1 00:00:00,000 --> 00:00:01,808 [MUSIC PLAYING] 2 00:00:01,808 --> 00:00:04,520 3 00:00:04,520 --> 00:00:06,500 DAVID MALAN: This is CS50 Live. 4 00:00:06,500 --> 00:00:09,230 Now, you may recall just a few weeks ago GitLab, 5 00:00:09,230 --> 00:00:12,320 a popular website for hosting people's sourcecode 6 00:00:12,320 --> 00:00:16,185 suffered a bit of a error, whereby they deleted a whole lot of data 7 00:00:16,185 --> 00:00:17,060 from their customers. 8 00:00:17,060 --> 00:00:20,900 And it turns out just a few weeks later, did another company, DigitalOcean-- 9 00:00:20,900 --> 00:00:24,350 this one a cloud hosting provider, whereby you can host your websites 10 00:00:24,350 --> 00:00:25,370 on them in the cloud-- 11 00:00:25,370 --> 00:00:27,450 also made a bit of a mistake. 12 00:00:27,450 --> 00:00:28,820 Indeed, they reported this. 13 00:00:28,820 --> 00:00:32,299 "On April 5th 2017 we began to receive alerts 14 00:00:32,299 --> 00:00:34,970 that our public services were not functioning." 15 00:00:34,970 --> 00:00:37,940 They went on to say, "within three minutes of the initial alerts 16 00:00:37,940 --> 00:00:42,290 we discovered that our primary database had been deleted." 17 00:00:42,290 --> 00:00:44,630 The root cause of this incident, they later said, 18 00:00:44,630 --> 00:00:49,850 was, "an engineering driven configuration error." 19 00:00:49,850 --> 00:00:54,470 they went on, "a process performing automated testing was misconfigured 20 00:00:54,470 --> 00:00:56,360 using production credentials." 21 00:00:56,360 --> 00:00:59,120 Now, for more on this, and to explain this failure let's 22 00:00:59,120 --> 00:01:02,300 go to a CS50's own, Doug Lloyd. 23 00:01:02,300 --> 00:01:06,600 DOUG LLOYD: An engineering driven configuration. 24 00:01:06,600 --> 00:01:07,190 No. 25 00:01:07,190 --> 00:01:08,120 Somebody screwed up. 26 00:01:08,120 --> 00:01:09,650 Somebody typed the wrong thing. 27 00:01:09,650 --> 00:01:10,820 And they screwed up. 28 00:01:10,820 --> 00:01:12,170 Back to you, David. 29 00:01:12,170 --> 00:01:15,440 DAVID MALAN: If you'd like to dive in deeper to this particular error, 30 00:01:15,440 --> 00:01:17,580 head to this URL here. 31 00:01:17,580 --> 00:01:20,990 Now, speaking of failures, also in the news of late was CloudFlare. 32 00:01:20,990 --> 00:01:24,740 This time a cloud based company that provides content delivery network 33 00:01:24,740 --> 00:01:27,020 services, or CDN services. 34 00:01:27,020 --> 00:01:31,130 It turns out that this company, which many other websites use in order 35 00:01:31,130 --> 00:01:35,510 to serve up their data, static data, in particular, HTML, and the like, 36 00:01:35,510 --> 00:01:40,100 had a bit of a bug, whereby they were accidentally leaking some customer's 37 00:01:40,100 --> 00:01:42,560 data in other customers websites. 38 00:01:42,560 --> 00:01:47,090 In particular, in some cases, which, to be fair, were rare but common enough 39 00:01:47,090 --> 00:01:49,370 that researchers at Google and beyond saw this, 40 00:01:49,370 --> 00:01:53,630 if certain web pages had HTML like this where the tag was not 41 00:01:53,630 --> 00:01:56,570 fully closed as there at right what would happen 42 00:01:56,570 --> 00:02:00,230 is this, so-called buffer overflow, whereby data actually leaked out 43 00:02:00,230 --> 00:02:02,210 of their servers to the wrong customers. 44 00:02:02,210 --> 00:02:06,050 So for instance, if a customer was very deliberately pulling this music website 45 00:02:06,050 --> 00:02:10,009 here they might actually see, maybe later in the website, or somewhere else 46 00:02:10,009 --> 00:02:13,880 in its source code, text, or specifically HTTP headers, 47 00:02:13,880 --> 00:02:16,430 and other data, belonging to other customers. 