Binary file slides02.pdf has changed
--- a/slides02.tex Tue Oct 02 06:44:00 2012 +0100
+++ b/slides02.tex Tue Oct 02 13:57:26 2012 +0100
@@ -192,7 +192,8 @@
\item you must cycle through 1M combinations (online)\pause\bigskip
\item he limited the attack on his own account to 1 guess per second, \alert{\bf and}
-\item wrote a script that cleared the cookies set after each guess
+\item wrote a script that cleared the cookie set after each guess\pause
+\item has been fixed now
\end{itemize}
@@ -204,19 +205,22 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun\ldots\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}}
\begin{itemize}
\item ``smashing the stack attacks'' or ``buffer overflow attacks''
-\item one of the most popular attacks\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows)\medskip
+\item one of the most popular attacks;\\ attack of the (last) decade\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows)
+\begin{flushright}\small
+\textcolor{gray}{\url{http://www.kb.cert.org/vuls}}
+\end{flushright}
+\medskip
\item made popular in an article by Elias Levy\\ (also known as Aleph One):\\
\begin{center}
{\bf ``Smashing The Stack For Fun and Profit''}
-\end{center}\bigskip
+\end{center}\medskip
\begin{flushright}
-\small
-\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14}
+\small\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14}
\end{flushright}
\end{itemize}
@@ -231,13 +235,14 @@
\frametitle{\begin{tabular}{c}The Problem\end{tabular}}
\begin{itemize}
-\item The basic problem is that library routines look as follows:
+\item The basic problem is that library routines in C look as follows:
\begin{center}
{\lstset{language=Java}\fontsize{8}{10}\selectfont%
\texttt{\lstinputlisting{app5.c}}}
\end{center}
\item the resulting problems are often remotely exploitable
\item can be used to circumvents all access control
+(botnets for further attacks)
\end{itemize}
\end{frame}}
@@ -246,6 +251,26 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Variants\end{tabular}}
+
+There are many variants:
+
+\begin{itemize}
+\item return-to-lib-C attacks
+\item heap-smashing attacks\\
+\textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip
+
+\item ``zero-days-attacks'' (new unknown vulnerability)
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
\small
\texttt{my\_float} is printed twice:\bigskip
@@ -366,6 +391,26 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Security Goals\end{tabular}}
+
+\begin{itemize}
+\item Prevent common vulnerabilities from occurring (e.g. buffer overflows)\pause
+\item Recover from attacks (traceability and auditing of security-relevant actions)\pause
+\item Monitoring (detect attacks)\pause
+\item Privacy, confidentiality, anonymity (to protect secrets)\pause
+\item Authenticity (eeded for access control)\pause
+\item Integrity (prevent unwanted modification or tampering)\pause
+\item Availability and reliability (reduce the risk of DoS attacks)
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
\frametitle{\begin{tabular}{c}Homework\end{tabular}}
\begin{itemize}