Important notes about the lecture slides (read this first)

Lecture slides

ModuleSlidesLecture
number
Lecture dateTextbook sections
1 (PDF)
(3up)
Lecture 1 3 January 1.1 – 1.11
Optional reading: The 10 privacy principles of PIPEDA
2 (PDF)
(3up)
Lecture 2 5 January 3.1, 3.2
Mandatory reading before class: Smashing The Stack For Fun And Profit
Optional reading: On the Evolution of Buffer Overflows
Optional reading: Exploiting Format String Vulnerabilities
Optional reading: Example format string vulnerability from November 2011
Optional reading: A Taxonomy of Computer Program Security Flaws, with Examples
Lecture 3 10 January 3.3
Optional reading: The Spread of the Sapphire/Slammer Worm; also: Slammed!
Lecture 4 12 January 3.4
Mandatory reading before class: Reflections on Trusting Trust
Optional reading: Linux Kernel "Back Door" Attempt
Optional reading: Did the FBI put a backdoor in OpenBSD?
Optional reading: Salami attacks
Optional reading: Two-factor Man-in-the-Middle attacks: ABN Ambro incident; Citibank incident
Optional reading: MITM Malware Re-Writes Online Bank Statements
Lecture 5 17 January 3.5
Optional reading: An operating system kernel with a formal proof of security
3 (PDF)
(3up)
Lecture 6 19 January 4.1, 4.2, 4.3, 4.4
Optional reading: Caja: Capability-based Javascript. Project webpage; draft specification
Optional reading: Android permissions demystified
Lecture 7 24 January 4.5
Optional reading: MySpace Passwords Aren't So Dumb
Optional reading: The Top 50 Gawker Passwords
Optional reading: Gawker mishandles non-ASCII passwords
Optional reading: Secure Passwords Keep You Safer
Optional reading: Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication
Lecture 8 26 January 5.1, 5.2
Optional reading: The difficuilties of fingerprints
Lecture 9 31 January 5.3, 5.4, 5.5
Mandatory reading before class: The Protection of Information in Computer Systems, section I.A. (only section I.A. is mandatory)
Optional reading: The Security Principles of Saltzer and Schroeder, illlustrated with scenes from Star Wars
Optional reading: SELinux
4 (PDF)
(3up)
Lecture 10 2 February 7.1
Optional reading: How a Classic Man-in-the-Middle Attack Saved Colombian Hostages
Lecture 11 7 February 7.2
Optional reading: Storm
Lecture 12 9 February 7.3, 7.4
Optional reading: Pakistan hijacks YouTube
Optional reading: The flap heard around the world
Optional reading: Egypt leaves the Internet
5 (PDF)
(3up)
Lecture 13 14 February 2.4
Optional reading: COPACOBANA
Optional reading: A Stick Figure Guide to AES
Lecture 14 16 February 2.7
Lecture 15 28 February 2.8, 7.3
Lecture 16 1 March 7.3, 10
Optional reading: Cracking WEP in 60 seconds
Optional reading: Intercepting Mobile Communications: The Insecurity of 802.11
Lecture 17 6 March 7.3, 10
Optional reading: Certified Lies: Detecting and Defeating Government. Interception Attacks Against SSL
Optional reading: The Tor Project
Optional reading: The Sybil Attack
Lecture 18 8 March 7.3, 10
Optional reading: SSH: passwords or keys?
Optional reading: Mixminion
Optional reading: Off-the-Record Messaging
6 (PDF)
(3up)
Lecture 19 13 March 6.1 – 6.4
Lecture 20 15 March 6.5 – 6.7
Lecture 21 20 March 6.8, 10.4
Optional reading: ℓ-Diversity: Privacy Beyond k-Anonymity
Optional reading: t-Closeness: Privacy Beyond k-Anonymity and ℓ-Diversity
Optional reading: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization
7 (PDF)
(3up)
DRAFT
Lecture 22 22 March 8.1, 8.2, 8.3
Optional reading: UW's continuity plan in case of a pandemic
Optional reading: UW's emergency response policy
Lecture 23 27 March 8.4, 11.1, 11.2
Optional reading: PogoWasRight.org, databreaches.net: Privacy news, data breaches, and privacy-related events and resources from around the world
Optional reading: Open Security Foundation's Data Loss Database
Optional reading: The Computer Centre Incident at Concordia
Optional reading: Visual Cryptography (example)
Optional reading: Waterloo's Electronic Media Disposal Guidelines
Lecture 24 29 March 11.4, 11.5, 11.6
Optional reading: The Athens Affair
Mandatory reading: Arguments on bill C-30 (for) (against)
Optional viewing: A Fair(y) Use Tale
Optional reading: Bruce Schneier on Full Disclosure (Google's view) (Microsoft's view)
Optional reading: Codes of ethics: ACM IEEE CIPS