1 00:00:00,000 --> 00:00:02,750 [Week 10] 2 00:00:02,750 --> 00:00:04,750 [David J. Malan] [Harvard University] 3 00:00:04,750 --> 00:00:07,000 [This is CS50.] [CS50.TV] 4 00:00:08,520 --> 00:00:13,240 >> All right! This is CS50 but not for much longer. 5 00:00:13,240 --> 00:00:14,740 This is the start of week 10. 6 00:00:14,740 --> 00:00:18,780 On Wednesday we have our quiz, and then next Monday we have some celebratory cake 7 00:00:18,780 --> 00:00:22,030 as we come full circle all the way back from week zero. 8 00:00:22,030 --> 00:00:25,200 Today, we talk about one of my favorite topics, truth be told-- 9 00:00:25,200 --> 00:00:29,000 that of security and privacy and the implications of all of the hardware and software 10 00:00:29,000 --> 00:00:31,000 that we all use these days. 11 00:00:31,000 --> 00:00:33,300 To be honest, there are a lot of threats out there 12 00:00:33,300 --> 00:00:35,430 that if you haven't really paused to think about them, 13 00:00:35,430 --> 00:00:36,920 they're actually pretty daunting. 14 00:00:36,920 --> 00:00:40,070 Case in point--if any of you have ever downloaded a piece of software 15 00:00:40,070 --> 00:00:42,660 off of the Internet and installed it on your computer, 16 00:00:42,660 --> 00:00:45,220 you've engaged into a significant degree of trust, right? 17 00:00:45,220 --> 00:00:50,220 There is nothing having prevented Skype, or Chrome, or any piece of software 18 00:00:50,220 --> 00:00:54,770 you've installed onto your computer, from simply deleting all of the files on your hard drive; 19 00:00:54,770 --> 00:00:58,260 from uploading all of the files on your hard drive to some bad guy's server; 20 00:00:58,260 --> 00:01:01,650 from reading all of your emails; from intercepting all of your instant messages. 21 00:01:01,650 --> 00:01:05,040 Because the reality is today with most modern operating systems 22 00:01:05,040 --> 00:01:10,040 there really isn't much of a wall between software programs that we install, 23 00:01:10,040 --> 00:01:14,220 and you and I are pretty much just kind of crossing our fingers and taking on faith 24 00:01:14,220 --> 00:01:17,750 that that app we downloaded for free, or that thing that's 99 cents, 25 00:01:17,750 --> 00:01:20,140 is actually completely benign. 26 00:01:20,140 --> 00:01:23,090 But as we've seen through C, and now PHP and JavaScript, 27 00:01:23,090 --> 00:01:25,420 with this ability to express ourselves programatically, 28 00:01:25,420 --> 00:01:30,300 you can do most anything you want with a program that a user himself or herself could do. 29 00:01:30,300 --> 00:01:32,390 >> So, today we focus on that topic-- 30 00:01:32,390 --> 00:01:35,360 not only some threats but also defenses. 31 00:01:35,360 --> 00:01:37,540 Indeed, in the world of security in general, 32 00:01:37,540 --> 00:01:39,040 there's kind of this cat-and-mouse game, 33 00:01:39,040 --> 00:01:41,990 and I daresay the bad guys almost always have a leg up. 34 00:01:41,990 --> 00:01:45,880 When it comes to taking advantage of hardware and software on our own personal computers, 35 00:01:45,880 --> 00:01:51,250 we have to realize that a bad guy simply needs to find one simple mistake-- 36 00:01:51,250 --> 00:01:56,150 one exploit, one bug--in a piece of software we've written or are running 37 00:01:56,150 --> 00:01:58,280 in order for him or her to take over our whole system. 38 00:01:58,280 --> 00:02:02,870 By contrast, we--the good guys--need to patch and fix all of those bugs 39 00:02:02,870 --> 00:02:04,900 and avoid all of those weaknesses. 40 00:02:04,900 --> 00:02:07,870 And so, I daresay on the whole, the bad guys have the advantage. 41 00:02:07,870 --> 00:02:10,840 What classes like this and subsequent classes are really about 42 00:02:10,840 --> 00:02:14,830 are not about teaching you how to wage the battles that these bad guys do, 43 00:02:14,830 --> 00:02:18,220 but are about how to protect yourself or at least how to make a calculated decision 44 00:02:18,220 --> 00:02:22,970 that yes, I know this piece of software could indeed read every one of my emails, 45 00:02:22,970 --> 00:02:27,040 but I'm okay with that because of the value it brings me on the other hand. 46 00:02:27,040 --> 00:02:31,060 >> I'm very pleased to be joined by 2 of the smartest people I know-- 47 00:02:31,060 --> 00:02:33,060 Rob Bowden and Nate Hardison. 48 00:02:33,060 --> 00:02:36,850 Rob is about to take us for a tour through the lowest level of security tags-- 49 00:02:36,850 --> 00:02:42,470 that of the compiler which, up until now, we've all come to love and trust. Rob Bowden. 50 00:02:42,470 --> 00:02:47,790 [applause] 51 00:02:47,790 --> 00:02:50,280 >> [Rob] All right. David has pretty much taken my whole spiel 52 00:02:50,280 --> 00:02:52,320 that I was going to introduce with, but-- 53 00:02:52,320 --> 00:02:58,070 Several weeks ago, you saw the example of a buffer-overflow attack 54 00:02:58,070 --> 00:03:01,900 which is an example of a hacker hacking into some piece of software 55 00:03:01,900 --> 00:03:06,060 that they are not supposed to be hacking into. 56 00:03:06,060 --> 00:03:09,690 The other side of this 57 00:03:09,690 --> 00:03:14,470 is sometimes you have software that is malicious in and of itself. 58 00:03:14,470 --> 00:03:17,070 It doesn't even need to be hacked. 59 00:03:17,070 --> 00:03:20,670 The person who wrote the software wants to hack you. 60 00:03:20,670 --> 00:03:22,190 >> Let's just jump right into code, 61 00:03:22,190 --> 00:03:28,560 taking a look at "login.c". 62 00:03:28,560 --> 00:03:33,390 Here, a silly program that validates a username and password combination. 63 00:03:33,390 --> 00:03:39,420 Here you should definitely be getting comfortable with C again for the quiz. 64 00:03:39,420 --> 00:03:43,470 First, we are using get strings to describe the username, 65 00:03:43,470 --> 00:03:46,280 then we're using get string to grab the password, 66 00:03:46,280 --> 00:03:50,680 and then we have some trivial checks of just, is the username "rob"? 67 00:03:50,680 --> 00:03:52,710 And is the password "thisiscs50"? 68 00:03:52,710 --> 00:03:56,900 Or, is the username "tommy" and the password "i<3javascript"? 69 00:03:56,900 --> 00:03:58,980 If either of those is the case, 70 00:03:58,980 --> 00:04:01,980 then we're just going to print "Success", and then we have access. 