48 00:02:16,430 --> 00:02:18,310 Now, who might those customers be? 49 00:02:18,310 --> 00:02:20,330 Well, if I'm visiting this music based website, 50 00:02:20,330 --> 00:02:22,940 I might actually be seeing data from other customers who 51 00:02:22,940 --> 00:02:26,630 have accounts on Uber, or OkCupid, or FitBit, or others, 52 00:02:26,630 --> 00:02:28,850 which is to say, even, if I don't have an OkCupid 53 00:02:28,850 --> 00:02:31,640 account, or Fitbit, or an Uber account, I 54 00:02:31,640 --> 00:02:35,100 might be seeing someone else's data who actually does. 55 00:02:35,100 --> 00:02:36,530 So suffice it to say, this is bad. 56 00:02:36,530 --> 00:02:40,110 But its origins could be traced to a very specific line of code. 57 00:02:40,110 --> 00:02:43,190 In fact, in C, on the servers that CloudFlare were running, 58 00:02:43,190 --> 00:02:44,640 were these lines here. 59 00:02:44,640 --> 00:02:48,620 And notice the check of two pointers, P and PE for equality. 60 00:02:48,620 --> 00:02:52,690 The result of which was this, because of that overflow error 61 00:02:52,690 --> 00:02:57,710 it's possible that PE could sometimes be smaller than P. And so, 62 00:02:57,710 --> 00:02:59,960 simply by checking only for equals equals 63 00:02:59,960 --> 00:03:02,510 was the problem, ultimately resulting. 64 00:03:02,510 --> 00:03:05,540 And so had the check been done using greater than or equal to, 65 00:03:05,540 --> 00:03:09,200 instead of just equal equal to, jumping over the buffer end 66 00:03:09,200 --> 00:03:10,280 would have been caught. 67 00:03:10,280 --> 00:03:15,050 A simple fix, and a relatively simple problem, with massive implications 68 00:03:15,050 --> 00:03:16,760 for customer's privacy. 69 00:03:16,760 --> 00:03:20,520 Now, in other, even scarier, news is in Brazil, 70 00:03:20,520 --> 00:03:24,500 whereby bank robbers actually hijacked and robbed 71 00:03:24,500 --> 00:03:27,560 a bank that was using its website in order 72 00:03:27,560 --> 00:03:31,770 to provide users with transactions, and support for adding online banking. 73 00:03:31,770 --> 00:03:34,590 Unfortunately, they were not particularly secure. 74 00:03:34,590 --> 00:03:37,610 And these bank robbers were able to digitally take over 75 00:03:37,610 --> 00:03:38,780 their entire network. 76 00:03:38,780 --> 00:03:40,670 For more on this particular attack let's turn 77 00:03:40,670 --> 00:03:45,560 to see us CS50's own resident security expert, and only Jeopardy champion, 78 00:03:45,560 --> 00:03:48,470 CS50's own Doug Lloyd. 79 00:03:48,470 --> 00:03:49,520 DOUG LLOYD: Thanks David. 80 00:03:49,520 --> 00:03:53,006 As you point out, this is, in fact, a modern form of bank robbery. 81 00:03:53,006 --> 00:03:55,880 What happened in this case is that customers went to visit their bank 82 00:03:55,880 --> 00:03:58,460 website, or what they thought was their bank website, 83 00:03:58,460 --> 00:04:03,860 but actually were visiting perfectly duplicated clones created by hackers. 84 00:04:03,860 --> 00:04:07,190 And what these hackers were able to do is to hack into the domain name system 85 00:04:07,190 --> 00:04:10,820 to change where the customers thought they were going. 86 00:04:10,820 --> 00:04:13,910 In fact, this attack was even so secure that the hackers were 87 00:04:13,910 --> 00:04:17,959 able to secure SSL certificates, which create those green locks that we 88 00:04:17,959 --> 00:04:21,589 see in our URL bars, and our browsers to indicate that a site is secure. 89 00:04:21,589 --> 00:04:23,930 So the customers were visiting this bank website, 90 00:04:23,930 --> 00:04:26,179 thought that they were accessing something secure, 91 00:04:26,179 --> 00:04:28,220 and they would type in their banking credentials, 92 00:04:28,220 --> 00:04:30,810 and complete the hacker's attack. 93 00:04:30,810 --> 00:04:33,470 Now, to date, the bank in question has not even 94 00:04:33,470 --> 00:04:36,050 been identified because those hackers were 95 00:04:36,050 --> 00:04:39,620 able to change the domain name system records, 96 00:04:39,620 --> 00:04:43,682 and the bank couldn't then even email their customers as a result. 