Binary file slides/slides04.pdf has changed
--- a/slides/slides04.tex	Mon Oct 17 13:40:45 2016 +0100
+++ b/slides/slides04.tex	Wed Oct 19 00:32:38 2016 +0100
@@ -45,8 +45,10 @@
 \end{center}
 
 \begin{itemize}
-\item no ``cheating'' needed for format string attacks
-\item the main point: no cheating to start with 
+%\item no ``cheating'' needed for format string attacks
+\item required some cheating on modern OS
+\item the main point: no cheating in practice\pause
+\item one class of attacks not mentioned last week
 \end{itemize} 
 
 \end{frame}
@@ -54,19 +56,35 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
+\frametitle{Format String Vulnerability}
+
+\small
+\texttt{string} is nowhere used:\bigskip
+
+{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
+
+this vulnerability can be used to read out the stack and even
+modify it
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
 \frametitle{Case-In-Point: Android}
 
 \begin{itemize}
 \item a list of common Android vulnerabilities
-(5 BOAs out of 35 vulnerabilities; all from 2013 and later)
+(5 BOAs out of 35 vulnerabilities; all from 2013 and later):
 
 \begin{center}
 \url{http://androidvulnerabilities.org/}
 \end{center}\bigskip
 
-\item a paper that attempts measures security of Android phones
+\item a paper that attempts to measure the security of Android phones:
 
-\begin{quote}\small\rm ``We find that on average 87.7\% of Android
+\begin{quote}\small\it ``We find that on average 87.7\% of Android
 devices are exposed to at least one of 11 known critical
 vulnerabilities\ldots''
 \end{quote} 
@@ -82,29 +100,27 @@
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-
-A student asked:
+%\begin{frame}[c]
+%
+%A student asked:
+%
+%\begin{bubble}[10cm]\small How do we implement BOAs? On a
+%webpage login, for example Facebook, we can't do this. 
+%I am sure the script will stop us even before we reach the 
+%server. The
+%script will not let us enter hexadecimal numbers where email
+%or username is required and plus it will have a max length,
+%like 32 characters only. In this case, what can we do, since
+%the method you showed us wouldn't work?
+%\end{bubble}\bigskip\bigskip\pause
 
-\begin{bubble}[10cm]\small How do we implement BOAs? On a
-webpage login, for example Facebook, we can't do this. 
-I am sure the script will stop us even before we reach the 
-server. The
-script will not let us enter hexadecimal numbers where email
-or username is required and plus it will have a max length,
-like 32 characters only. In this case, what can we do, since
-the method you showed us wouldn't work?
-\end{bubble}\bigskip\bigskip\pause
-
-\begin{itemize}
-\item Facebook no
-\item printers, routers, cars, IoT etc likely\pause
-\item I do not want to teach you hacking, rather defending
-\end{itemize}
-
-
-
-\end{frame}
+%\begin{itemize}
+%\item Facebook no
+%\item printers, routers, cars, IoT etc likely\pause
+%\item I do not want to teach you hacking, rather defending
+%\end{itemize}
+%
+%\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -115,22 +131,22 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-
-\begin{center}
-\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
-last week: buffer overflow attacks
-\end{center}
-  
-\end{frame}
+%\begin{frame}[c]
+%
+%\begin{center}
+%\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
+%last week: buffer overflow attacks
+%\end{center}
+%  
+%\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Two General Counter\\[-1mm] 
-            Measures against BOAs etc\end{tabular}}
+\frametitle{\begin{tabular}{c}\LARGE Two General Counter\\[-1mm] 
+            \LARGE Measures against BOAs etc\end{tabular}}
 
-Both try to reduce the attack surface:\bigskip
+Both try to reduce the attack surface (trusted computing base):\bigskip
 
 \begin{itemize}
 \item \alert{\bf unikernels} -- the idea is to not have
@@ -346,8 +362,8 @@
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
 {\begin{minipage}{8cm}
-Only failure makes us experts.
-	-- Theo de Raadt (OpenBSD, OpenSSH)
+Only failure makes us experts.\\
+\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH)
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
@@ -831,9 +847,9 @@
 
   \begin{itemize}
   \item good example of a bad protocol\\ (security by obscurity)\bigskip
-  \item<3->  ``Breaching security on Oyster cards should not 
+  \item<3->  {\it``Breaching security on Oyster cards should not 
   allow unauthorised use for more than a day, as TfL promises to turn 
-  off any cloned cards within 24 hours\ldots''
+  off any cloned cards within 24 hours\ldots''}
   \end{itemize}
 
   \only<2>{
Binary file slides/survey-16.pdf has changed
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/slides/survey-16.tex	Wed Oct 19 00:32:38 2016 +0100
@@ -0,0 +1,82 @@
+\documentclass[dvipsnames,14pt,t]{beamer}
+\usepackage{../slides}
+
+% beamer stuff 
+\renewcommand{\slidecaption}{SEN 14, King's College London}
+\newcommand{\bl}[1]{\textcolor{blue}{#1}}
+
+\begin{document}
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Survey: Thanks! (1)}
+\small
+
+\begin{center}
+\begin{tabular}{@{}cc@{}}
+\includegraphics[scale=0.24]{../pics/survey01.pdf}&
+\includegraphics[scale=0.24]{../pics/survey02.pdf}
+\end{tabular}
+\end{center}
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Survey: Thanks! (2)}
+\small
+
+\begin{center}
+\begin{tabular}{@{}cc@{}}
+\includegraphics[scale=0.24]{../pics/survey03.pdf}&
+\includegraphics[scale=0.24]{../pics/survey05.pdf}
+\end{tabular}
+\end{center}
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Survey: Thanks! (3)}
+\small
+
+\begin{center}
+\begin{tabular}{@{}cc@{}}
+\includegraphics[scale=0.24]{../pics/survey06.pdf}&
+\includegraphics[scale=0.24]{../pics/survey08.pdf}
+\end{tabular}
+\end{center}
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Survey: Thanks Also!}
+\small
+
+\begin{itemize}
+\item {\bf Code} ``I can't get the code part''
+\item {\bf Hard} ``A little bit hard for me to understand all.''
+\item {\bf Homework} ``You should give more clear solutions to the submitted
+               homework''  
+\item {\bf Q} Has made the objectives of the module clear?\\
+  {\bf A} ``I would like to know''
+\item {\bf Voice} ``The lecturer speaks too slow''
+\item {\bf KEATS} ``Not able to access KEATS. Only for this module.''  
+\end{itemize}
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+\end{document}
+
+
+%%% Local Variables:  
+%%% mode: latex
+%%% TeX-master: t
+%%% End: 
+