71 00:04:01,980 --> 00:04:07,690 Otherwise, we're going to print "invalid login" and then, of course, 72 00:04:07,690 --> 00:04:11,120 since sketch strings malloc's memory, we free username and password. 73 00:04:11,120 --> 00:04:15,560 This is a trivial login program, 74 00:04:15,560 --> 00:04:18,110 and if you think about when you log into the appliance, 75 00:04:18,110 --> 00:04:22,350 it's pretty similar--or even logging in to your computer-- 76 00:04:22,350 --> 00:04:24,930 there's just some login program which is giving you access. 77 00:04:24,930 --> 00:04:31,840 Here, we happen to have hard-coded 'rob', 'thisiscs50', 'tommy', 'i<3javascript', 78 00:04:31,840 --> 00:04:34,950 but probably there is some file somewhere on your operating system 79 00:04:34,950 --> 00:04:38,690 which has a list of usernames who can login to the system 80 00:04:38,690 --> 00:04:41,740 and a list of passwords associated with those usernames. 81 00:04:41,740 --> 00:04:46,090 Usually the passwords are not just stored in plaintext like this. 82 00:04:46,090 --> 00:04:50,360 There is some sort of encryption, but this will do for our example. 83 00:04:50,360 --> 00:04:57,000 >> Coming over to our compiler-- 84 00:04:57,020 --> 00:05:00,780 it's going to be very straightforward. 85 00:05:00,780 --> 00:05:04,800 We need to specify at least some file that we want to compile, 86 00:05:04,800 --> 00:05:10,200 and then here--these lines 87 00:05:10,200 --> 00:05:12,520 are just reading an A file. 88 00:05:12,520 --> 00:05:16,080 It reads the entire file into one big buffer, 89 00:05:16,080 --> 00:05:19,000 and then we null-terminate our buffer as always, 90 00:05:19,000 --> 00:05:21,000 and finally we just compile the file. 91 00:05:21,000 --> 00:05:24,090 We're not going to look at how compile is actually implemented, 92 00:05:24,090 --> 00:05:26,820 but as a hint, it just calls Clang. 93 00:05:26,820 --> 00:05:32,370 We're going to use this program to compile things instead of Clang. 94 00:05:32,370 --> 00:05:39,260 One problem we start with is we see we want to compile our compiler, 95 00:05:39,260 --> 00:05:43,620 but if we're not going to use Clang, I don't know what I'm going to compile with. 96 00:05:43,620 --> 00:05:46,700 This is a general issue known as bootstrapping. 97 00:05:46,700 --> 00:05:53,080 So, just this once, I'm going to use Clang to compile our compiler. 98 00:05:53,080 --> 00:05:58,800 >> If you think of GCC and Clang-- 99 00:05:58,800 --> 00:06:03,200 those programs, those compilers are constantly being updated, 100 00:06:03,200 --> 00:06:10,010 and those compilers are compiled using GCC and Clang. 101 00:06:10,010 --> 00:06:14,890 Clang is just one big C or C++ program, 102 00:06:14,890 --> 00:06:19,510 so the compiler they use to compile that is Clang. 103 00:06:19,510 --> 00:06:26,820 Here, now, we are just going to be using our compiler to compile our compiler, 104 00:06:26,820 --> 00:06:33,830 and we can even say--'./compiler', 'compiler.c', 'compile.c', '-o compiler'. 105 00:06:33,830 --> 00:06:37,250 Notice this is the exact command I ran before-- 106 00:06:37,250 --> 00:06:41,330 just replace Clang with './compiler'. 107 00:06:41,330 --> 00:06:44,990 And now we have another compiler, but it's exactly the same. 108 00:06:44,990 --> 00:06:47,510 It just calls Clang. 109 00:06:47,510 --> 00:06:55,050 >> We're going to use our compiler to compile our login program. 110 00:06:55,050 --> 00:07:03,030 Okay--"./compiler login.c -o login". 111 00:07:03,030 --> 00:07:06,160 So, undefined reference to "GetString". 112 00:07:06,160 --> 00:07:11,250 Got a "-lcs50". Okay. 113 00:07:11,250 --> 00:07:13,790 So now I have our login program. 114 00:07:13,790 --> 00:07:16,790 Running it--receive "Please enter your username". 115 00:07:16,790 --> 00:07:22,140 One example was rob. Please enter your password--thisiscs50. 116 00:07:22,140 --> 00:07:24,930 And success! I have access. 117 00:07:24,930 --> 00:07:28,350 Running it again and entering some invalid password-- 118 00:07:28,350 --> 00:07:30,350 or invalid username and password-- 119 00:07:30,350 --> 00:07:32,860 invalid login. 120 00:07:32,860 --> 00:07:37,740 Okay. Nothing interesting about this so far. 121 00:07:37,740 --> 00:07:43,100 But, let's take a look at login again-- 122 00:07:43,100 --> 00:07:47,850 and this is going to be a somewhat trivial example, 123 00:07:47,850 --> 00:07:59,330 but let's add an else in here and say, else if ((strcmp(username, "hacker") == 0 && 124 00:07:59,330 --> 00:08:14,510 strcmp(password, "LOLihackyou") == 0)) 125 00:08:14,510 --> 00:08:26,280 so now, printf("Hacked!! You now have access. \n"); okay. 126 00:08:26,280 --> 00:08:36,240 Compiling this--compiler login.c -o login -lcs50-- 127 00:08:36,240 --> 00:08:40,190 now running login--and if I use my username hacker 128 00:08:40,190 --> 00:08:44,740 and password LOLihackedyou-- 129 00:08:44,740 --> 00:08:47,780 Did I type it wrong in there before? 130 00:08:47,780 --> 00:08:52,990 At login.c--ihack--I'll do hacked because I think I do that later. 131 00:08:52,990 --> 00:08:56,270 Okay. Recompiling. 132 00:08:56,270 --> 00:09:01,500 Re-running--hacker--LOLihackedyou-- 133 00:09:01,500 --> 00:09:03,650 Hacked!! You now have access. 134 00:09:03,650 --> 00:09:06,580 >> There doesn't seem to be that much of a difference 135 00:09:06,580 --> 00:09:10,890 because it's the same exact check I was doing for other usernames and passwords. 136 00:09:10,890 --> 00:09:17,720 Plus, the big thing is that if other people look at this login.c-- 137 00:09:17,720 --> 00:09:24,020 say, if I pass this off to my partner, and they open up this file, 138 00:09:24,020 --> 00:09:29,870 and they read this, they'll see--okay, why do you have these lines of code here? 139 00:09:29,870 --> 00:09:33,320 That's obviously not something that should be in your program. 140 00:09:33,320 --> 00:09:41,590 In some programs--like any proprietary software that is not open-source-- 141 00:09:41,590 --> 00:09:46,200 you may never see these lines of code. 142 00:09:46,200 --> 00:09:50,440 Something like Skype or something--for all you know, 143 00:09:50,440 --> 00:09:57,600 Skype is on your computer and there is just some specific username-password combination 144 00:09:57,600 --> 00:10:01,580 which will login to Skype in some special way. 145 00:10:01,580 --> 00:10:04,230 We don't know about it, and people don't know about it, 146 00:10:04,230 --> 00:10:09,640 because they don't get to read the sourcecode to see that there's this hole. 147 00:10:09,640 --> 00:10:11,800 >> What we call this-- 148 00:10:11,800 --> 00:10:16,530 although this isn't a very clever example-- 149 00:10:16,530 --> 00:10:18,970 this is called a back door. 150 00:10:18,970 --> 00:10:22,320 If you think of the back door of your house. 