97 00:04:43,682 --> 00:04:46,640 DAVID MALAN: Now, Doug, you keep mentioning domain name system records. 98 00:04:46,640 --> 00:04:48,160 What are these, exactly? 99 00:04:48,160 --> 00:04:51,950 DOUG LLOYD: So David, recall that the domain name system maps, commonly used 100 00:04:51,950 --> 00:04:56,290 URLs that we would type into our browser bars to IP addresses. 101 00:04:56,290 --> 00:04:58,100 And what the hackers were able to do here 102 00:04:58,100 --> 00:05:00,890 was to convince the registrar of domain names 103 00:05:00,890 --> 00:05:04,360 in Brazil to map the bank's legitimate domain 104 00:05:04,360 --> 00:05:07,230 names to the hacker's IP addresses. 105 00:05:07,230 --> 00:05:09,730 DAVID MALAN: Now, this all, Doug, sounds very sophisticated. 106 00:05:09,730 --> 00:05:13,450 What can little customers like me do to protect our hard earned money 107 00:05:13,450 --> 00:05:14,800 in banks like this? 108 00:05:14,800 --> 00:05:15,640 DOUG LLOYD: That's a great question. 109 00:05:15,640 --> 00:05:17,740 And I would recommend that everybody do what I do, 110 00:05:17,740 --> 00:05:21,937 which is to put all of my money under my mattress. 111 00:05:21,937 --> 00:05:23,020 DAVID MALAN: Thanks, Doug. 112 00:05:23,020 --> 00:05:26,809 Well, now, here closer to home has been reports of fishing. 113 00:05:26,809 --> 00:05:28,600 Indeed, all over campus here at Harvard are 114 00:05:28,600 --> 00:05:31,480 posters like this encouraging people to report phishing, 115 00:05:31,480 --> 00:05:35,410 the process whereby adversaries send you an email that might look legitimate, 116 00:05:35,410 --> 00:05:38,980 but is really some form of spam, but that generally contains links, 117 00:05:38,980 --> 00:05:42,760 or URLs to other websites that also look legitimate, but are, 118 00:05:42,760 --> 00:05:46,870 in fact, copies of other websites, not unlike banks, whereby you can then 119 00:05:46,870 --> 00:05:49,630 trick users into providing you with their usernames, 120 00:05:49,630 --> 00:05:52,630 their passwords, thereby, ultimately taking over their account. 121 00:05:52,630 --> 00:05:55,780 In fact, according to this very click-baity headline, 122 00:05:55,780 --> 00:06:00,100 Everyone Is Falling For This Frighteningly Effective Gmail Scam. 123 00:06:00,100 --> 00:06:00,910 Now, what is this? 124 00:06:00,910 --> 00:06:03,116 And how is it plaguing campuses like ours? 125 00:06:03,116 --> 00:06:04,990 Well, if you're a Gmail user you might recall 126 00:06:04,990 --> 00:06:06,770 receiving e-mails that look like this. 127 00:06:06,770 --> 00:06:09,830 And sometimes, of course, your e-mails contain attachments. 128 00:06:09,830 --> 00:06:11,920 Now, Gmail draws your attention to the attachments 129 00:06:11,920 --> 00:06:14,890 by providing with a very convenient downward facing icon 130 00:06:14,890 --> 00:06:18,160 that when clicked allows you to download that PDF. 131 00:06:18,160 --> 00:06:21,820 But what if an adversary, someone trying to deceive you, 132 00:06:21,820 --> 00:06:26,110 has sent you, not an attachment, but simply an otherwise blank email that 133 00:06:26,110 --> 00:06:30,700 contains an image embedded in it that looks, per this rectangle, 134 00:06:30,700 --> 00:06:35,140 exactly like the rectangle that g-mail generates automatically 135 00:06:35,140 --> 00:06:36,490 for actual attachments. 136 00:06:36,490 --> 00:06:39,310 Moreover, what if this embedded image is really 137 00:06:39,310 --> 00:06:43,300 a hyperlink to some other web page that then asks me for credentials, 138 00:06:43,300 --> 00:06:46,010 like my Gmail username and password? 