Binary file slides01.pdf has changed

--- a/slides01.tex	Sun Sep 23 23:22:10 2012 +0100
+++ b/slides01.tex	Mon Sep 24 02:49:44 2012 +0100
@@ -333,7 +333,7 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Web Application\end{tabular}}
+\frametitle{\begin{tabular}{c}Web Applications\end{tabular}}
 
 
 \begin{textblock}{1}(2,5)
@@ -360,7 +360,81 @@
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
+% linkedIn password
+% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
 
+% rainbow tables
+% http://en.wikipedia.org/wiki/Rainbow_table
+
+% Unix password
+% http://ubuntuforums.org/showthread.php?p=5318038
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}
+
+\begin{itemize}
+\item How fast can hackers crack passwords? \pause
+
+\item The answer is 2 billion per second using a Radeon HD 7970
+\end{itemize}
+
+
+\begin{center}
+\begin{tabular}{rl}
+password length & time\smallskip\\\hline
+5 letters & 5 secs\\
+6 letters & 500 secs\\
+7 letters & 13 hours\\
+8 letters & 57 days\\
+9 letters & 15 years\\
+\end{tabular}
+\end{center}
+
+\small
+5 letters $=$ 100$^5$ $=$ 10 billion combinations\\ 
+(1 letter $\approx$ upper case, lower case, digits, symbols)
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Passwords\end{tabular}}
+
+\begin{itemize}
+\item How do recover from a break in?
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}}
+
+\begin{itemize}
+\item What are we trying to protect?
+\item What properties are we trying to enforce?\medskip
+
+\item Who are the attackers? Capabilities? Motivations?
+\item What kind of attack are we trying to protect?
+\item Who can fix any vulnerabilities?\medskip
+
+\item What are the weaknesses of the system?
+\item What will successful attacks cost us?
+\item How likely are the attacks?\medskip
+
+\item Security almost always is {\bf not} free!
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%