# HG changeset patch # User Christian Urban # Date 1411464663 -3600 # Node ID 793ae8926a974e377eb54b13e51555d7210297b6 # Parent d8657ff8cca1829520e606376bad6e8485a56f2c polished diff -r d8657ff8cca1 -r 793ae8926a97 handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r d8657ff8cca1 -r 793ae8926a97 handouts/ho01.tex --- a/handouts/ho01.tex Tue Sep 23 10:24:38 2014 +0100 +++ b/handouts/ho01.tex Tue Sep 23 10:31:03 2014 +0100 @@ -35,18 +35,17 @@ \end{quote} \noindent In this module I like to teach you this security -mindset. This might be a mindset that you think is very -foreign to you (after all we are all good citizens). I beg to -differ: You have this mindset already when in school you were -thinking, at least hypothetically, in which ways you can cheat -in an exam (whether it is about hiding notes or looking over -the shoulders of your fellow pupils). Right? To defend a -system, you need to have this kind mindset and be able to -think like an attacker. This will include understanding -techniques that can be used to compromise security and privacy -in systems. This will many times result in insights where -well-intended security mechanism made a system actually less -secure.\smallskip +mindset. This might be a mindset that you think is very foreign to you +(after all we are all good citizens and not ahck into things). I beg +to differ: You have this mindset already when in school you were +thinking, at least hypothetically, in which ways you can cheat in an +exam (whether it is about hiding notes or looking over the shoulders +of your fellow pupils). Right? To defend a system, you need to have +this kind mindset and be able to think like an attacker. This will +include understanding techniques that can be used to compromise +security and privacy in systems. This will many times result in +insights where well-intended security mechanism made a system actually +less secure.\smallskip {\Large\bf Warning!} However, don’t be evil! Using those techniques in the real world may violate the law or King’s diff -r d8657ff8cca1 -r 793ae8926a97 slides/slides01.pdf Binary file slides/slides01.pdf has changed diff -r d8657ff8cca1 -r 793ae8926a97 slides/slides01.tex --- a/slides/slides01.tex Tue Sep 23 10:24:38 2014 +0100 +++ b/slides/slides01.tex Tue Sep 23 10:31:03 2014 +0100 @@ -1105,7 +1105,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] \frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}} @@ -1124,14 +1123,13 @@ Even when you disabled cookies entirely, have JavaScript turned off and use a VPN service.\\\pause (And numerous sites use it.) -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{\begin{tabular}{c}Web-Protocol\end{tabular}} +\frametitle{Web-Protocol} \only<1->{ \begin{textblock}{1}(2,2) @@ -1188,46 +1186,59 @@ \end{tikzpicture} \end{textblock}} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{\begin{tabular}{c}Books + Homework\end{tabular}} +\frametitle{Books + Homework} \begin{itemize} \item There is no single book I am following -\begin{center} -\includegraphics[scale=0.012]{pics/andersonbook1.jpg} -%%\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg} -\end{center}\medskip\pause + + \begin{center} + \includegraphics[scale=0.012]{pics/andersonbook1.jpg} + %%\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg} + \end{center}\medskip\pause \item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\ -Whatever is in the homework (and is not marked optional) is relevant for the -exam. No code needs to be written. + Whatever is in the homework (and is not marked optional) is relevant for the + exam. No code needs to be written. \end{itemize} -\end{frame}} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Further Information} + +For your personal interest: + +\begin{itemize} +\item RISKS mailing list +\item Schneier's Crypto newsletter +\item Google+ Ethical Hacker group +\end{itemize} + +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}} +\frametitle{Take-Home Points} \begin{itemize} \item Never store passwords in plain text.\medskip \item Always salt your hashes!\medskip \item Use an existing crypto algorithm; do not write your own!\medskip -\item Make the party responsible for losses, who is in the position to improve things. +\item Make the party responsible for losses, who is in the position to improve +security. \end{itemize} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%