139 00:06:46,010 --> 00:06:49,690 Now, normally this wouldn't be such a concern, because if a link like this 140 00:06:49,690 --> 00:06:52,840 led to a web page on some foreign server where 141 00:06:52,840 --> 00:06:55,120 I'm being tricked into typing in my credentials, 142 00:06:55,120 --> 00:06:57,080 well, Harvard, or my internet service provider, 143 00:06:57,080 --> 00:07:01,210 or ISP could simply block, ultimately, that website so that very few customers 144 00:07:01,210 --> 00:07:02,980 actually fall for that trick. 145 00:07:02,980 --> 00:07:05,410 Unfortunately, it turns out that the web supports 146 00:07:05,410 --> 00:07:09,220 what are known as data URIs, whereby this particular attack was 147 00:07:09,220 --> 00:07:13,370 linking not to a remote website, but to a URL that looks like this. 148 00:07:13,370 --> 00:07:15,760 And notice, in particular, it starts with data colon 149 00:07:15,760 --> 00:07:17,350 followed by a whole bunch of text. 150 00:07:17,350 --> 00:07:20,380 Well, it turns out, you can embed in the URL bar 151 00:07:20,380 --> 00:07:24,730 of a browser enough information, enough HTML, CSS, and even JavaScript, 152 00:07:24,730 --> 00:07:29,380 to make the page that's displayed actually look like a Gmail log 153 00:07:29,380 --> 00:07:31,040 in screen, like this one here. 154 00:07:31,040 --> 00:07:34,390 And indeed, if you then type in unwittingly your username, and perhaps 155 00:07:34,390 --> 00:07:37,130 even your password, and hit enter, that username and password 156 00:07:37,130 --> 00:07:38,890 is sent to the bad guys website. 157 00:07:38,890 --> 00:07:41,470 Not, to the actual Gmail. 158 00:07:41,470 --> 00:07:45,080 Now, how does this work, and how do these URI's actually function? 159 00:07:45,080 --> 00:07:47,636 Well, here's an example of an actual data URI. 160 00:07:47,636 --> 00:07:49,510 And among the compelling uses of these things 161 00:07:49,510 --> 00:07:52,720 is to embed images and other assets inside of web pages 162 00:07:52,720 --> 00:07:56,110 without having to link the secondary files that then have to be loaded, 163 00:07:56,110 --> 00:07:57,580 typically a bit more slowly. 164 00:07:57,580 --> 00:08:02,140 Notice that too begins with data colon, specifying this is a data URI, or URL. 165 00:08:02,140 --> 00:08:04,870 Then it specifies what the type of the file is that follows. 166 00:08:04,870 --> 00:08:07,930 In this case, it's an image of type BMP, or bitmap. 167 00:08:07,930 --> 00:08:10,750 And then it specifies how it's encoded, which in this case 168 00:08:10,750 --> 00:08:14,980 is not binary, not decimal, not even hexadecimal, but base-64, 169 00:08:14,980 --> 00:08:18,892 which is a base system that uses letters, both capital and lowercase, as 170 00:08:18,892 --> 00:08:21,850 well as numbers, as well as a couple of other characters, to represent, 171 00:08:21,850 --> 00:08:26,020 as text, what might otherwise just be zeros and ones, or binary. 172 00:08:26,020 --> 00:08:28,660 Now, the characters that follow, while they 173 00:08:28,660 --> 00:08:31,420 look like purely alphabetical, and syntactic characters 174 00:08:31,420 --> 00:08:34,580 are actually the base-64 encoding of an image. 175 00:08:34,580 --> 00:08:36,340 This image here. 176 00:08:36,340 --> 00:08:37,419 Now, let's enhance. 177 00:08:37,419 --> 00:08:39,280 And you might, indeed, see a familiar face. 178 00:08:39,280 --> 00:08:42,879 That is literally the file that's embedded in that data. 179 00:08:42,879 --> 00:08:44,920 And so with the bad guys did in this Gmail attack 180 00:08:44,920 --> 00:08:49,150 is actually embed a functioning web page that was base-64 encoded, instead 181 00:08:49,150 --> 00:08:52,394 of it being as simple as a simple happy Smiley face. 182 00:08:52,394 --> 00:08:54,310 Now, thankfully, browsers like Chrome can help 183 00:08:54,310 --> 00:08:56,200 us notice when websites are legitimate. 184 00:08:56,200 --> 00:08:59,140 Here I'm at accounts.google.com, and it starts with HTTPS, 185 00:08:59,140 --> 00:09:02,050 and Chrome is telling me, in green, that it's secure. 