Binary file handouts/ho01.pdf has changed

--- a/handouts/ho01.tex	Thu Jul 14 13:07:23 2016 +0100
+++ b/handouts/ho01.tex	Tue Jul 19 12:08:49 2016 +0100
@@ -693,7 +693,19 @@
 \url{http://goo.gl/83Ho0N}
 \end{center}
 
-\noindent Clearly, passwords are a technology that comes to
+\noindent Or the passwords from eHarmony
+
+\begin{center}
+\url{https://goo.gl/W63Xhw}
+\end{center}
+
+\noindent The attack used dictionaries with up to 15 Billion
+entries.\footnote{Compare this with the full brute-force space
+of $62^8$} If eHarmony had properly salted their passwords,
+the attack would have taken 31 years.
+
+
+Clearly, passwords are a technology that comes to
 the end of its usefulness, because brute force attacks become
 more and more powerful and it is unlikely that humans get any
 better in remembering (securely) longer and longer passwords.

Binary file hws/hw01.pdf has changed

--- a/hws/hw01.tex	Thu Jul 14 13:07:23 2016 +0100
+++ b/hws/hw01.tex	Tue Jul 19 12:08:49 2016 +0100
@@ -48,25 +48,6 @@
       unlocks the doors? Which threat could be thwarted
       by that?
 
-\item And another one: Imagine you have at home a broadband
-      contract with TalkTalk. You do not like their service
-      and want to switch to Virgin, say. The procedure
-      between the Internet providers is that you contact
-      Virgin and set up a new contract and they will
-      automatically inform TalkTalk to terminate the old
-      contract. TalkTalk will then send you a letter to
-      confirm that you want to terminate. If they do not hear
-      from you, they will proceed with terminating
-      the contract and will request any outstanding
-      cancellation fees. Virgin on the other hand sends you a
-      new router and paperwork about the new contract.
-      Obviously this way of doing things is meant to make
-      switching as convenient as possible. Still can
-      you imagine situations in which this way of switching
-      providers can cause you a lot of headaches? For
-      this consider that TalkTalk needs approximately 14 days
-      to reconnect you and might ask for reconnection fees.
-      
 \item And another one: A water company installed devices that
       transmit meter readings when their company car drives
       by. How can this transmitted data be abused, if not
@@ -94,10 +75,7 @@
 % be done. This is something. Therefore, we must do it." 
 % Never mind if the something makes any sense or not.
     
-\item And another one: Imagine you are researching security
-      products (e.g.~CCTV, alarms etc) on a helpful website.
-      They ask you for your address details? Think about
-      whether this can be bad for you.
+
 
 
 %\item Imagine there was recently a break in where computer criminals
@@ -117,6 +95,13 @@
       Under which circumstance should users be required to
       change their password?
 
+\item The biggest dictionary for dictionary attacks I know
+      contains 15 Billion entries. If you try out all of these
+      15 Billion entries in order to hack one password how
+      much percent of the full brute-force space did you
+      cover. For this assume passwords use 62 charcaters and
+      are typically 8 characters long.
+
 \item What are good uses of cookies (that is browser cookies)?
 
 \item Why is making bank customers liable for financial fraud a bad

Binary file hws/hw02.pdf has changed

--- a/hws/hw02.tex	Thu Jul 14 13:07:23 2016 +0100
+++ b/hws/hw02.tex	Tue Jul 19 12:08:49 2016 +0100
@@ -8,6 +8,25 @@
 \HEADER
 
 \begin{enumerate}
+\item Another question for thinking like an attacker: Imagine
+      you have at home a broadband contract with TalkTalk. You
+      do not like their service and want to switch to Virgin,
+      say. The procedure between the Internet providers is
+      that you contact Virgin and set up a new contract and
+      they will automatically inform TalkTalk to terminate the
+      old contract. TalkTalk will then send you a letter to
+      confirm that you want to terminate. If they do not hear
+      from you, they will proceed with terminating the
+      contract and will request any outstanding cancellation
+      fees. Virgin on the other hand sends you a new router
+      and paperwork about the new contract. Obviously this way
+      of doing things is meant to make switching as convenient
+      as possible. Still can you imagine situations in which
+      this way of switching providers can cause you a lot of
+      headaches? For this consider that TalkTalk needs
+      approximately 14 days to reconnect you and might ask for
+      reconnection fees.
+
 \item Often problems in e-voting are due to difficulties with
       authentication. Keep this in mind for what could go
       wrong with the following discount offered by an

Binary file hws/hw05.pdf has changed

--- a/hws/hw05.tex	Thu Jul 14 13:07:23 2016 +0100
+++ b/hws/hw05.tex	Tue Jul 19 12:08:49 2016 +0100
@@ -8,6 +8,12 @@
 \HEADER
 
 \begin{enumerate}
+\item Imagine you are researching security products
+      (e.g.~CCTV, alarms etc) on a helpful website. They ask
+      you for your address details? Think about whether this
+      can be bad for you.
+
+
 \item What can attacker that controls the network do to a communication
 between a client and a server?