CS338 Computer Security Wednesday, 15 October 2025 + For Friday - Read the Doctorow opinion piece - It's easy to find more info (so much info!) about the DMCA online - Looking forward to hearing your questions and opinions - DMCA section 1201 "technical protection measures" (TPMs) - What are they? - Why would you outlaw "circumvention"? - One case study: tractors & copyright + Also for Friday, we're going to diagram Duo + Ethics homework - Questions? Comments? + Information security & the "CIA Triad" - Confidentiality - Integrity - Availability - Scenario: simple website with login (e.g., your medical records) - What do C, I, and A mean in this context? - Confidentiality - Means: medical records can't be accessed by somebody who doesn't have the (legal) right to view them - Attacks/problems - Bad doctor blabs (mitigations: laws & punishments; could have license revoked) - Storing data unencrypted - Steal a password 2FA, passkeys... - Using patient data to train AI or in a medical study - Integrity - Means: data is accurate and complete (e.g., not mixed up with somebody else's records); can't be modified - Attacks/problems - Bad doctor mis-enters the data - Stealing passwords/2FA tokens --> hacker messes with data - Improper or deleted backups & crash recovery stuff no processes to periodically test backups - Availability - Means: patient can see the records, medical personnel too, ... - Attacks/problems - Barriers to login (e.g., paywall, time delays, really shitty UIs,...) - Mis-set permissions - Servers go down (even for maintenance); if there's not a redundant server, then you just can't get your data - Denial of service attacks (e.g., flood server with SYN packets) - Scenario: OneCard funds - What, if anything, is missing from "CIA"? - Non-repudiation - Utility - ... + Lab, if time