151 00:10:22,320 --> 00:10:26,640 Here, if I validate with the usernames 'rob' or 'tommy,' 152 00:10:26,640 --> 00:10:28,580 that would be like using the "front door." 153 00:10:28,580 --> 00:10:33,700 That's the way I'm supposed to securely login. 154 00:10:33,700 --> 00:10:37,630 But if I enter with this username and password-- 155 00:10:37,630 --> 00:10:40,630 then that's using the "back door." 156 00:10:40,630 --> 00:10:42,810 It wasn't the intentional way to get into the program, 157 00:10:42,810 --> 00:10:45,350 but it still works. 158 00:10:45,350 --> 00:10:49,160 And people in general aren't supposed to know about these back doors. 159 00:10:49,160 --> 00:10:53,050 We're going to improve this. 160 00:10:53,050 --> 00:10:55,610 Let's revert this to our original login.c, 161 00:10:55,610 --> 00:11:05,510 and let's take a look at our new compiler. Okay. 162 00:11:05,510 --> 00:11:08,460 Everything up here is exactly the same. 163 00:11:08,460 --> 00:11:10,460 We're reading the entire file into a buffer. 164 00:11:10,460 --> 00:11:14,400 Everything down here is the same. 165 00:11:14,400 --> 00:11:16,180 We just compiled the file. 166 00:11:16,180 --> 00:11:19,770 But now I have this big if in here 167 00:11:19,770 --> 00:11:24,140 that says, if the file that I happen to be compiling is login.c, 168 00:11:24,140 --> 00:11:27,390 then I do something special. 169 00:11:27,390 --> 00:11:29,900 What is that something special? 170 00:11:29,900 --> 00:11:33,820 I see here some string called 'hack', 171 00:11:33,820 --> 00:11:35,950 and looking at these lines of code-- 172 00:11:35,950 --> 00:11:41,990 these are the same lines of code--I guess I did use 'ihack' and not 'ihacked' before-- 173 00:11:41,990 --> 00:11:44,240 looking at these lines of code, 174 00:11:44,240 --> 00:11:47,880 they're the same exact lines of code that I had in login.c before. 175 00:11:47,880 --> 00:11:51,130 But now, instead of having them in login.c, 176 00:11:51,130 --> 00:11:54,290 I'm going to put them into my compiler. 177 00:11:54,290 --> 00:12:00,240 >> These are the lines of code I'm going to want to insert into login.c. 178 00:12:00,240 --> 00:12:06,350 These lines of code--the buffer that originally held my login.c 179 00:12:06,350 --> 00:12:11,080 is no longer going to be big enough because now I want to also insert this hack 180 00:12:11,080 --> 00:12:12,940 into the middle of my program. 181 00:12:12,940 --> 00:12:16,350 All this is doing is creating a new buffer that's large enough-- 182 00:12:16,350 --> 00:12:22,020 both for the original file and the extra lines of code--the hack--that I want to insert there. 183 00:12:22,020 --> 00:12:24,920 Here is something to notice-- 184 00:12:24,920 --> 00:12:29,200 char* pattern = "// deny them access!" 185 00:12:29,200 --> 00:12:33,760 If we look back at login.c, 186 00:12:33,760 --> 00:12:37,690 we see down here this comment--deny them access! 187 00:12:37,690 --> 00:12:42,360 In login.c, this comment looks completely innocuous, 188 00:12:42,360 --> 00:12:48,270 so you wouldn't suspect any malicious intent with just this comment. 189 00:12:48,270 --> 00:12:55,600 But in our compiler, we are specifically going to look for this line of code, 190 00:12:55,600 --> 00:12:57,600 and then when we find it-- 191 00:12:57,600 --> 00:13:03,330 these lines of code are inserting our hack into that position. 192 00:13:03,330 --> 00:13:06,910 So, we are iterating over the entire login.c, 193 00:13:06,910 --> 00:13:12,080 we are inserting that hack exactly where it says deny them access, 194 00:13:12,080 --> 00:13:15,890 and then we're compiling--not the original login.c 195 00:13:15,890 --> 00:13:20,340 but the new login.c with that hack inserted right at 'deny them access.' 196 00:13:20,340 --> 00:13:29,190 >> Now I want to compile my new compiler with that hack involved. 197 00:13:29,190 --> 00:13:36,900 I'm not going to use Clang, so let's copy the compiler we used before 198 00:13:36,900 --> 00:13:48,420 and use that--so, compiler compiler.c compile.c -o evil_compiler. 199 00:13:48,420 --> 00:13:50,870 Now our evil compiler-- 200 00:13:50,870 --> 00:13:54,310 if we use our evil compiler to compile any other file, 201 00:13:54,310 --> 00:13:57,980 the file will compile as it should. 202 00:13:57,980 --> 00:13:59,980 It's completely normal. 203 00:13:59,980 --> 00:14:06,870 But if we use our evil compiler to compile login-- 204 00:14:06,870 --> 00:14:14,920 so, ./evil_compiler login.c -o login -lcs50-- 205 00:14:14,920 --> 00:14:21,310 looking at login.c again, there's absolutely nothing in here. 206 00:14:21,310 --> 00:14:25,770 It's our usual 'if it's either rob or tommy we're in, else we're out'. 207 00:14:25,770 --> 00:14:31,620 But when we run our executable, this will work as usual. 208 00:14:31,620 --> 00:14:36,640 Running again--hacker, LOLihackyou-- 209 00:14:36,640 --> 00:14:39,000 Hacked!! You now have access. 210 00:14:39,000 --> 00:14:43,560 Just looking at login.c, you wouldn't think anything is wrong. 211 00:14:43,560 --> 00:14:46,960 But the compiler that's being used to compile login.c 212 00:14:46,960 --> 00:14:53,820 is specifically designed to insert this hack into the program. 213 00:14:53,820 --> 00:14:57,320 We've only moved our original problem. 214 00:14:57,320 --> 00:15:02,880 Originally, we had these lines of code in login.c that if anyone else looked at them, 215 00:15:02,880 --> 00:15:05,470 they'd be like, why are these here? 216 00:15:05,470 --> 00:15:09,550 Now if anyone happens to look at our compiler, 217 00:15:09,550 --> 00:15:12,140 they'll look at these lines of code and say, 218 00:15:12,140 --> 00:15:15,290 why are these here? 219 00:15:15,290 --> 00:15:17,210 So, we haven't completely solved our problem. 220 00:15:17,210 --> 00:15:22,510 But we can use this idea again. 221 00:15:22,510 --> 00:15:26,260 >> Taking a look at our third version of the compiler, 222 00:15:26,260 --> 00:15:32,500 it's the same idea. 223 00:15:32,500 --> 00:15:36,240 We read the entire file into a buffer up here, 224 00:15:36,240 --> 00:15:39,660 we compile the file down here, 225 00:15:39,660 --> 00:15:44,220 and I have some sort of string hack in here, 226 00:15:44,220 --> 00:15:47,710 but notice the file that I'm actually hacking now. 227 00:15:47,710 --> 00:15:52,260 I am hacking compiler.c 228 00:15:52,260 --> 00:15:54,590 not login.c. 229 00:15:54,590 --> 00:15:57,780 But what am I inserting into compiler.c? 230 00:15:57,780 --> 00:16:04,600 I'm inserting this code which is the exact code in our previous compiler, 231 00:16:04,600 --> 00:16:10,540 which was meant to insert code into login.c. 232 00:16:10,540 --> 00:16:13,360 Here is our if strcmp file login.c 233 00:16:13,360 --> 00:16:19,370 and then insert into login.c our hack stuff. 234 00:16:19,370 --> 00:16:26,010 This new compiler is intended to create a compiler 235 00:16:26,010 --> 00:16:30,390 which is intended to compile login maliciously. 236 00:16:30,390 --> 00:16:34,320 We'll see why that helps us. 237 00:16:34,320 --> 00:16:40,630 Everything else is the same, so it works exactly as it worked with our previous compiler. 238 00:16:40,630 --> 00:16:45,550 We are just iterating over our entire compile.c. 239 00:16:45,550 --> 00:16:48,190 But now instead of looking for 'deny them access,' 240 00:16:48,190 --> 00:16:51,490 we're looking for 'compile the file.' 241 00:16:51,490 --> 00:16:53,750 Where is compile the file? 242 00:16:53,750 --> 00:16:57,210 Looking at our completely innocent compiler.c, 243 00:16:57,210 --> 00:17:01,340 it's right down here at the bottom. 244 00:17:01,340 --> 00:17:06,500 This comment--compile the file--again, that looks completely innocuous. 245 00:17:06,500 --> 00:17:11,599 But, in our malicious version of the compiler, 246 00:17:11,599 --> 00:17:16,550 we are going to--right before that comment--insert this code 247 00:17:16,550 --> 00:17:20,690 which is intended to insert code when compiling login.c. 248 00:17:20,690 --> 00:17:25,589 >> There are a lot of levels of indirection here. 249 00:17:25,589 --> 00:17:29,760 Let's actually run it. 250 00:17:29,760 --> 00:17:37,360 Again, we'll copy our original compiler. 251 00:17:37,360 --> 00:17:48,260 Now, compile--compiler compiler.c compile.c -o evilest_compiler-- 252 00:17:48,260 --> 00:17:52,640 and now evilest_compiler. 253 00:17:52,640 --> 00:17:59,200 Evilest compiler--if we use that to compile our compiler, 254 00:17:59,200 --> 00:18:01,550 let's actually look. 255 00:18:01,550 --> 00:18:13,230 Evilest_compiler--bringing it over, all the way back to version 1 of our compiler-- 256 00:18:13,230 --> 00:18:19,640 version 1 of our compiler which was just read in the file and compile it. 257 00:18:19,640 --> 00:18:24,780 Here, we know that evilest_compiler--when it compiles this file-- 258 00:18:24,780 --> 00:18:29,890 is going to insert code right here before compile the file, 259 00:18:29,890 --> 00:18:38,510 and that code is going to look exactly like the code from the second version of our compiler 260 00:18:38,510 --> 00:18:42,240 which did this. 261 00:18:42,240 --> 00:18:46,450 This code, which is intended to break into login, 262 00:18:46,450 --> 00:18:56,480 is going to be inserted into our compiler by evilest compiler. 263 00:18:56,480 --> 00:19:08,600 Let's use evilest_compiler to compile our compiler. 264 00:19:08,600 --> 00:19:15,040 Now we'll use compiler, 265 00:19:15,040 --> 00:19:19,460 come back over to login, 266 00:19:19,460 --> 00:19:25,280 and remember this login.c has absolutely nothing suspicious in it. 267 00:19:25,280 --> 00:19:35,250 But using our compiler to compile login.c, 268 00:19:35,250 --> 00:19:38,430 rob, thisiscs50, success. 269 00:19:38,430 --> 00:19:44,350 Let's login hacker, LOLihackyou, Hacked!! You now have access. 270 00:19:44,350 --> 00:19:49,710 >> Recognize that this was different from version 2 of our compiler. 271 00:19:49,710 --> 00:20:00,500 The compiler we use--let's move back--copy from login-- 272 00:20:00,500 --> 00:20:01,880 let's bring our compiler back in here. 273 00:20:01,880 --> 00:20:06,360 Removing evilest compiler. 274 00:20:06,360 --> 00:20:08,970 All we have left now is compiler. 275 00:20:08,970 --> 00:20:10,950 If we look at compiler.c, 276 00:20:10,950 --> 00:20:16,840 there is absolutely nothing in there that seems malicious in any way. 277 00:20:16,840 --> 00:20:22,390 If we look at login.c, 278 00:20:22,390 --> 00:20:28,790 there is absolutely nothing in here that looks malicious in any way. 279 00:20:28,790 --> 00:20:34,600 But, when we use our compiler to compile login.c, 280 00:20:34,600 --> 00:20:38,840 we get the hackable version of login.c. 281 00:20:38,840 --> 00:20:41,850 When we used our compiler to compile a new version of the compiler, 282 00:20:41,850 --> 00:20:46,620 we get the hackable version of the compiler. 283 00:20:46,620 --> 00:20:51,790 Now if we go out and distribute our compiler executable, 284 00:20:51,790 --> 00:20:59,280 and no one will know that there is anything malicious about it. 285 00:20:59,280 --> 00:21:04,680 >> This is actually so in--I can't remember the year-- 286 00:21:04,680 --> 00:21:10,350 Ken Thompson, and he won the Turing Award-- 287 00:21:10,350 --> 00:21:15,600 if you are unfamiliar with the Turing Award, it is almost always defined as the 288 00:21:15,600 --> 00:21:20,160 Nobel Prize of computer science, so that's how I'll define it. 289 00:21:20,160 --> 00:21:24,100 Ken Thompson gave a speech when he received his Turing Award 290 00:21:24,100 --> 00:21:27,150 called "Reflections on Trusting Trust." 291 00:21:27,150 --> 00:21:30,710 Basically, this was the idea of his speech. 292 00:21:30,710 --> 00:21:35,050 Except instead of our compiler, he was talking about GCC-- 293 00:21:35,050 --> 00:21:37,250 just another compiler like Clang-- 294 00:21:37,250 --> 00:21:45,600 and what he was saying is, like our login.c, our login.c seems relatively useless 295 00:21:45,600 --> 00:21:50,190 but he was talking about the actual UNIX login.c. 296 00:21:50,190 --> 00:21:53,050 When you login to your appliance, 297 00:21:53,050 --> 00:21:56,070 there is some login program that is running. 298 00:21:56,070 --> 00:21:58,080 That was the login that he was talking about. 299 00:21:58,080 --> 00:22:02,420 This was basically his idea. 300 00:22:02,420 --> 00:22:09,080 He said that in GCC, he in theory could have planted a bug-- 301 00:22:09,080 --> 00:22:12,290 not a bug but a malicious code-- 302 00:22:12,290 --> 00:22:16,860 that when compiling the login function--the login file-- 303 00:22:16,860 --> 00:22:23,700 would insert a back door so that he could go to absolutely any UNIX system in the world 304 00:22:23,700 --> 00:22:27,360 and login with some specific username and password. 305 00:22:27,360 --> 00:22:33,710 At the time, GCC was pretty much the compiler that everyone used for anything. 306 00:22:33,710 --> 00:22:36,460 If anyone happened to update GCC, 307 00:22:36,460 --> 00:22:40,880 then they would recompile GCC using GCC, 308 00:22:40,880 --> 00:22:44,500 and you would still get a bad version of GCC 309 00:22:44,500 --> 00:22:50,140 because it was specifically compiled to recognize that it was recompiling the compiler. 310 00:22:50,140 --> 00:22:57,360 And if you ever use GCC to recompile a login.c file, 311 00:22:57,360 --> 00:23:03,550 then it would insert this back door that he could use to login to any computer. 312 00:23:03,550 --> 00:23:08,750 >> This was all theoretical, but--that particular circumstance was theoretical, 313 00:23:08,750 --> 00:23:12,440 but the ideas are very real. 314 00:23:12,440 --> 00:23:18,250 In 2003, there was a similar example where-- 315 00:23:18,250 --> 00:23:21,290 we'll take a look at this file, 316 00:23:21,290 --> 00:23:25,870 and it has absolutely nothing to actually do with it, but the bug is similar. 317 00:23:25,870 --> 00:23:29,390 This file just defines a function called divide. 318 00:23:29,390 --> 00:23:31,780 It takes an argument a, an argument b, 319 00:23:31,780 --> 00:23:34,270 and the intent is to do a divided by b. 320 00:23:34,270 --> 00:23:37,230 But it does some error checking, 321 00:23:37,230 --> 00:23:40,070 so we know things are weird if b happens to equal zero. 322 00:23:40,070 --> 00:23:44,900 If b is zero, then we split this into 2 cases. 323 00:23:44,900 --> 00:23:46,900 You might already see the bug. 324 00:23:46,900 --> 00:23:51,840 The first case--if a is zero, then we're doing zero divided by zero, 325 00:23:51,840 --> 00:23:54,300 and we just say that's undefined. 326 00:23:54,300 --> 00:23:56,250 The second case--if a is not zero, 327 00:23:56,250 --> 00:24:00,580 then it's something like 1 divided by zero, and we just call that infinity. 328 00:24:00,580 --> 00:24:03,730 Else we return the usual a divided by b. 329 00:24:03,730 --> 00:24:06,390 And so here, we're running those 3 cases, 330 00:24:06,390 --> 00:24:13,740 and we actually run divide--it yells at it for me-- 331 00:24:13,740 --> 00:24:21,330 so, ignoring Clang's warnings-- 332 00:24:21,330 --> 00:24:24,500 end of non-void function--apparently I didn't compile this beforehand. 333 00:24:24,500 --> 00:24:26,500 Return 0. 334 00:24:26,500 --> 00:24:28,900 Make divide--all right. 335 00:24:28,900 --> 00:24:32,470 With ./divide, we see 3, Infinity, Infinity. 336 00:24:32,470 --> 00:24:39,150 Zero divided by zero should not have returned infinity. 337 00:24:39,150 --> 00:24:42,840 And if you haven't figured out the bug yet--or didn't see it before-- 338 00:24:42,840 --> 00:24:46,800 we see that we're doing a=0. 339 00:24:46,800 --> 00:24:52,610 Probably we meant a==0. Probably. 340 00:24:52,610 --> 00:24:58,640 >> But, this was actually something that, again, in 2003, the Linux kernel-- 341 00:24:58,640 --> 00:25:02,260 so our appliance uses the Linux kernel-- 342 00:25:02,260 --> 00:25:05,550 any Linux operating system uses the Linux kernel-- 343 00:25:05,550 --> 00:25:11,610 so a bug very similar to this showed up. 344 00:25:11,610 --> 00:25:15,180 The idea behind this bug was-- 345 00:25:15,180 --> 00:25:18,820 again, there was just some function that was called, and it did a bit of error checking. 346 00:25:18,820 --> 00:25:24,300 There were some specific inputs that this error checking-- 347 00:25:24,300 --> 00:25:30,210 it should have been like, all right, you can't call this function with a divisor of 0. 348 00:25:30,210 --> 00:25:35,070 So, I'm going to just return some error. 349 00:25:35,070 --> 00:25:38,090 Except, it wasn't as innocent as just setting a equal to 0. 350 00:25:38,090 --> 00:25:46,920 Instead, this line of code ended up doing something more like user = administrator. 351 00:25:46,920 --> 00:25:50,500 Or user = superuser. 352 00:25:50,500 --> 00:25:59,170 It was an innocent--at first glance--mistake where it could have just been reasonable 353 00:25:59,170 --> 00:26:01,560 that I only wanted to report something specific 354 00:26:01,560 --> 00:26:05,150 if the user happened to be the superuser administrator. 355 00:26:05,150 --> 00:26:11,220 But then re-thinking about it, the person wanted it to look like a simple typo, 356 00:26:11,220 --> 00:26:14,330 but if this code had actually been released, 357 00:26:14,330 --> 00:26:21,580 then you would have been able to hack into any system by passing a specific flag-- 358 00:26:21,580 --> 00:26:25,200 in this case b=0-- 359 00:26:25,200 --> 00:26:28,020 and it would automatically make the user the administrator, 360 00:26:28,020 --> 00:26:30,400 and then he has full control. 361 00:26:30,400 --> 00:26:32,540 This happened in 2003. 362 00:26:32,540 --> 00:26:35,700 >> It just so happened that the only reason it was caught 363 00:26:35,700 --> 00:26:39,200 was because there happened to be some automated system 364 00:26:39,200 --> 00:26:41,540 that noticed the change in this file 365 00:26:41,540 --> 00:26:44,560 which never should have been changed by a human. 366 00:26:44,560 --> 00:26:47,580 The file should only have been automatically generated. 367 00:26:47,580 --> 00:26:49,780 It just so happened that someone touched-- 368 00:26:49,780 --> 00:26:52,460 well, the person that wanted to hack touched that file, 369 00:26:52,460 --> 00:26:55,450 and the computer caught that touching. 370 00:26:55,450 --> 00:27:01,750 So, they changed this and only later realized what a disaster it would have been 371 00:27:01,750 --> 00:27:04,830 if this had gotten out into the real world. 372 00:27:04,830 --> 00:27:08,220 >> You may be thinking that--coming back to our compiler example-- 373 00:27:08,220 --> 00:27:14,290 even though we can't see--looking at the sourcecode-- 374 00:27:14,290 --> 00:27:17,490 that anything in particular is wrong, 375 00:27:17,490 --> 00:27:25,460 if we actually look at the binary code of compiler, 376 00:27:25,460 --> 00:27:28,670 we would see that something is wrong. 377 00:27:28,670 --> 00:27:31,260 As an example, if we run the strings function-- 378 00:27:31,260 --> 00:27:34,930 which is just going to look over a file and print out all strings it can find-- 379 00:27:34,930 --> 00:27:37,990 if we run strings on our compiler, 380 00:27:37,990 --> 00:27:42,400 we see that one string that it finds is this strange-- 381 00:27:42,400 --> 00:27:45,500 else if (strcmp(username, "hacker")--blah, blah, blah. 382 00:27:45,500 --> 00:27:52,570 If someone happened to be paranoid enough to not trust their compiler, 383 00:27:52,570 --> 00:27:56,690 they could run strings and see this, 384 00:27:56,690 --> 00:28:00,430 and then they would know that there was something wrong with the actual binary. 385 00:28:00,430 --> 00:28:07,250 But, strings was inevitably something that was compiled. 386 00:28:07,250 --> 00:28:11,590 So, who's to say that our compiler doesn't just have more special code 387 00:28:11,590 --> 00:28:19,240 that says, if strings is ever run on our compiler, don't output all of that malicious code. 388 00:28:19,240 --> 00:28:23,980 >> The same idea with if we want to dis-assemble the file-- 389 00:28:23,980 --> 00:28:30,440 we learned that the assembler brings us from assembly code to a machine code-- 390 00:28:30,440 --> 00:28:36,010 we can go in the opposite direction--objdump -d compiler-- 391 00:28:36,010 --> 00:28:38,770 will give us the assembly of our code. 392 00:28:38,770 --> 00:28:41,730 Looking at this, 393 00:28:41,730 --> 00:28:47,480 it's pretty cryptic, but if we wanted, we could look through this 394 00:28:47,480 --> 00:28:51,700 and reason, wait, there's something going on in here that shouldn't be going on, 395 00:28:51,700 --> 00:28:59,380 and then we'll recognize that the compiler is doing something malicious. 396 00:28:59,380 --> 00:29:03,950 But, just like strings, who's to say objdump wasn't special-cased. 397 00:29:03,950 --> 00:29:11,380 Basically, it comes down to you can't trust anything. 398 00:29:11,380 --> 00:29:14,310 The point of the paper being called "Trusting Trust" is 399 00:29:14,310 --> 00:29:17,900 in general, we trust our compiler. 400 00:29:17,900 --> 00:29:21,700 You compile your code and expect it to do what you ask it to do. 401 00:29:21,700 --> 00:29:26,440 But, why should you trust the compiler? 402 00:29:26,440 --> 00:29:32,120 You did not write the compiler. You don't know what the compiler is necessarily actually doing. 403 00:29:32,120 --> 00:29:36,870 Who's to say you can trust it? 404 00:29:36,870 --> 00:29:40,050 But even then, well, maybe we can trust the compiler. 405 00:29:40,050 --> 00:29:44,670 There are tens of thousands of people who have looked at this. 406 00:29:44,670 --> 00:29:51,360 Someone must have recognized something was up with the compiler. 407 00:29:51,360 --> 00:29:55,100 >> What if we just go 1 level deeper? 408 00:29:55,100 --> 00:29:59,450 It could even be your processor. 409 00:29:59,450 --> 00:30:01,250 As ridiculous as it could possibly be, 410 00:30:01,250 --> 00:30:06,690 maybe there's some rogue employee at Intel who creates these processors 411 00:30:06,690 --> 00:30:12,400 that whenever that processor notices that you're running some command 412 00:30:12,400 --> 00:30:14,570 that's meant to login to the computer, 413 00:30:14,570 --> 00:30:19,230 the processor will accept some specific username and password combination. 414 00:30:19,230 --> 00:30:21,530 It would be wildly complicated, 415 00:30:21,530 --> 00:30:24,790 but someone could do it. 416 00:30:24,790 --> 00:30:29,350 At that point, are you really going to open up your computer to look at the processor 417 00:30:29,350 --> 00:30:35,970 and use a microscope to recognize that these circuits are not lined up as they should be? 418 00:30:35,970 --> 00:30:39,730 No one is ever going to catch that error. 419 00:30:39,730 --> 00:30:45,570 At some point, you just have to give up and trust something. 420 00:30:45,570 --> 00:30:48,390 Most people do trust the compiler at this point. 421 00:30:48,390 --> 00:30:55,760 That is to say not necessarily that you should. 422 00:30:55,760 --> 00:30:59,350 Looking at a somewhat infamous video-- 423 00:30:59,350 --> 00:31:09,280 [dramatic music playing] 424 00:31:09,280 --> 00:31:13,270 [It's a UNIX system. I know this.] 425 00:31:13,270 --> 00:31:14,470 [It's all the files--] 426 00:31:14,470 --> 00:31:18,950 She said, "It's a UNIX system. I know this." 427 00:31:18,950 --> 00:31:21,760 Replace UNIX with whatever your favorite operating system is-- 428 00:31:21,760 --> 00:31:25,230 she could have said, "It's a Windows system. I know this." 429 00:31:25,230 --> 00:31:29,710 It's a completely meaningless statement, 430 00:31:29,710 --> 00:31:34,450 but for all we know, she happens to know a back door into the UNIX system. 431 00:31:34,450 --> 00:31:38,840 She knows some username/password combination that will actually let her 432 00:31:38,840 --> 00:31:41,540 do whatever she wants. 433 00:31:41,540 --> 00:31:49,000 >> All right. The moral of today is basically you can't trust anything. 434 00:31:49,000 --> 00:31:52,620 Even things you write--you didn't write the compiler. 435 00:31:52,620 --> 00:31:53,870 The compiler could be bad. 436 00:31:53,870 --> 00:31:59,140 Even if you did write the compiler, the thing that's running the compiler could be bad. 437 00:31:59,140 --> 00:32:05,210 (laughing) There's not much you can do. 438 00:32:05,210 --> 00:32:09,050 The world is doomed. 439 00:32:09,050 --> 00:32:11,570 Back to David! 440 00:32:11,570 --> 00:32:19,540 [applause] 441 00:32:19,540 --> 00:32:21,340 >> [David] Thanks. That was really depressing. 442 00:32:21,340 --> 00:32:23,910 But indeed, Rob is correct. 443 00:32:23,910 --> 00:32:27,150 We don't really have a solution to that, but you're about to get some solutions 444 00:32:27,150 --> 00:32:29,150 to some more common defenses. 