186 00:09:02,050 --> 00:09:05,680 As a result of this attack, and others like it, has Google also 187 00:09:05,680 --> 00:09:10,030 added functionality to Chrome so that if a user accidentally, or even knowingly 188 00:09:10,030 --> 00:09:13,000 visits a data URI, that begins with data colon, 189 00:09:13,000 --> 00:09:16,790 now are users informed, a little more clearly, in gray, 190 00:09:16,790 --> 00:09:19,520 that this website is not secure. 191 00:09:19,520 --> 00:09:23,380 And now it-- actually, wait, this just in. 192 00:09:23,380 --> 00:09:26,410 I'm hearing from CS50's own Doug Lloyd that there's actually 193 00:09:26,410 --> 00:09:28,570 a hacking attack in progress. 194 00:09:28,570 --> 00:09:31,900 For more on this, let's go to our live feed of the hack in progress. 195 00:09:31,900 --> 00:09:33,852 [MUSIC PLAYING] 196 00:09:33,852 --> 00:09:42,650 197 00:09:42,650 --> 00:09:45,260 And now, of course, no discussion of security of late 198 00:09:45,260 --> 00:09:48,200 would be complete without mention of our own CIA, 199 00:09:48,200 --> 00:09:49,940 or Central Intelligence Agency. 200 00:09:49,940 --> 00:09:53,090 Indeed, it was recently revealed by Wikileaks.org 201 00:09:53,090 --> 00:09:58,130 that the CIA has been taking advantage for some time of bugs in software 202 00:09:58,130 --> 00:10:01,430 in order to wage attacks against owners of the hardware 203 00:10:01,430 --> 00:10:07,490 running that software, including popular devices like Android phones, iPhones, 204 00:10:07,490 --> 00:10:08,990 TVs, and more. 205 00:10:08,990 --> 00:10:14,390 And in Vault 7 in particular did Wikileaks reveal the CIA hacking tools. 206 00:10:14,390 --> 00:10:17,390 Specifically referring to such initiatives by the CIA, 207 00:10:17,390 --> 00:10:21,560 seemingly adorable initiatives like, Wrecking Crew, Crunchy Lime Skies, 208 00:10:21,560 --> 00:10:26,150 Elder Piggy, Anger Quake, or McNugget, which indeed sound delightful. 209 00:10:26,150 --> 00:10:29,660 But when you actually read about what these code names mean they actually 210 00:10:29,660 --> 00:10:33,680 refer to a systematic process for identifying bugs in software, 211 00:10:33,680 --> 00:10:35,510 and therefore, potential exploits, writing 212 00:10:35,510 --> 00:10:38,660 software that take advantage of those bugs, so as, to effectively, 213 00:10:38,660 --> 00:10:41,630 hack into people's software and/or hardware. 214 00:10:41,630 --> 00:10:45,170 And potentially affected are familiar tools like Skype, our own WiFi 215 00:10:45,170 --> 00:10:47,330 networks, PDFs, anti-virus software. 216 00:10:47,330 --> 00:10:51,260 In addition to popular devices like the very phones in our pocket. 217 00:10:51,260 --> 00:10:54,440 But, all too close to home, frankly was the fact 218 00:10:54,440 --> 00:10:59,030 that Samsung TVs seem to be the result, or the victim, 219 00:10:59,030 --> 00:11:00,590 of some of these very exploits. 220 00:11:00,590 --> 00:11:03,230 In fact, adorably, Weeping Angel was the code name 221 00:11:03,230 --> 00:11:05,540 for a project that took advantage of bugs 222 00:11:05,540 --> 00:11:09,740 in Samsung TV'S own software, Smart TVs software, in order 223 00:11:09,740 --> 00:11:12,830 to turn on, without customers, apparently knowing, 224 00:11:12,830 --> 00:11:15,920 those devices microphones so that you could theoretically listen in 225 00:11:15,920 --> 00:11:19,310 on conversations, and even record them, even while giving 226 00:11:19,310 --> 00:11:21,740 the appearance that the TV is off. 227 00:11:21,740 --> 00:11:24,380 So the user thinks the TV is off, and he or she is talking. 228 00:11:24,380 --> 00:11:27,642 But meanwhile, that TV is actually listening. 229 00:11:27,642 --> 00:11:29,600 Now, you may recall it wasn't all that long ago 230 00:11:29,600 --> 00:11:34,520 that the CS50 itself blew the lid off of another problem with Samsung Smart TVs, 231 00:11:34,520 --> 00:11:37,034 whereby at the time, though they claimed and thought 232 00:11:37,034 --> 00:11:39,950 they were actually encrypting such data, because these microphones are 233 00:11:39,950 --> 00:11:43,130 present so that you can talk to your TV, and issue VoiceBase commands, 234 00:11:43,130 --> 00:11:47,739 will recall that data was not actually being encrypted. 