the class logo
CSCI E-170 Calendar - Fall 2005

News and announcements

January 29th

Final project papers have been posted.

The best paper was:

And here are the other group papers:

January 27

Thank you for your participation in the class. Final grades must be obtained from the Registrar's office.

January 22

If you have not uploaded your photo to the class LiveJournal website, and if you attended class in Cambridge and contributed in class, please email your photo to the class staff before the final class tomorrow night.

January 16

Students who missed the presentations on January 9th are strongly advised to review the posted video before they complete their presentations for January 23rd. Although all of the presentations were interesting, some spent too much time on the introduction and not enough time discussing the original work that had been done by the project team. We will be expecting a higher level of polish from the groups that had an extra two weeks to finish their assignments.

All final projects are due at the start of class by Monday, January 23rd. By this time, each group should have uploaded both its slides and its final paper to the class website.

You are invited to provide feedback to members of your Project 1 and Project 2 team. Feedback forms are located at:

To use these forms you will require an EID. If you have lost your EID, you can request a new one at this form:

January 10

Joe will be having TA hours tomorrow at 6-8PM. Please mail him if you are planning on showing up and haven't already done so. Directions/Info: here

January 7

The bug in the HW4 script has been fixed. Thanks to those of you who pointed it out.

Don't forget, many groups are presenting on Monday.

January 4

Final projects may be submitted at http://e170.ex.com/submit.cgi. If you are presenting on Monday, please submit your slides using this interface as well. If your group is presenting with a movie, please email the URL of the movie to the course staff. Thank you!

December 21

Last year's final projects are at http://simson.net/ref/2004/csci_e-170/handouts/final/ if you want to have a look at them.

December 20

HW4 is posted at http://e170.ex.com/hw4.cgi. It has three problems. No SQL injection attack. Sorry!

December 17

Two important points of confusion to clear up:
  1. Several groups have written to the staff asking for "approval" for their final projects. This step is not necessary, because approval is not needed.
  2. Several students seem confused by the "feedback" website for class participation grades. The comment that you are writing is not to the class staff---this is a comment that will be delivered to your group partners. Write it to her or him, not to the class staff!

December 14

Two important notices:
  1. Students who are interested in doing a survey for their final project should review Harvard's guidelines for the use of humans research and contact Brenda Mahoney, who is the Extension School's liaison to the IRB. Even though the guidelines give the impression that you do not need to have a review, you do. However, the review can be very quick and done by staff. Please contact the course staff for Brenda Mahoney's contact information if you do not have it. Additional information can be found on the Extension school's website.
  2. The registrar has informed the course staff that grades are due two days after the last day that work is due. Therefore, we will be having final presentations on both January 9th and on January 23rd, and your final projects are now due on the 23rd. This means you have two extra weeks!

December 12

Links from class:

December 12

Please download and read the DHS report on Phishing before class.

We may also discuss Client-side defenses against web-based identity theft.

December 6

For our final project, we will be doing mock submissions to the Usenix Security '06 conference. Please review the call for papers on the Usenix website. The website supplies a LaTeX style file and a sample TeX file. We didn't like any of the Usenix Word templates, so we modified them to make our own. You can download the Microsoft Word Doc File if you are using Word. Please note how references are created.

December 1

Grades on the midterm projects have been distributed. If you have not received yours, please let us know.

All of the midterm projects are now available on the website. The two strongest midterm projects were:

The other midterm projects were:

November 27

Joe will not be able to have office hours this Tuesday, as he'll be at a Red Cross Disaster Training class. He'll be online various times throughout the week, so if you need to meet, just send an email or AIM message.

November 26

Here are the articles that we have been meaning to tell you about:

R. Morris and K. Thompson. UNIX password security. Communications of the ACM, 22(11):594--597, Nov. 1979.

Aleph One, Smashing the Stack for Fun and Profit, in Phrack issue 49, November 9, 1996.

November 25

Information about the final project has been posted.

November 21

Project ideas will be posted shortly.

Anil Jain has very kindly made his presentation on the uniqueness of fingerprints available for download.

November 20

Midterm projects should be submitted online.

November 15

A number of students have asked about HW4---in particular, they would like to do a HW4 for extra credit given the performance on the quiz.

To this end, we will be developing a new HW4 that will allow students who wish to participate to use it for extra credit. That HW4 will be released sometime in mid-December.