445 00:32:29,150 --> 00:32:31,170 In anticipation of this, what Nate and I have been doing offstage there 446 00:32:31,170 --> 00:32:33,950 is knowing that there are so many laptops in this room, 447 00:32:33,950 --> 00:32:37,020 we've been sniffing all of the wireless traffic going through this room for the past 20 minutes 448 00:32:37,020 --> 00:32:39,260 during Rob's talk, so we're going to take a 2 minute break here. 449 00:32:39,260 --> 00:32:41,740 Nate's going to set up, and then we're going to talk about all of the stuff 450 00:32:41,740 --> 00:32:46,380 we could have found. (laughter) 451 00:32:46,380 --> 00:32:51,990 >> So, I may have exaggerated a little bit just for the sake of drama, 452 00:32:51,990 --> 00:32:55,990 but we could have been sniffing all of your wireless traffic because indeed, 453 00:32:55,990 --> 00:32:57,240 it is that easy. 454 00:32:57,240 --> 00:32:59,790 But there are also ways that you can defend against this, and so with that, 455 00:32:59,790 --> 00:33:03,160 I give you Nate Hardison. >>[Nate] Sweet. 456 00:33:03,160 --> 00:33:06,300 (applause) 457 00:33:06,300 --> 00:33:08,650 >> [Nate] Thanks, man. I appreciate the shout out. 458 00:33:08,650 --> 00:33:12,790 All right! It's game week. Are you guys excited? 459 00:33:12,790 --> 00:33:16,670 Hopefully it's going to be a big game on Saturday. 460 00:33:16,670 --> 00:33:20,220 I imagine you guys at this point--given that you have a quiz on Wednesday 461 00:33:20,220 --> 00:33:24,430 all about code, and we just sat through a wonderful lecture by Rob 462 00:33:24,430 --> 00:33:25,850 with a whole bunch of C code in it-- 463 00:33:25,850 --> 00:33:28,330 are maybe a little bit tired of code. 464 00:33:28,330 --> 00:33:32,180 In this part, we're actually not going to touch any code whatsoever. 465 00:33:32,180 --> 00:33:36,960 We're just going to talk about a technology that you use every day, 466 00:33:36,960 --> 00:33:39,790 often for many, many hours a day, 467 00:33:39,790 --> 00:33:46,220 and we'll talk about the implications with security that there are. 468 00:33:46,220 --> 00:33:48,960 >> We've talked a lot about security over the course of the semester, 469 00:33:48,960 --> 00:33:53,030 and we started off with a little bit of crypto. 470 00:33:53,030 --> 00:33:55,030 [Bdoh lv vwlqng!] 471 00:33:55,030 --> 00:33:57,890 And while you guys are probably super-excited to be passing notes to each other 472 00:33:57,890 --> 00:33:59,890 in class using a Caesar cipher like this one, 473 00:33:59,890 --> 00:34:03,870 in reality, there's some more fun to be had when you're actually talking about security 474 00:34:03,870 --> 00:34:05,870 and that kind of stuff. 475 00:34:05,870 --> 00:34:09,090 Today, we're going to cover a few technologies 476 00:34:09,090 --> 00:34:13,650 that people actually use in the real world to do all sorts of things 477 00:34:13,650 --> 00:34:18,360 from sniffing people's packets to actually going in and 478 00:34:18,360 --> 00:34:20,409 breaking into people's bank accounts and all of that. 479 00:34:20,409 --> 00:34:23,460 These are legitimate tools that we're talking about 480 00:34:23,460 --> 00:34:26,320 with the exception of possibly one tool. 481 00:34:26,320 --> 00:34:28,889 >> And I just want to make a quick disclaimer. 482 00:34:28,889 --> 00:34:34,909 When we talk about these things, we're talking about them so you know what's out there, 483 00:34:34,909 --> 00:34:39,389 and you're aware of how to be safe when you're out using your computer. 484 00:34:39,389 --> 00:34:44,000 But we definitely don't want to imply that you should use these tools 485 00:34:44,000 --> 00:34:48,090 in your dorm or your house because you can run into lots of big issues. 486 00:34:48,090 --> 00:34:52,760 That's one reason today that we actually weren't sniffing your packets. 487 00:34:52,760 --> 00:35:01,300 >> All right. Last Monday, we talked about cookies, and HTTP, and authentication, 488 00:35:01,300 --> 00:35:05,920 and how Firesheep opens this big door into your Facebook account, 489 00:35:05,920 --> 00:35:08,670 to your Hotmail account--if anybody's still using Hotmail-- 490 00:35:08,670 --> 00:35:12,360 and many other accounts. 491 00:35:12,360 --> 00:35:16,980 A lot of this stuff is going to build off of that, 492 00:35:16,980 --> 00:35:22,070 but first, I want to take a quick tour of how the Internet has evolved over time. 493 00:35:22,070 --> 00:35:27,490 Back in the '90s, you guys might have remembered actually plugging in 494 00:35:27,490 --> 00:35:29,880 your computers with one of these. 495 00:35:29,880 --> 00:35:32,640 Now we don't do that so much anymore. 496 00:35:32,640 --> 00:35:37,230 It actually turns out that in order to plug an Ethernet cable into my laptop, 497 00:35:37,230 --> 00:35:41,710 I now have to use one of these adapters which is kind of crazy. 498 00:35:41,710 --> 00:35:47,580 >> Instead, in 1997 we had this new, fun technology 499 00:35:47,580 --> 00:35:54,960 came out that is known as IEEE 802.11, so this is the wireless internet standard 500 00:35:54,960 --> 00:36:00,430 The IEEE is this governing body that gives out all sorts of-- 501 00:36:00,430 --> 00:36:04,770 publishes all sorts of standards with relation to computers. 502 00:36:04,770 --> 00:36:08,780 The 802 standards are all about Internet technologies. 503 00:36:08,780 --> 00:36:12,690 So 802.3, for example, is the Ethernet standard, 504 00:36:12,690 --> 00:36:17,120 802.15.1 I believe is the Bluetooth standard, 505 00:36:17,120 --> 00:36:19,540 and 802.11 is all about wireless Internet. 506 00:36:19,540 --> 00:36:24,150 In 1997 this came out. It didn't quite catch on right away. 507 00:36:24,150 --> 00:36:30,200 It wasn't until 1999 and the 802.11b standard came out that just got really popular. 508 00:36:30,200 --> 00:36:36,330 >> How many of you remember when computers started coming out and getting wi-fi on them? 509 00:36:36,330 --> 00:36:38,330 That was kind of cool, huh? 510 00:36:38,330 --> 00:36:41,260 I remember getting my first laptop in high school, 511 00:36:41,260 --> 00:36:44,250 and it had a wireless card in it. 512 00:36:44,250 --> 00:36:49,580 My dad gave it to me and was saying that I should use it for my college apps and all of that, 513 00:36:49,580 --> 00:36:53,030 and I had no idea how I was going to look up this stuff online. 514 00:36:53,030 --> 00:36:54,640 But fortunately, I had a wireless card, so that was pretty cool. 515 00:36:54,640 --> 00:37:04,090 Nowadays, you'll also see 802.11g which is one of the other really popular 516 00:37:04,090 --> 00:37:06,090 wireless standards that's out there. 517 00:37:06,090 --> 00:37:08,660 Both b and g are pretty outdated at this point. 518 00:37:08,660 --> 00:37:12,580 Anybody know what version most people are on right now 519 00:37:12,580 --> 00:37:15,110 if they're buying new wireless routers and that kind of stuff? 