CS338 Computer Security
Wednesday, 13 September 2023

+ CS 231 vs. CS 338
- We renumbered 231 to 338 in 2022. Same course.
- You may see 231's pop up in various videos and assignments.

+ Today
- Practicing the "security mindset"
- Some networking

+ Practicing the security mindset: AirTag, Tile
- What is the stated purpose of the products?
- What software and hardware is involved?
- What people are (or could be) involved?
- How could you use them that might not be how Apple or Tile intended?
- What questions would you want answers to?
    What are Apple & Tile doing with the data?
        How valuable is this data? (Just suitcases...)
    What other data besides location are they getting?
        Is the accessible to a hacker?
    Has the system been hacked?
    Exactly how do they get the location? Does it work in remote places?
    How long do they last?
    Legal implications? Regulations?
        Law enforcement access?
    
- Anything else?

Tracking wildlife (including housecats)
Stalk a person
    stalk a car
Find a person's body
Play a game (buy the 4-pack! only $99 + shipping)
Track logistics (shipping containers, packages, etc.)
Keeping workers "productive"
Frame someone for a crime [details to follow]
Track your kids
Track security guards on their rounds
Hack it -- where are all the other ones
Attach it to something that doesn't move
    Hidden on somebody's desk
        They have an iPhone, and they keep getting warned
        Freaks them out
        But then later, they're desensitized, and you can
            actually track
    In somebody's room. The beep that the thing makes can
        be super-disruptive


+ Questions
- Trouble getting Kali or Wireshark going?
- HTTP video
    - IP address
    - TCP purpose
    - Packets, frames, datagrams, etc.
    - Ports
    - Two uses of the word "header"
        - packet headers
        - HTTP headers
- ??

+ Network tools lab
- Lots of possible answers
- We'll debrief after a while

1. ifconfig, ip a, ipconfig... (Mac), etc.
2. dig, traceroute, ping, nslookup, host ...
    traceroute bad.horse
3. nslookup, tons of websites
    but unsatisfying, because these tools don't show you all the domain
    names associated with a given IP address

--- Stopped here for time ---

+ Next
- Reading the HTTP specification
- HTTP Basic Authentication (and what is authentication, anyway?)