1 / 10

Quiz 2 Post-Mortem

Quiz 2 Post-Mortem. Bruce Maggs. Create a new BitCoin address, and use it only once. E.g., create a new wallet.

myrnam
Download Presentation

Quiz 2 Post-Mortem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quiz 2 Post-Mortem Bruce Maggs

  2. Create a new BitCoin address, and use it only once. E.g., create a new wallet. Create a new address and mine a BitCoin. Alternately, mail cash through U.S. Postal Service, along with your BitCoin address to someone who will exchange cash for BitCoin. (Illegal: steal someone’s BitCoin wallet.)

  3. Unlike TOR, all BitCoin transactions must be recorded in the public ledger. So it is possible for anyone to see who first transferred the BitCoin into the BitTOR relay network, and who received the BitCoin from the BitTOR network.

  4. Both certificates are legitimate and will be accepted without any warnings or problems. Malware signed with the certificate would not create any warning messages on installation, in fact, the user would be told the software came from a reliable publisher. The attacker can set up a fake Web site that appears to the user to be legitimate, i.e., no warnings about a bad certificate. Then the attacker can act as a man in the middle between the user and the actual site, e.g., a bank Web Site.

  5. It is inconvenient and expensive to get your server certificate signed, and the threat of man-in-the-middle attacks is perceived as being low. The client can verify that the server has had its identity checked by a reputable certificate authority. This guarantee provides more assurance than simply knowing that the public key has or has not been seen before.

  6. Alice sends ga to Bob and Carol, Bob sends gb to Alice and Carol, and Carol sends gc to Alice and Bob. Alice computes gab and gac, sends gab to Carol, gac to Bob. Bob sends gbc to Alice. Alice, Bob, and Carol can each compute gabc.

  7. The return address is not overwritten, so the attacker cannot transfer program execution to any code that might be injected by the buffer overflow.

  8. The attacker can now overwrite the return address and then inject the code that is to be executed on return.

  9. The text section should be read-only (or any attempts to modify it should cause a crash), and the program counter should not be allowed to go out of the text section.

  10. All connections pass through the firewall. The firewall can keep track of all connections initiated by hosts on the home network (and provide port-address translation if needed), and not allow packets in from outside for connections that aren’t already established, i.e., it provides protections (a) and (b).

More Related