# HG changeset patch # User Christian Urban # Date 1455255218 0 # Node ID f3d5e57ca00a81b28db6dcc12666012a2f413081 # Parent 7ecbf5339d0fc8da9b62758b5d9557b935c6b0c3 updated diff -r 7ecbf5339d0f -r f3d5e57ca00a handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r 7ecbf5339d0f -r f3d5e57ca00a handouts/ho01.tex --- a/handouts/ho01.tex Thu Feb 11 11:25:47 2016 +0000 +++ b/handouts/ho01.tex Fri Feb 12 05:33:38 2016 +0000 @@ -118,8 +118,13 @@ authorisation. Even though the banks involved trumpeted their system as being absolutely secure and indeed fraud rates initially went down, security researchers were not convinced -(especially not the group around Ross Anderson). To begin with, -the Chip-and-PIN system introduced a ``new player'' into the +(especially not the group around Ross +Anderson).\footnote{Actually, historical data about fraud +showed that first fraud rates went up (while early problems to +do with the introduction of Chip-and-PIN we exploited), then +down, but recently up again (because criminals getting more +familiar with the technology and how it can be exloited).} To begin with, the +Chip-and-PIN system introduced a ``new player'' into the system that needed to be trusted: the PIN terminals and their manufacturers. It was claimed that these terminals were tamper-resistant, but needless to say this was a weak link in @@ -206,8 +211,12 @@ cards such that they get all data that was on the Magstripe, except for three digits (the CVV number). Remember, Chip-and-PIN cards were introduced exactly for preventing -this. +this. Ross Anderson also talked about his research at the +BlackHat Conference in 2014: +\begin{center} +\url{https://www.youtube.com/watch?v=ET0MFkRorbo} +\end{center} \subsection*{Of Cookies and Salts} diff -r 7ecbf5339d0f -r f3d5e57ca00a handouts/ho07.pdf Binary file handouts/ho07.pdf has changed diff -r 7ecbf5339d0f -r f3d5e57ca00a handouts/ho07.tex --- a/handouts/ho07.tex Thu Feb 11 11:25:47 2016 +0000 +++ b/handouts/ho07.tex Fri Feb 12 05:33:38 2016 +0000 @@ -62,7 +62,7 @@ We would have hoped that after Snowden, Western governments would be a bit more sensitive and enlightned about the topic of privacy, but this is far from the truth. Ross Anderson -wrote the following in his blog about the approach taken in +wrote the following in his blog\footnote{\url{https://www.lightbluetouchpaper.org/2016/02/11/report-on-the-ip-bill/}} about the approach taken in the US to lessons learned from the Snowden leaks and contrasts this with the new snooping bill that is considered in the UK parliament: