News and announcements
January 29thFinal project papers have been posted.
The best paper was:
- Secure Radio Frequency Identification, team Zope.
- The Dynamics of Digital Rights Management: A Preliminary Application of System Dynamics in the Security Domain, team Yangtze.
- Security Across Multiple Use Sectors: Gaming Education, team X-ray.
- Cookie Patrol---Raising Cookie Privacy Awareness, team Water.
- Implementation of a Collision Resistant Convolutional Hashing Function , team Violet.
- Use of sound to render discrete TCP/IP data: An adjunct to HIPS Technologies , team Uniform.
- Effectiveness and Usability of Popular Desktop Spam Solutions, team Tango.
- The Problem of Multilingual Spam Does Localizing an Operating System Make it More Effective in Filtering Spam? An Effectiveness Comparison Report , team Sierra.
- National Identification Cards: Balancing Technology & Privacy , team Radish.
- Secure Single Sign On, team Panama.
- Assessing Bluetooth Security Risks in Public Places, team Orange.
- Protecting Our Children From Internet Predators, team Micro.
- Receipt-freeness in Large-scale Electronic Voting through Voter Randomization, team Nautilus.
January 27Thank you for your participation in the class. Final grades must be obtained from the Registrar's office.
January 22If you have not uploaded your photo to the class LiveJournal website, and if you attended class in Cambridge and contributed in class, please email your photo to the class staff before the final class tomorrow night.
January 16Students who missed the presentations on January 9th are strongly advised to review the posted video before they complete their presentations for January 23rd. Although all of the presentations were interesting, some spent too much time on the introduction and not enough time discussing the original work that had been done by the project team. We will be expecting a higher level of polish from the groups that had an extra two weeks to finish their assignments.
All final projects are due at the start of class by Monday, January 23rd. By this time, each group should have uploaded both its slides and its final paper to the class website.
You are invited to provide feedback to members of your Project 1 and Project 2 team. Feedback forms are located at:
To use these forms you will require an EID. If you have lost your EID, you can request a new one at this form:
January 10Joe will be having TA hours tomorrow at 6-8PM. Please mail him if you are planning on showing up and haven't already done so. Directions/Info: here
January 7The bug in the HW4 script has been fixed. Thanks to those of you who pointed it out.
Don't forget, many groups are presenting on Monday.
January 4Final projects may be submitted at http://e170.ex.com/submit.cgi. If you are presenting on Monday, please submit your slides using this interface as well. If your group is presenting with a movie, please email the URL of the movie to the course staff. Thank you!
December 21Last year's final projects are at http://simson.net/ref/2004/csci_e-170/handouts/final/ if you want to have a look at them.
December 20HW4 is posted at http://e170.ex.com/hw4.cgi. It has three problems. No SQL injection attack. Sorry!
December 17Two important points of confusion to clear up:
- Several groups have written to the staff asking for "approval" for their final projects. This step is not necessary, because approval is not needed.
- Several students seem confused by the "feedback" website for class participation grades. The comment that you are writing is not to the class staff---this is a comment that will be delivered to your group partners. Write it to her or him, not to the class staff!
December 14Two important notices:
- Students who are interested in doing a survey for their final project should review Harvard's guidelines for the use of humans research and contact Brenda Mahoney, who is the Extension School's liaison to the IRB. Even though the guidelines give the impression that you do not need to have a review, you do. However, the review can be very quick and done by staff. Please contact the course staff for Brenda Mahoney's contact information if you do not have it. Additional information can be found on the Extension school's website.
- The registrar has informed the course staff that grades are due two days after the last day that work is due. Therefore, we will be having final presentations on both January 9th and on January 23rd, and your final projects are now due on the 23rd. This means you have two extra weeks!
December 12Links from class:
- Garfinkel, RObertson, Elledge and Levine, The 24-page Syncframe (the 24-page extended remix version.)
- Phishing Research at IU website and paper.
December 12Please download and read the DHS report on Phishing before class.
We may also discuss Client-side defenses against web-based identity theft.
