CS338 Computer Security Friday, 6 May 2022 + Sorry, tests not quite graded + Security news - Have you seen any interesting stories? - "supply chain attacks", software quality problems - https://blog.sonatype.com/npm-project-used-by-millions-hijacked-in-supply-chain-attack - https://www.bleepingcomputer.com/news/software/sheetjs-ditches-npm-registry-over-2fa-requirement-and-legal-matters/ - https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ - https://www.vice.com/en/article/akvmke/facebook-doesnt-know-what-it-does-with-your-data-or-where-it-goes + Just read this because it's ridiculous - https://webaim.org/blog/user-agent-string-history/ + Questions + Security models - CIA - Example scenarios - What's missing? - What does Parker add? - Bell LaPadula & Biba - ??? + Password storage assignment (due Monday night) - Hashes - Salt - Your assignment - Think about this: when you type your password into a browser, which software has access to it? when is it stored on disk? when is it stored in memory? which computer's memory? which application's memory? + After that: (due next Friday) - Being Mal: PITM using ARP cache poisoning