Lecture 3: Attacks Part 1

1. Example: sending an email
   1. User agents and message transport agents
   2. What security should email provide?
   3. Violating secrecy
   4. Violating message integrity
   5. Impersonating a sender
   6. Content unchanged, but bogus
2. Example: accessing a web page
   1. How the browser works
   2. Fetching pages, including images
   3. How you can be tracked over the web
   4. How cookies work
   5. Cross-site scripting and other maliciousness
3. Discussion question

Discussion Topic

During a six month period, a number of computer installations were attacked by an intruder who broke in and simply looked at the data on the system. After repeated investigations, it was determined the intruders were from ther Netherlands. The Dutch police were asked to investigate, because one of the computers was at a military site, and there was considerable belief that espionage against the United States was being committed.

After a thorough investigation, the Dutch authorities found that the intruder was a high school student who had no previous record of trouble, and they determined he was not spying; he was simply amusing himself. They declined to proceed any further as (then) attacking computer systems was not a crime under Dutch law.

The intruder continued to break into these systems despite efforts to stop him. While he caused no damage, he tied up lots of the system programmers' time.

Someone finally hit upon the perfect solution. They implemented it and the problem ended. How do you think they solved the problem?