University home »
Faculty of Science »
Department of Computer Science »
Courses » COMPSCI 725 S2 C » Lectures »
Computer Science
Lectures
Announcements
- Securing Tomorrow, an all-day workshop on IT career opportunities, OGGB5, 10:15am-4:10pm, Saturday 4 October, $15. Registration required.
- NZ Web Application Security Stats 2013 or What Value a Pentest Can Show?, NZISF breakfast meeting on 14 August 2014, 7:30am to 9am.
- Computer security in the news:
- KMart latest retail chain to disclose payment card breach, Threatpost.com, 15 Oct 2014. "Kmart is the latest domino to fall in the seemingly endless streak of major retail chain breaches. The discount department store acknowledged on Friday that it fell victim to a 'payment security incident' for most of September and some of October..."
- Cyberattacks trigger talk of 'hacking back', Washington Post, 9 October 2014. "The recent rash of cyberattacks on major U.S. companies has highlighted the scant options available to the victims, who often can do little more than hunker down, endure the bad publicity and harden their defenses in hopes of thwarting the next assault. But behind the scenes, talk among company officials increasingly turns to an idea once considered so reckless that few would admit to even considering it: Going on the offensive. Or, in the parlance of cybersecurity consultants, "hacking back." The mere mention of it within cybersecurity circles can prompt a lecture about the many risks, starting with the fact that most forms of hacking back are illegal and ending with warnings that retaliating could spark full-scale cyberwar, with collateral damage across the Internet. ..."
- The Ethics of Hacking 101, by Nakashima and Solti, Washington Post, 7 October 2014. "... some experts say the academic community is not taking ethics seriously enough, and professors are not taking responsibility for the potentially dangers skills they are teaching..."
- The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversations, Wired, 14 August 2014. "In the age of surveillance paranoia, most smartphone users know better than to give a random app or website permission to use their device's microphone. But researchers have found there's another, little-considered sensor in modern phones that can also listen in on their conversations. And it doesn't even need to ask. ... it could identify as many as 65 percent of digits spoken in the same room as the device by a single speaker. It could also identify the speaker's gender with as much as 84 percent certainty. Or it could distinguish between five different speakers in a room with up to 65 percent certainty. But Boneh argues that more work on speech recognition algorithms could refine the technique into a far more real eavesdropping threat. ..." For technical detail, see Gyrophone: Recognizing Speech from Gyroscope Signals, by Boneh et al., 23rd USENIX Security Symposium, 20-22 August, 2014.
- NIST finally dumps NSA-tainted random number algorithm, Larry Seltzer, ZDnet Security, 23 April 2014. DRAFT NIST Cryptographic Standards and Guidelines Development Process, NIST IR 7977, 18 February 2014: "... What are the most effective processes identified in the draft for engaging the cryptographic community for providing the necessary inclusivity and transparency to develop strong, trustworthy standards? ..."
- Antivirus products riddled with security flaws, researcher says, Computerworld.co.nz, 31 July 2014.
- Kiwis warned to watch out for mobile ransomware, Techday.com, 30 July 2014.
- The CIA Fears the Internet of Things, DefenseOne.com, 24 July 2014.
- Criminal Software, Government-Grade Protection, BITS Security, NY Times, 16 July 2014. See The Case of Gyges, the Invisible Malware: Government-Grade now in the Hands of Cybercriminals, Sentinel Labs Intelligence Report, 14 July 2014, to learn a little about the technical aspects of this exploit. Also note that there have been many prior allegations of criminal usage of governmentally-designed malware, see e.g. Stuxnet Tricks Copied by Computer Criminals, MIT Technology Review, 19 September 2012.
- Retailers attacked by POS Malware, BankInfoSecurity.com, 10 April 2014.
- Malware bypasses 2-factor authentication, BankInfoSecurity.com, 22 July 2014.
- Handling absence or illness:
- If you must leave for family emergencies etc, PLEASE talk to the lecturer, or somehow get a message to the department. Very few problems are so urgent that we cannot be told quite quickly.