December 6For our final project, we will be doing mock submissions to the Usenix Security '06 conference. Please review the call for papers on the Usenix website. The website supplies a LaTeX style file and a sample TeX file. We didn't like any of the Usenix Word templates, so we modified them to make our own. You can download the Microsoft Word Doc File if you are using Word. Please note how references are created.
December 1Grades on the midterm projects have been distributed. If you have not received yours, please let us know.
All of the midterm projects are now available on the website. The two strongest midterm projects were:
- Trends in Biometrics and User Acceptance , by Team Future (Ellen Jervis, Matt Kennedy, Neal Kepler, and Julia Kim).
- Steganography: Two Faces of a Coin, by Team Money (Migdalia Rosa, David Root, Ricardo Rodriguez, Gerrick Rodrigues)
The other midterm projects were:
- How to Avoid Phishing in a Bad Pond? (Alberta)
- Building Security and Privacy into RFID Systems (Bravo)
- Phishing Attacks: A Survey of their History, Techniques and Possible Solutions (Crystal)
- HIPAA and Reality of Being a Medical Resident (Danger)
- An Examination of Some Anti-Phishing Legislation and Solutions (Epiphany)
- STEGANOGRAPHY (Grand)
- Cryptographic File Systems (Helix)
- FairPlay: Ecfectiveness and Weaknesses of Apple's Digital Right Management Technology (Indigo)
- Cryptographic File Systems (Jacobian)
- Trends of Spyware, Viruses and Exploits (King)
- A Comparison on the Security of VoIP and POTS (Larkspur)
- VoIP Security Threat Assessment (November)
- Digital Rights Management Inside the Movie Theater (October)
- Comparison of the legal obligations of hospitals to safeguard patient's medical chart information from unauthorized disclosure within the United States and Japan (Piper)
November 27Joe will not be able to have office hours this Tuesday, as he'll be at a Red Cross Disaster Training class. He'll be online various times throughout the week, so if you need to meet, just send an email or AIM message.
November 26Here are the articles that we have been meaning to tell you about:
R. Morris and K. Thompson. UNIX password security. Communications of the ACM, 22(11):594--597, Nov. 1979.
Aleph One, Smashing the Stack for Fun and Profit, in Phrack issue 49, November 9, 1996.
November 25Information about the final project has been posted.
November 21Project ideas will be posted shortly.
Anil Jain has very kindly made his presentation on the uniqueness of fingerprints available for download.
November 20Midterm projects should be submitted online.
November 15A number of students have asked about HW4---in particular, they would like to do a HW4 for extra credit given the performance on the quiz.
To this end, we will be developing a new HW4 that will allow students who wish to participate to use it for extra credit. That HW4 will be released sometime in mid-December.
November 15Here is the class distribution for Quiz #1:
Single variable stats: count= 60 min: 0 max: 98 range: 98 sum: 4396.5 sum of squares: 348491 average: 73.275 variance: 26337.2 stddev: 20.9512
November 15A significant number of students answered question Q3, Q4, Q7 and/or Q8 by simply using a few sentences or a paragraph from another author as their answer. Some of these answers were taken from the class reading, while other answers were taken from web pages, FAQs, other other unattributed online sources. This kind of unattributed referencing is a violation of both course policy and the academic standards of Harvard. Where we have detected this plagiarism, we have zeroed out the student's score on the entire question.
Simson Garfinkel discussed this issue at length during the first 20 minutes of Monday night's class and provided examples of both correct and incorrect citation practice.
In general, it is unacceptable to present another author's writing as your own, even if that author's writing is part of a text that has been assigned for this course. In this particular case, several of the more common answers that were presented were not even correct answers. For example, several students answered question 4-1, "What is Bugnosis," by responding "Bugnosis is a privacy analysis tool for the typical end user." Yet if you read the chapter on Bugnosis, you will see that it is not a privacy analysis tool for the typical end user: it is a web bug visualization tool that was designed for journalists and policy-makers. Although the sentence "Bugnosis is a privacy analysis tool for the typical end user" is the first sentence in a 5000-word chapter by the program's author on the program, it is not an acceptable one-sentence answer to the question.
If you were unable to attend or watch the live class you are invited to watch the video when it is made available and to review the slides, at http://e170.ex.com/slides/L08a.pdf.
