# HG changeset patch # User Christian Urban # Date 1411464278 -3600 # Node ID d8657ff8cca1829520e606376bad6e8485a56f2c # Parent bba0504abcf0a015bffe262ce0ce895d2d33efc7 typos diff -r bba0504abcf0 -r d8657ff8cca1 handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r bba0504abcf0 -r d8657ff8cca1 handouts/ho01.tex --- a/handouts/ho01.tex Tue Sep 23 02:04:34 2014 +0100 +++ b/handouts/ho01.tex Tue Sep 23 10:24:38 2014 +0100 @@ -1,10 +1,10 @@ -\documentclass{article} + \documentclass{article} \usepackage{../style} \begin{document} -\section*{Handout 1 (Security Engeneering)} +\section*{Handout 1 (Security Engineering)} Much of the material and inspiration in this module is taken from the works of Bruce Schneier, Ross Anderson and Alex diff -r bba0504abcf0 -r d8657ff8cca1 slides/slides01.pdf Binary file slides/slides01.pdf has changed diff -r bba0504abcf0 -r d8657ff8cca1 slides/slides01.tex --- a/slides/slides01.tex Tue Sep 23 02:04:34 2014 +0100 +++ b/slides/slides01.tex Tue Sep 23 10:24:38 2014 +0100 @@ -111,10 +111,10 @@ \end{tikzpicture} \end{textblock} -\begin{textblock}{1}(1,6) +\begin{textblock}{1}(1,5) \begin{bubble}[11cm] -\footnotesize -Annonymous Hacker operating a 10k bonnet using the ZeuS +\small +Anonymous Hacker operating a 10k bonnet using the ZeuS hacking tool wrote:\medskip\\ ``FYI I do not cash out the bank accounts or credit cards, I just sell the information (I know, its just as bad...), there isn't even a law against @@ -123,7 +123,7 @@ when I looked it up), I'm not talking about 3rd world countries, but about European like Spain (The Mariposa botnet owner never got charged, because a botnet isn't illegal, only -abusing CC information is, but that did other guys).''\\ +abusing CC information is, but that did other guys).'' \hfill{}\url{www.goo.gl/UWluh0} \end{bubble} \end{textblock} @@ -279,7 +279,7 @@ \item {\bf Policy}\\ {\small What is supposed to be achieved?} \item {\bf Mechanism}\\ - {\small Cypher, access controls, tamper resistance} + {\small Cipher, access controls, tamper resistance, \ldots} \item {\bf Assurance}\\ {\small The amount of reliance you can put on the mechanism.} \item {\bf Incentive}\\ @@ -319,6 +319,8 @@ \begin{frame}[c] \frametitle{Yes \ldots} +\ldots if you believe the banks:\bigskip + \begin{bubble}[10cm] \small ``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities @@ -359,7 +361,7 @@ \begin{textblock}{1}(4.5,9.9) \begin{tabular}{c} \includegraphics[scale=0.16]{pics/rman.png}\\[-1mm] -\small custumer / you +\small customer / you \end{tabular} \end{textblock} @@ -483,7 +485,7 @@ \begin{itemize} \item same group successfully attacked in 2012 card readers and ATM machines -\item the problem: several types of ATMs generate poor random numbers, +\item the problem was: several types of ATMs generate poor random numbers, which are used as nonces \end{itemize} @@ -517,7 +519,7 @@ \begin{textblock}{1}(4.5,9.9) \begin{tabular}{c} \includegraphics[scale=0.13]{pics/rman.png}\\[-1mm] -\small costumer / you +\small customer / you \end{tabular} \end{textblock} @@ -571,7 +573,7 @@ \frametitle{The Bad Guy Again} \begin{bubble}[10cm] -\footnotesize +\small The anonymous hacker from earlier:\medskip\\ ``Try to use `Verified-By-Visa' and `Mastercard-Securecode' as rarely as possible. If only your CVV2 code is getting sniffed, you are @@ -1120,7 +1122,7 @@ \end{itemize} Even when you disabled cookies entirely, have JavaScript turned off and use a VPN service.\\\pause -And numerous sites use it. +(And numerous sites use it.) \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -1200,12 +1202,12 @@ \item There is no single book I am following \begin{center} \includegraphics[scale=0.012]{pics/andersonbook1.jpg} -\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg} +%%\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg} \end{center}\medskip\pause \item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\ -Whatever is in the homework sheets (and is not marked optional) is relevant for the +Whatever is in the homework (and is not marked optional) is relevant for the exam. No code needs to be written. \end{itemize}