- For problems affecting assignments or tests, see the lecturer (or send email, or call on the telephone). This must be done as soon as reasonably possible, if we are to make alternative arrangements that will prevent you from getting a poor mark on this test or assignment.
- For illness during exams (or other problems that affect exam performance) students MUST contact the Examinations Office as soon as possible, and in any event within a week. The time limits and other rules of the University's Aegrotat Policy are strictly enforced.
- Many students have missed out on a whole semester of study because they just went away. Many students have failed an examination because they did not report problems until they received the failing grade. In general, if there is a problem that will affect your study you should speak to someone as soon as possible.
- Students should sit the examination if at all possible, even if they do nothing much more than hand in a script with their name.
- Students should read the examinations handbook that they receive, and they should double-check the examination timetable to make sure they don't miss any of their exams.
Schedule (tentative)
- Week 1 (21 July - 25 July): Introduction; Basics of Security.
- Reading assignment (to be completed by Wednesday noon): B. W. Lampson, "Computer Security in the Real World", C. ACM 37(6) 37-46, 2004.
- Select class representative. Representatives are expected to attend our department's staff-student meetings on Monday 18 August and Monday 22 September, from 1-2pm in Room 303S.561. Information sessions. Sign-up sheet. Class rep handbook.
- Handout 1: General Information, version 1.01 of 21 October 2014 (updated a stale pointer to our University's academic-honesty webarea).
- Handout 2: Reading List for Oral Presentations, version 1.0 of 24 July 2014.
- Handout 3: Lecture Slides, set #1: Introduction to COMPSCI 725, version 1.1 of 23 July 2014 with requirements and discussion of oral reports.
- Week 2 (28 July - 1 August): Introduction to Cryptography
- Handout 4: Lecture Slides, set #2: Introduction to Cryptography.
- Handout 5: Paper Selection for oral reports.
- Week 3 (4 August - 8 August): Cryptographic Standards and Protocols
- Handout 6: Lecture Slides, set #3: Cryptographic Standards and Protocols.
- Week 4 (11 August - 15 August): Software Law and Ethics
- Students who are scheduled to present in Week 6 should make a reservation for a tutorial session in Week 5, to practice their oral presentation.
- Handout 7: Oral and Written Reports.
- Handout 8: "Soft" Security.
- Week 5 (18 August - 22 August): Report writing, with individual feedback.
- Students who are scheduled to present in Week 7 should make a reservation for a tutorial session in Week 6, to practice their oral presentation.
- Handout 9: A Process for Writing Reports.
- Week 6 (25 August - 29 August): Oral Presentations begin
- Students who are scheduled to present in Week 8 should make a reservation for a tutorial session in Week 7, to practice their oral presentation.
- Mid-semester break (1 September - 13 September)
- Week 7 (15 September - 19 September).
- Students who are scheduled to present in Week 9 should make a reservation for a tutorial session in Week 8, to practice their oral presentation.
- Week 8 (22 September - 26 September).
- Students who are scheduled to present in Week 10 should make a reservation for a tutorial session in Week 9, to practice their oral presentation.
- Week 9 (30 September - 4 October).
- Students who are scheduled to present in Week 11 should make a reservation for a tutorial session in Week 10, to practice their oral presentation.
- Completing your Written Report, version 1.2 of 10 October 2014.
- Week 10 (6 October - 10 October).
- Week 11 (11 October - 14 October).
- Monday: Finalising your written report (cont.).
- Wednesday: Practice final exam (ungraded, anonymous). We'll mark a sample of your answers, and discuss these on the last day of lectures.
- Friday: Soft security (cont.)
- Due 5pm Friday: written report, in .pdf or .docx or .odt format (5 MB limit), in Cecil dropbox.
- Week 12 (20 October - 24 October).
- Monday, Wednesday: No lecture.
- Friday: Discussion of sample answers to practice final exam; revision.
-
Related Programmes
