Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tuned
authorChristian Urban <urbanc@in.tum.de>
Tue, 02 Oct 2012 14:11:58 +0100
changeset 19 3a15c73d51e2
parent 18 ad7ef5a7a63c
child 20 b4ddddbb14cc
tuned
hw02.pdf file | annotate | diff | comparison | revisions
hw02.tex file | annotate | diff | comparison | revisions
slides02.tex file | annotate | diff | comparison | revisions 
Binary file hw02.pdf has changed
--- a/hw02.tex	Tue Oct 02 13:57:26 2012 +0100
+++ b/hw02.tex	Tue Oct 02 14:11:58 2012 +0100
@@ -4,39 +4,18 @@
 
 \begin{document}
 
-\section*{Homework 1}
+\section*{Homework 2}
 
 \begin{enumerate}
-\item {\bf (Optional)} If you want to have a look at the code presented in the lectures, install Scala available (for free) from
-\begin{center}
-\url{http://www.scala-lang.org}
-\end{center}
+\item Assume format string attacks allow you to read out the stack. What can you do
+	with this information? (Hint: Consider what is stored in the stack.)
 
-\noindent
-The web-applications from the first lecture are written in Scala using the Play Framework available (also for free) from
-\begin{center}
-\url{http://www.playframework.org}
-\end{center}
-
-\item Practice thinking like an attacker. Assume the following situation:
-\begin{quote}\it
-Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip
+\item Assume you can crash a program remotely. Why is this a problem?
 
-\noindent
-\begin{tabular}{@ {}l}
-Write the first 100 digits of pi:\\
-3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
-\end{tabular}
-\end{quote}
+\item How can the choice of a programming language help with buffer overflow attacks?
+(Hint: Why are C-programs prone to such attacks, but not Java programs.)
 
-\noindent
-Think of ways how you can cheat in this exam?
-
-\item Explain what hashes and salts are. Describe how they can be used for ensuring data integrity and
-storing password information.
-
-\item What are good uses of cookies (that is browser cookies)?
-
+\item (Optional) How can a system that separates between \emph{users} and \emph{root} be of any help with buffer overflow attacks?
 \end{enumerate}
 
 \end{document}
--- a/slides02.tex	Tue Oct 02 13:57:26 2012 +0100
+++ b/slides02.tex	Tue Oct 02 14:11:58 2012 +0100
@@ -415,7 +415,7 @@
 
 \begin{itemize}
 \item Assume format string attacks allow you to read out the stack. What can you do
-	with this information.\bigskip
+	with this information?\bigskip
 
 \item Assume you can crash a program remotely. Why is this a problem?
 \end{itemize}
sen-material