007) +\item worlds first general election that used internet voting (2007, 2011, 2015) \item builds on the Estonian ID card (a smartcard like CC) \item Internet voting can be used before the election (votes can be changed an unlimited amount of times, last vote is tabulated, you can even change your @@ -677,7 +569,7 @@ \begin{itemize} \item acquired a machine from an anonymous source\medskip -\item they try to keep secret the source code running the machine\medskip\pause +\item they try to keep secret the source code running on the machine\medskip\pause \item first reversed-engineered the machine (extremely tedious) \item could completely reboot the machine and even install a virus that infects other Diebold machines @@ -753,7 +645,7 @@ \item keep a paper trail and design your system to keep this secure\medskip \item make the software open source (avoid security-by-obscurity)\medskip \item have a simple design in order to minimise the attack surface -\end{itemize}\pause +\end{itemize}\pause\bigskip But overall, in times of NSA/state sponsored cyber-crime, e-voting is too hard with current technology. @@ -876,7 +768,7 @@ \begin{column}<2>{.4\textwidth} \centering \includegraphics[scale=0.32]{../pics/trainwreck.jpg}\\ -next week +next \end{column} \end{columns} \end{center} @@ -884,6 +776,129 @@ \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{How to Salt?} + +\begin{center}\tt\small +\begin{tabular}{lcl} +1salt & $\Rightarrow$ & 8189effef4d4f7411f4153b13ff72546dd682c69\\ +2salt & $\Rightarrow$ & 1528375d5ceb7d71597053e6877cc570067a738f\\ +3salt & $\Rightarrow$ & d646e213d4f87e3971d9dd6d9f435840eb6a1c06\\ +4salt & $\Rightarrow$ & 5b9e85269e4461de0238a6bf463ed3f25778cbba\\ +\end{tabular} +\end{center} + +\begin{itemize} +\item in Unix systems: \texttt{hash(salt + password)}, or even +\texttt{hash$^{\texttt{1500}}$(salt + password)}\smallskip\pause +\item Bruce Schneier in cases messages are long: \\ +instead of \texttt{m $\mapsto$ hash(m)},\\ use \texttt{m $\mapsto$ hash(hash(m) + m)} +\end{itemize} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}} + +Can you track a user {\bf without}: + +\begin{itemize} +\item Cookies +\item JavaScript +\item LocalStorage/SessionStorage/GlobalStorage +\item Flash, Java or other plugins +\item Your IP address or user agent string +\item Any methods employed by Panopticlick\\ +\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}} +\end{itemize} + +Even when you disabled cookies entirely, have JavaScript turned off and use a VPN +service, and also \ldots + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame} +\frametitle{Verizon} +\mbox{}\\[-23mm]\mbox{} + +\begin{center} +\includegraphics[scale=0.21]{../pics/verizon.png} +\end{center} +\vfill\footnotesize +\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Web-Protocol} + +\only<1->{ +\begin{textblock}{1}(2,2) + \begin{tikzpicture}[scale=1.3] + \draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}}; + \end{tikzpicture} +\end{textblock}} + +\only<1->{ +\begin{textblock}{1}(11,2) + \begin{tikzpicture}[scale=1.3] + \draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}}; + \end{tikzpicture} +\end{textblock}} + +\only<1->{ +\begin{textblock}{1}(5,2.5) + \begin{tikzpicture}[scale=1.3] + \draw[white] (0,0) node (X) {}; + \draw[white] (3,0) node (Y) {}; + \draw[red, ->, line width = 2mm] (X) -- (Y); + \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {}; + \end{tikzpicture} +\end{textblock}} + +\only<2->{ +\begin{textblock}{1}(5,6) + \begin{tikzpicture}[scale=1.3] + \draw[white] (0,0) node (X) {}; + \draw[white] (3,0) node (Y) {}; + \draw[red, <-, line width = 2mm] (X) -- (Y); + \node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {}; + \node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {}; + \end{tikzpicture} +\end{textblock}} + +\only<3->{ +\begin{textblock}{1}(4.2,11) + \begin{tikzpicture}[scale=1.3] + \draw[white] (0,0) node (X) {}; + \draw[white] (3,0) node (Y) {}; + \draw[red, ->, line width = 2mm] (X) -- (Y); + \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {}; + \end{tikzpicture} +\end{textblock}} + +\only<4->{ +\begin{textblock}{1}(4.2,13.9) + \begin{tikzpicture}[scale=1.3] + \draw[white] (0,0) node (X) {}; + \draw[white] (3,0) node (Y) {}; + \draw[red, <-, line width = 2mm] (X) -- (Y); + \node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {}; + \end{tikzpicture} +\end{textblock}} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + \end{document} %%% Local Variables: diff -r f76e1456b365 -r 76f9457b8f51 style.sty --- a/style.sty Fri Sep 30 19:55:35 2016 +0100 +++ b/style.sty Tue Oct 04 13:44:05 2016 +0100 @@ -56,7 +56,7 @@ \end{center} \noindent Solutions will only be accepted until -30th December!}\bigskip} +20th December!}\bigskip} \newcommand{\POSTSCRIPT}{ {\bf (Optional)} This question is for you to provide