235 00:11:47,739 --> 00:11:49,530 Now, what is a Smart TV in the first place? 236 00:11:49,530 --> 00:11:52,850 Well, at the end of the day, our TVs are no longer just televisions. 237 00:11:52,850 --> 00:11:56,732 They are actually full fledged computers with hardware and software within. 238 00:11:56,732 --> 00:11:58,940 And indeed, if you have such a Smart TV, whether it's 239 00:11:58,940 --> 00:12:03,200 Samsung, or something else, you may very well have icons like these on your TV, 240 00:12:03,200 --> 00:12:04,970 much like a tablet, or a phone. 241 00:12:04,970 --> 00:12:07,940 And that's because you can install software on TVs today. 242 00:12:07,940 --> 00:12:11,480 But if you can install software you can surely install accidentally 243 00:12:11,480 --> 00:12:15,087 buggy software, or unknowingly exploitative software, 244 00:12:15,087 --> 00:12:17,420 that's actually doing something it's not supposed to do. 245 00:12:17,420 --> 00:12:21,260 But even scarier is when our hardware has things like these things here. 246 00:12:21,260 --> 00:12:23,210 Cameras and microphones that are supposed 247 00:12:23,210 --> 00:12:25,430 to be used for good and not evil. 248 00:12:25,430 --> 00:12:28,430 As this man here is talking to his TV and using Skype 249 00:12:28,430 --> 00:12:30,140 by talking into his remote control. 250 00:12:30,140 --> 00:12:32,152 That in fact is meant to be a feature. 251 00:12:32,152 --> 00:12:34,610 But when these things can be turned on without our control, 252 00:12:34,610 --> 00:12:37,235 and when they can be turned on even when we think they are off, 253 00:12:37,235 --> 00:12:40,040 therein lies the threat and the scare. 254 00:12:40,040 --> 00:12:43,310 Now, how do you know if you are among those that were affected? 255 00:12:43,310 --> 00:12:46,820 And indeed, if you are suspicious that the CIA is spying on you, 256 00:12:46,820 --> 00:12:48,320 how can you confirm as much? 257 00:12:48,320 --> 00:12:52,940 Well, if your Samsung TV was manufactured in 2011 or 2012 258 00:12:52,940 --> 00:12:54,740 this particular attack is germane. 259 00:12:54,740 --> 00:12:59,240 However, to be fair, the attack requires that the CIA tiptoe into your home, 260 00:12:59,240 --> 00:13:02,325 presumably, plug-in a USB stick with the software, 261 00:13:02,325 --> 00:13:03,950 in order to take advantage of this bug. 262 00:13:03,950 --> 00:13:06,950 But if that too is a threat, consider that the software 263 00:13:06,950 --> 00:13:09,380 your smart TV must be running for this attack to work 264 00:13:09,380 --> 00:13:13,102 is either version 1011, 1012, 1016. 265 00:13:13,102 --> 00:13:14,810 And there have been newer versions since. 266 00:13:14,810 --> 00:13:18,800 But the biggest help, perhaps, is if when you think your TV is off you 267 00:13:18,800 --> 00:13:23,030 actually still see a blue LED light on in the back. 268 00:13:23,030 --> 00:13:26,750 It might actually be listening, and god forbid, watching you. 269 00:13:26,750 --> 00:13:30,920 For more on this particular attack and others, you can take a look at this URL 270 00:13:30,920 --> 00:13:31,910 here. 271 00:13:31,910 --> 00:13:32,420 That's it. 272 00:13:32,420 --> 00:13:36,320 For CS50 Live, thank you so much to CS50's own Ian, and Andrew, Marinda, 273 00:13:36,320 --> 00:13:41,960 Ramone, Skulli, Dan, Arturo, Christian, and of course, CS50's own, Doug Lloyd. 274 00:13:41,960 --> 00:13:43,190 This was CS50. 275 00:13:43,190 --> 00:13:46,490 276 00:13:46,490 --> 00:13:47,990 [WATER SPLASHING] 277 00:13:47,990 --> 00:13:56,390 278 00:13:56,390 --> 00:13:59,440 [BIRD SQUAWKING] 279 00:13:59,440 --> 00:14:17,094