If you feel that the staff made a mistake and your sentences were not taken directly from another author, or if you feel that we have been unfair in our grading, we are willing to review your quiz. However, we are not interested in arguing whether or not the lifting of another's sentence does or does not violate Harvard's policy on plagiarism, because it clearly does. We are also happy to refer any individual cases to the Harvard Extension School for adjudication.
November 14HW4 has been canceled. A new, optional HW4 is under development. Please spend the time to think about your final projects.
November 12The course staff would like to call all students attention to the Harvard Extension School policy on Student Responsibilities, and in particular this paragraph on Academic Honesty:
Plagiarism. Plagiarism is the theft of someone else's ideas and work. Whether a student copies verbatim or simply rephrases the ideas of another without properly acknowledging the source, the theft is the same. A computer program written as part of the student's academic work is, like a paper, expected to be the student's original work and subject to the same standards of representation. In the preparation of work submitted to meet course requirements, whether a draft or a final version of a paper, project, take-home exam, computer program, or other written assignment, students must take great care to distinguish their own ideas and language from information derived from sources. Sources include published primary and secondary materials, the Internet, and information and opinions gained directly from other people. Whenever ideas or facts are derived from a student's reading and research, the sources must be properly cited.If you believe that you have violated this policy, please send an email to the staff mailing list explaining when you violated the policy and how.
Thank you very much.
November 11There seems to be some confusion regarding the grading of your midterm projects. To be clear: your grade in the project will be assigned by the Instructor and the TAs. However, your participation grade in the course, which is 20% of the overall grade, will be determined, in part, by the feedback we receive from your partners on the first and on the second project.
We apologize for any confusion that has arisen in this matter.
November 8Joe will be holding his office hours online from now on, unless students specifically email him requesting office hours in person. Login to the AIM chatroom "cscie170" in order to discuss things. It's also a good place to discuss things even when a TF is not around.
November 4Please submit the quiz by 10pm Eastern Time on Tuesday, November 8th
November 3All students have been sent a link by which the midterm can be accessed. If you cannot access the midterm from this link, please email the class staff.
Please allow 4 hours to take the quiz.
November 2HW3 has been sent out. If you haven't received it, something is wrong. LET US KNOW IF YOU DON'T GET HW3, because we will be using the same mailing list to send you your EID that is required to take the web-based version of the midterm quiz.
If your name is Henry and you work for the US Army, please send email to the staff mailing list. The only email address we have for you is bouncing, and your LiveJournal username doesn't work either.
November 1 (more)I am sorry to report that the return of HW3 will be delayed for at least another day.
November 1To answer another question --- the references in your midterm papers do not count towards the page limit.
Please note: It is expected that this paper will be properly referenced. You may use either the so-called "Harvard Style" or IEEE style to cite your references. A list of URLs at the end of the paper does not count as proper citations.
Here are examples of some papers we liked from HW2.
October 31 11:30pmAfter class I was asked to make some quizzes from previous years available.
- Quiz 1 solutions from last year
- Quiz 2 from last year
- Quiz 1 solutions from Summer 2004
- Quiz 2 from summer 2004
October 31Homework 3 solutions can be found here.
October 30 (CORRECTED)We've made some changes to the course schedule:
- Lecture 7 will now be the Introduction to HCI and Usability. Lectures 7 through 14 will have minor changes.
- January 23 will now be the CSCI E-170 class discussion and party. (Since we couldn't have work due, and final projects were already due.) We may have another guest speaker. It will not be broadcast, but remote students are welcome to come to Cambridge! Location to be announced.
- Midterm projects are due on November 21th. (Apologies for the error in the previous posting.)
- HW4 will be Nov. 21 - Dec. 5
- Final projects will be presented on January 9th.
October 29Additional information regarding the midterm project has been posted, including specifications for the final report and a suggested outline.
October 25You should have received email regarding your midterm project group assignment. If you haven't, please send us email. Please contact the other members of your group and start to come up with a project idea. If you don't like your group name, you are free to change it --- but you can't change the first letter.