November 15

Here is the class distribution for Quiz #1: 
Single variable stats:
count= 60
min: 0 max: 98 range: 98
sum: 4396.5  sum of squares:  348491 
average: 73.275
variance: 26337.2  stddev: 20.9512

November 15

A significant number of students answered question Q3, Q4, Q7 and/or Q8 by simply using a few sentences or a paragraph from another author as their answer. Some of these answers were taken from the class reading, while other answers were taken from web pages, FAQs, other other unattributed online sources. This kind of unattributed referencing is a violation of both course policy and the academic standards of Harvard. Where we have detected this plagiarism, we have zeroed out the student's score on the entire question.

Simson Garfinkel discussed this issue at length during the first 20 minutes of Monday night's class and provided examples of both correct and incorrect citation practice.

In general, it is unacceptable to present another author's writing as your own, even if that author's writing is part of a text that has been assigned for this course. In this particular case, several of the more common answers that were presented were not even correct answers. For example, several students answered question 4-1, "What is Bugnosis," by responding "Bugnosis is a privacy analysis tool for the typical end user." Yet if you read the chapter on Bugnosis, you will see that it is not a privacy analysis tool for the typical end user: it is a web bug visualization tool that was designed for journalists and policy-makers. Although the sentence "Bugnosis is a privacy analysis tool for the typical end user" is the first sentence in a 5000-word chapter by the program's author on the program, it is not an acceptable one-sentence answer to the question.

If you were unable to attend or watch the live class you are invited to watch the video when it is made available and to review the slides, at http://e170.ex.com/slides/L08a.pdf.

If you feel that the staff made a mistake and your sentences were not taken directly from another author, or if you feel that we have been unfair in our grading, we are willing to review your quiz. However, we are not interested in arguing whether or not the lifting of another's sentence does or does not violate Harvard's policy on plagiarism, because it clearly does. We are also happy to refer any individual cases to the Harvard Extension School for adjudication.

November 14

HW4 has been canceled. A new, optional HW4 is under development. Please spend the time to think about your final projects.

exam1 and exam1 answers have been posted.

November 12

The course staff would like to call all students attention to the Harvard Extension School policy on Student Responsibilities, and in particular this paragraph on Academic Honesty:
Plagiarism. Plagiarism is the theft of someone else's ideas and work. Whether a student copies verbatim or simply rephrases the ideas of another without properly acknowledging the source, the theft is the same. A computer program written as part of the student's academic work is, like a paper, expected to be the student's original work and subject to the same standards of representation. In the preparation of work submitted to meet course requirements, whether a draft or a final version of a paper, project, take-home exam, computer program, or other written assignment, students must take great care to distinguish their own ideas and language from information derived from sources. Sources include published primary and secondary materials, the Internet, and information and opinions gained directly from other people. Whenever ideas or facts are derived from a student's reading and research, the sources must be properly cited.
If you believe that you have violated this policy, please send an email to the staff mailing list explaining when you violated the policy and how.

Thank you very much.

November 11

There seems to be some confusion regarding the grading of your midterm projects. To be clear: your grade in the project will be assigned by the Instructor and the TAs. However, your participation grade in the course, which is 20% of the overall grade, will be determined, in part, by the feedback we receive from your partners on the first and on the second project.

We apologize for any confusion that has arisen in this matter.

November 8

Joe will be holding his office hours online from now on, unless students specifically email him requesting office hours in person. Login to the AIM chatroom "cscie170" in order to discuss things. It's also a good place to discuss things even when a TF is not around.

November 4

Please submit the quiz by 10pm Eastern Time on Tuesday, November 8th

November 3

All students have been sent a link by which the midterm can be accessed. If you cannot access the midterm from this link, please email the class staff.

Please allow 4 hours to take the quiz.

Good luck.

November 2

HW3 has been sent out. If you haven't received it, something is wrong. LET US KNOW IF YOU DON'T GET HW3, because we will be using the same mailing list to send you your EID that is required to take the web-based version of the midterm quiz.

If your name is Henry and you work for the US Army, please send email to the staff mailing list. The only email address we have for you is bouncing, and your LiveJournal username doesn't work either.

November 1 (more)

I am sorry to report that the return of HW3 will be delayed for at least another day.

November 1

To answer another question --- the references in your midterm papers do not count towards the page limit.

Please note: It is expected that this paper will be properly referenced. You may use either the so-called "Harvard Style" or IEEE style to cite your references. A list of URLs at the end of the paper does not count as proper citations.

Here are examples of some papers we liked from HW2.

October 31 11:30pm

After class I was asked to make some quizzes from previous years available.

October 31

Homework 3 solutions can be found here.

October 30 (CORRECTED)

We've made some changes to the course schedule:

October 29

Additional information regarding the midterm project has been posted, including specifications for the final report and a suggested outline.

October 25

You should have received email regarding your midterm project group assignment. If you haven't, please send us email. Please contact the other members of your group and start to come up with a project idea. If you don't like your group name, you are free to change it --- but you can't change the first letter.

Good luck on the midterm projects. More information will be posted regarding them by the end of the week. Please feel to discuss in the LJ community.

October 24

Ideas for midterm projects have been posted. You will receive email regarding your group assignments.

Submissions for HW3 are closed. However, we will be accepting fixed signed email messages until 7pm Eastern Time on Tuesday October 24th.

October 19

The Diffie Hellman New Directions in Cryptography paper can be downloaded from this link on CiteSeer

Indeed, if you are looking for articles in the computer science literature, CiteSeer is always an excellent place to start.

October 18 [updated]

Readings for October 25th have been updated. The additional information on OpenSSL required for HW3 has been posted.

October 17

Grades for HW2 have been distributed. They are on a scale of 1 to 10. Joe will be having TA hours at MIT starting 10/18.

Here is the grade distribution for HW2: 

  0 *************
  1 
  2 
  3 
  4 
  5 
  6 
  7 *************
7.5 **********
  8 **
8.5 *************
  9 ****************************************
9.5 *****************************
 10 ****************************************

October 16

If you have any outstanding questions about hashing or cryptography, please post them to csci_e_170a before tomorrow night's class.

October 15: csci_e_170a is now active.

Because the homeworks are getting more complicated, we have opened up the second LiveJournal community for questions on the homeworks and course announcements. We prefer that questions be asked publicly, if possible, because this allows everybody else in the class to see the questions and the answers.

You can easily monitor both csci_e_170 and csci_e_170a in LiveJournal. Just add both to your "friends" list, then read the communities on your "friends" page.

Unlike csci_e_170, the account csci_e_170a is open for anybody to post questions. This allows people to post questions anonymously.

October 15 HW3 Posted

We apologize for the delay. HW3 is posted

October 11: Submission guidelines for HW1 and HW2

This is a reminder that homework may not be submitted by email. Specific submission guidelines were given for HW1 and HW2; please follow them.

Also, please remember that you should not submit your drive images for HW2. Please only submit your 3-page report.

You may make multiple submissions, but only the last one will be considered. We prefer that you submit a PDF file, but you may submit a Microsoft Word file if necessary.

October 11: HW3

We are a bit behind on getting out HW3, but hope to have it posted in a few days.

October 10: Q and A on HW2

Q: The assignment says to turn in "3" pages. How many words is that? Is that 3-pages single-spaced, or double-spaced?
A: You should make the paper 3 pages. If you believe that double-spacing makes the most effective use of your space, then you should do that. if you want to single-space, you should do that. You are graded on how you can use the 3 pages in the most effective manner to get across your point. For example, you might include a diagram, graphics, or tables. Alternatively, you might have three pages of well-written text. Those three pages are yours to use however you wish. Use them wisely.

October 9: Videos fixed; Homework submission now available.

We have been told that the problem with the videos has been fixed. Please let us know if you are still having problems.

Homework 2 may be submitted at this link. Please keep both your electronic receipt and your original file as submitted. Thank you.

October 7: Problem with the class videos

We have been advised by many students that there is a problem with the class videos on the Harvard Extension website. Harvard Extension is aware of the problem. In the future, if you have a problem with the website videos, please direct your problems directly to the webmaster of Harvard Extension---your class staff is powerless to do anything about it!

Thank you.

October 3: Update on HW2

There has been some confusion regarding the size of the memory stick or hard drive that needs to be imaged for HW2. To clarify: the image that you analyze must be at least 32MB but may be as large as you wish. However, the paper that you turn in may be no longer than 3 pages.

Also, there is no need for you to turn in the image that you image. We are solely interested in the 3-page paper.

Some forensics tools you may be interested in using are listed here

Your paper will be submitted on the class website, and not on the LiveJournal collaboration site. On Monday, October 10th, the means to submit the paper will be made apparent. Only papers submitted on the website will be accepted. Papers may not be sent by email.