Good luck on the midterm projects. More information will be posted regarding them by the end of the week. Please feel to discuss in the LJ community.
October 24Ideas for midterm projects have been posted. You will receive email regarding your group assignments.
Submissions for HW3 are closed. However, we will be accepting fixed signed email messages until 7pm Eastern Time on Tuesday October 24th.
October 19The Diffie Hellman New Directions in Cryptography paper can be downloaded from this link on CiteSeer
Indeed, if you are looking for articles in the computer science literature, CiteSeer is always an excellent place to start.
October 18 [updated]Readings for October 25th have been updated. The additional information on OpenSSL required for HW3 has been posted.
October 17Grades for HW2 have been distributed. They are on a scale of 1 to 10. Joe will be having TA hours at MIT starting 10/18.
Here is the grade distribution for HW2:
0 ************* 1 2 3 4 5 6 7 ************* 7.5 ********** 8 ** 8.5 ************* 9 **************************************** 9.5 ***************************** 10 ****************************************
October 16If you have any outstanding questions about hashing or cryptography, please post them to csci_e_170a before tomorrow night's class.
October 15: csci_e_170a is now active.Because the homeworks are getting more complicated, we have opened up the second LiveJournal community for questions on the homeworks and course announcements. We prefer that questions be asked publicly, if possible, because this allows everybody else in the class to see the questions and the answers.
October 15 HW3 PostedWe apologize for the delay. HW3 is posted
October 11: Submission guidelines for HW1 and HW2This is a reminder that homework may not be submitted by email. Specific submission guidelines were given for HW1 and HW2; please follow them.
Also, please remember that you should not submit your drive images for HW2. Please only submit your 3-page report.
You may make multiple submissions, but only the last one will be considered. We prefer that you submit a PDF file, but you may submit a Microsoft Word file if necessary.
October 11: HW3We are a bit behind on getting out HW3, but hope to have it posted in a few days.
October 10: Q and A on HW2Q: The assignment says to turn in "3" pages. How many words is that? Is that 3-pages single-spaced, or double-spaced? A: You should make the paper 3 pages. If you believe that double-spacing makes the most effective use of your space, then you should do that. if you want to single-space, you should do that. You are graded on how you can use the 3 pages in the most effective manner to get across your point. For example, you might include a diagram, graphics, or tables. Alternatively, you might have three pages of well-written text. Those three pages are yours to use however you wish. Use them wisely.
October 9: Videos fixed; Homework submission now available.We have been told that the problem with the videos has been fixed. Please let us know if you are still having problems.
Homework 2 may be submitted at this link. Please keep both your electronic receipt and your original file as submitted. Thank you.
October 7: Problem with the class videosWe have been advised by many students that there is a problem with the class videos on the Harvard Extension website. Harvard Extension is aware of the problem. In the future, if you have a problem with the website videos, please direct your problems directly to the webmaster of Harvard Extension---your class staff is powerless to do anything about it!
October 3: Update on HW2There has been some confusion regarding the size of the memory stick or hard drive that needs to be imaged for HW2. To clarify: the image that you analyze must be at least 32MB but may be as large as you wish. However, the paper that you turn in may be no longer than 3 pages.
Also, there is no need for you to turn in the image that you image. We are solely interested in the 3-page paper.
Some forensics tools you may be interested in using are listed here
Your paper will be submitted on the class website, and not on the LiveJournal collaboration site. On Monday, October 10th, the means to submit the paper will be made apparent. Only papers submitted on the website will be accepted. Papers may not be sent by email.
Finally, because of the holiday, HW2 may be submitted as late as 5:30pm EASTERN TIME on October 11th. As late submissions will not be accepted, you are advised to submit your homework early.
Q: The computer has a hard drive. What now? A: The assignment doesn't really envision you working on a computer; the assignment envisions your getting a USB memory stick and imaging it. Still, if you want to use a computer, I would download a copy of Knoppix Linux and go with it. There is something called the Penguin Sleuth Kit which is a copy of Knoppix Linux with a copy of The Sleuth Kit. You can find out more about it at http://www.linux-forensics.com/. But you'll need to do some research here.