Finally, because of the holiday, HW2 may be submitted as late as 5:30pm EASTERN TIME on October 11th. As late submissions will not be accepted, you are advised to submit your homework early.

September 30: Q and A for HW2 (revised)

Q: I can get a computer from a dump. Should I use it?
A: I don't know. In this assignment we aren't interested in the computer, we're interested in the hard drive. That dump computer might have an interesting hard drive, but it might not have one at all. Your goal is to find some data.

Q: The computer has a hard drive. What now?
A: The assignment doesn't really envision you working on a computer; the assignment envisions your getting a USB memory stick and imaging it. Still, if you want to use a computer, I would download a copy of Knoppix Linux and go with it. There is something called the Penguin Sleuth Kit which is a copy of Knoppix Linux with a copy of The Sleuth Kit. You can find out more about it at http://www.linux-forensics.com/. But you'll need to do some research here.

Q: Should I buy a new hard drive?
A: No; it won't have any data on it

Q: Should I borrow a hard drive from a friend?
A: No, it will probably be too big. The assignment says that you should borrow a USB drive or memory stick. Find something between 32M and 64M

Q: I don't have any friends.
A: Okay. Why don't you find a public computer and write a report about the data that other people have left behind on it? You could have fun with Knoppix Linux, but if you just want to muck around with Windows Explorer and Outlook Express, then I guess you'll do that and we'll grade you accordingly

Q: When you say imaging, do you mean taking snapshots of the raw data?
A: Yes. Copy all of the blocks from the device into a single disk file,

Q: I found a 64mb memory stick at my workplace and am using Disk Investigator (freeware: http://www.theabsolute.net/sware/dskinv.html)) on my Windows machine. Using this app I can save information separated by clusters into a text file. Does this suffice as imaging?
A: Yes.

Q:Is there a certain format that the report needs to be written in? e.g., simply -- what tool I am using, what were my findings for a 3 page report?
A: That would be great.

Q:Where can I get the disk image that you mentioned in class?
A:It can be downloaded from disk-fall2005.iso

September 26: Class Today!

If you have questions, you can send them by AIM to Joe Foley (AIM: mitfoley) or by sending email to the class staff.

September 26: Registration Statistics

There are currently 31 students registered for Section #1 (which meets in L01 at 5:30pm) and another 29 students for section #2 (which meets "online.") A total of 7 students are waitlisted for Section #1.

I have spoken with the administration and have been informed that the chairs in section L01 are reserved for students who are actually enrolled in section #1. If you wish to come to the class, please stand in the back until 5:30pm. At that point you can take a seat if any are free.

Also, we believe that the real-time video feed should be working.We have also verified that the video for the first class has been posted.

September 25: Video Release Forms

Please print out and download the video release form and bring this form to class. WIthout this form signed by members of the class, we can't show video images of students in the Cambridge classroom to the students who are taking the class remotely.

September 22: Video from Lecture 1

Video from Monday's class can be downloaded from http://cm.dce.harvard.edu/2006/01/12334/L01/index.html.

September 20: Corrections and URLs

We have been informed by the registrar that our last day of class is January 23rd, not January 9th as I had been originally informed. This means that there are an extra two weeks to work on your final projects! We will see if the TAs (and possibly the professor) can schedule some extra office hours in January, as January 2nd and January 16th are both holidays.

Slides from Monday's class can be downloaded from: http://e170.ex.com/slides/L01.ppt.

The article about online extortion is How a Bookmaker and a Whiz Kid Took On an Extortionist---and Won.

You can view the video, "the myth of Cyberterrorism," from http://crcs.deas.harvard.edu/newsevents.html.

September 18: Course Management Issues

September 15: Course textbook is published

 

The long-awaited textbook for this course was just published by O'Reilly. The course readings will be revised during the course to draw heavily from this book. Copies of the book readings are available online through the O'Reilly Safari service. This service has been licensed by some organizations. You can also sign up for a free 14-day account,

Questions or comments regarding CSCI E-170? Send e-mail.

CSCI E-170 home //

Assignments

All assignments will be posted from the reading list page, which you should check regularly for updates. Click on the recitation number or lecture number to see the assignment for that class meeting. If an assignment refers to a paper number, it typically is the number of the paper in the reading list. For your convenience, I have posted electronic versions of most papers. If an assignment requires you to hand in something, you are expected to hand it in at the beginning of the class meeting.