Q: Should I buy a new hard drive? A: No; it won't have any data on it
Q: Should I borrow a hard drive from a friend? A: No, it will probably be too big. The assignment says that you should borrow a USB drive or memory stick. Find something between 32M and 64M
Q: I don't have any friends. A: Okay. Why don't you find a public computer and write a report about the data that other people have left behind on it? You could have fun with Knoppix Linux, but if you just want to muck around with Windows Explorer and Outlook Express, then I guess you'll do that and we'll grade you accordingly
Q: When you say imaging, do you mean taking snapshots of the raw data?
A: Yes. Copy all of the blocks from the device into a single disk file,
Q: I found a 64mb memory stick at my workplace and am using Disk Investigator (freeware: http://www.theabsolute.net/sware/dskinv.html)) on my Windows machine. Using this app I can save information separated by clusters into a text file. Does this suffice as imaging?
Q:Is there a certain format that the report needs to be written in? e.g., simply -- what tool I am using, what were my findings for a 3 page report?
A: That would be great.
Q:Where can I get the disk image that you mentioned in class?
A:It can be downloaded from disk-fall2005.iso
September 26: Class Today!If you have questions, you can send them by AIM to Joe Foley (AIM: mitfoley) or by sending email to the class staff.
September 26: Registration StatisticsThere are currently 31 students registered for Section #1 (which meets in L01 at 5:30pm) and another 29 students for section #2 (which meets "online.") A total of 7 students are waitlisted for Section #1.
I have spoken with the administration and have been informed that the chairs in section L01 are reserved for students who are actually enrolled in section #1. If you wish to come to the class, please stand in the back until 5:30pm. At that point you can take a seat if any are free.
Also, we believe that the real-time video feed should be working.We have also verified that the video for the first class has been posted.
September 25: Video Release FormsPlease print out and download the video release form and bring this form to class. WIthout this form signed by members of the class, we can't show video images of students in the Cambridge classroom to the students who are taking the class remotely.
September 22: Video from Lecture 1Video from Monday's class can be downloaded from http://cm.dce.harvard.edu/2006/01/12334/L01/index.html.
September 20: Corrections and URLsWe have been informed by the registrar that our last day of class is January 23rd, not January 9th as I had been originally informed. This means that there are an extra two weeks to work on your final projects! We will see if the TAs (and possibly the professor) can schedule some extra office hours in January, as January 2nd and January 16th are both holidays.
Slides from Monday's class can be downloaded from: http://e170.ex.com/slides/L01.ppt.
The article about online extortion is How a Bookmaker and a Whiz Kid Took On an Extortionist---and Won.
You can view the video, "the myth of Cyberterrorism," from http://crcs.deas.harvard.edu/newsevents.html.
September 18: Course Management Issues
- We will once again be using LiveJournal as our course management system. If you are enrolled in this course, you must create a account on LiveJournal. You may either use an existing LiveJournal account or you may create an account especially for the course purposes. LiveJournal accounts are free---there is no need to upgrade to a "paid" account for this course.
- Your LiveJournal username will be your unique identifier for the course. Once you have signed up for LiveJournal, please click here to join the community. Then email the course staff with your LiveJournal name and your Harvard ID. Only enrolled students will be approved for entry into the community.
- LiveJournal community postings can be given different security levels, including "public," "friends" and "private." If your posting is "public" it will be visible to anybody on the Internet. If it is restricted to "friends" it will be visible by those in the community. "Private" will only be visible to you. Also, be sure that you post in the community and not in your personal LiveJournal area.
- You may wish to add csci_e_170 to your LiveJournal "friends" community. In this way, the postings to the community will show up on your "friends" page.
- One of the advantages of using LiveJournal is that you can get an RSS feed of the new postings to the course. Last year we created a second LiveJournal community for course announcements. That was less successful, so I do not think that we will be using that second account this year.
September 15: Course textbook is published
The long-awaited textbook for this course was just published by O'Reilly. The course readings will be revised during the course to draw heavily from this book. Copies of the book readings are available online through the O'Reilly Safari service. This service has been licensed by some organizations. You can also sign up for a free 14-day account,