520 00:37:15,110 --> 00:37:24,290 N. Exactly. Bingo. And it turns out that the ac standard is just coming out in a draft form, 521 00:37:24,290 --> 00:37:28,050 and there are other versions on the way. 522 00:37:28,050 --> 00:37:31,190 With each of these standards what we're gaining is more bandwidth, 523 00:37:31,190 --> 00:37:33,900 more data at a faster rate. 524 00:37:33,900 --> 00:37:36,260 These things keep changing pretty quickly. 525 00:37:36,260 --> 00:37:39,880 It also makes it so that we have to buy more routers and all that fun stuff. 526 00:37:39,880 --> 00:37:48,160 >> Let's talk about what wireless communication actually is at its core. 527 00:37:48,160 --> 00:37:51,790 With Ethernet and those old dial-up modems, 528 00:37:51,790 --> 00:37:55,780 you actually had this stuff that you plugged into your computer, 529 00:37:55,780 --> 00:37:59,820 and then you plugged into a modem of sorts, and then you plugged it into a jack in your wall. 530 00:37:59,820 --> 00:38:01,820 You had this wired connection, right? 531 00:38:01,820 --> 00:38:06,030 The whole point of wireless is getting rid of this stuff. 532 00:38:06,030 --> 00:38:10,300 In order to do that, what we have is essentially 533 00:38:10,300 --> 00:38:13,960 a radio communication where our wireless router-- 534 00:38:13,960 --> 00:38:16,230 designated by our little wireless icon-- 535 00:38:16,230 --> 00:38:21,730 is connected to the Internet with this solid arrow indicating some sort of wired connection, 536 00:38:21,730 --> 00:38:24,640 but when you connect to your wireless router 537 00:38:24,640 --> 00:38:29,190 you're actually using almost like a walkie-talkie between 538 00:38:29,190 --> 00:38:31,960 your computer and your wireless router. 539 00:38:31,960 --> 00:38:35,150 What's really cool about this is you can move around. 540 00:38:35,150 --> 00:38:40,900 You can carry your computer all over Sanders, go surf the web, whatever you want, 541 00:38:40,900 --> 00:38:43,240 just like you all know and love, 542 00:38:43,240 --> 00:38:46,030 and you don't ever have to be plugged in to anything. 543 00:38:46,030 --> 00:38:53,880 For this to work, we have both this reception and transmission. 544 00:38:53,880 --> 00:38:56,060 It really is like that walkie-talkie. 545 00:38:56,060 --> 00:39:03,800 >> This wireless router--which in Sanders is sitting underneath this stage, right here-- 546 00:39:03,800 --> 00:39:06,590 is always broadcasting and receiving, broadcasting and receiving, 547 00:39:06,590 --> 00:39:09,330 and likewise, your computers are all doing that same sort of thing, too. 548 00:39:09,330 --> 00:39:12,840 We just can't hear it. 549 00:39:12,840 --> 00:39:17,900 The other thing that you can do is you can have multiple computers 550 00:39:17,900 --> 00:39:22,200 talking to the same wireless router. 551 00:39:22,200 --> 00:39:25,680 The closer you are to a router--and again, this is a radio communication-- 552 00:39:25,680 --> 00:39:30,320 the closer you are, the better your signal is, the better your computer 'hears' the router 553 00:39:30,320 --> 00:39:32,460 and can communicate with the Internet. 554 00:39:32,460 --> 00:39:39,520 If you guys are ever at your dorm, at your house and you're wondering why your signal's bad, 555 00:39:39,520 --> 00:39:42,230 it's probably because a). you're not very close to your router, or 556 00:39:42,230 --> 00:39:46,930 b). there's something in between you and your router like a cement wall or something 557 00:39:46,930 --> 00:39:50,720 that doesn't let those radio waves go through. 558 00:39:50,720 --> 00:39:57,850 >> Let's talk a little bit about why bad guys like wi-fi. 559 00:39:57,850 --> 00:40:02,980 Bad guys love wi-fi for a few reasons. 560 00:40:02,980 --> 00:40:06,670 Here's our nasty bad guy right there. 561 00:40:06,670 --> 00:40:10,660 One reason why this bad guy loves wi-fi 562 00:40:10,660 --> 00:40:18,770 is because, by default, a lot of wireless routers come and when you set them up, 563 00:40:18,770 --> 00:40:20,950 they're unencrypted. 564 00:40:20,950 --> 00:40:23,970 This has been a problem, and there have been instances-- 565 00:40:23,970 --> 00:40:28,210 multiple instances, now--where bad guy shows up to somebody's house, 566 00:40:28,210 --> 00:40:32,630 notices that there's an unencrypted wi-fi to which they can connect. 567 00:40:32,630 --> 00:40:37,350 They connect to the wi-fi, and then they start downloading all sorts of fun stuff. 568 00:40:37,350 --> 00:40:40,890 And they're not downloading kittens, they're not downloading puppies. 569 00:40:40,890 --> 00:40:44,610 This is like BitTorrent. This is the nasty of the nastiest. 570 00:40:44,610 --> 00:40:48,740 There have been cases where the FBI has even gotten involved 571 00:40:48,740 --> 00:40:52,390 thinking that the person who owns the house is actually the one 572 00:40:52,390 --> 00:40:56,090 going out there and downloading stuff that they really shouldn't be. 573 00:40:56,090 --> 00:41:00,730 Having unencrypted wi-fi is definitely not something you want to do, 574 00:41:00,730 --> 00:41:06,340 if only to not have the FBI come knock at your door. 575 00:41:06,340 --> 00:41:09,910 >> Another reason why bad guys love wi-fi 576 00:41:09,910 --> 00:41:13,870 is the reason that David talked about earlier during the break. 577 00:41:13,870 --> 00:41:17,240 Because it's a radio communication at its core, 578 00:41:17,240 --> 00:41:22,460 if you know the channel, you can listen to that radio station. 579 00:41:22,460 --> 00:41:31,870 For example, if there's a bad right there sitting in the middle right next to the access point, 580 00:41:31,870 --> 00:41:36,830 right next to that wireless router, the bad guy can listen in on all of the wireless traffic 581 00:41:36,830 --> 00:41:40,240 that's coming from all of those computers. 582 00:41:40,240 --> 00:41:44,590 In fact, these guys--these lucky few who are here in the front row-- 583 00:41:44,590 --> 00:41:47,610 because they are super-close to all of these wireless routers 584 00:41:47,610 --> 00:41:49,950 that sit just underneath the stage, 585 00:41:49,950 --> 00:41:53,780 they would be able to hear everybody's traffic in this entire room 586 00:41:53,780 --> 00:41:59,480 if you're connected to wi-fi and start browsing through these access points. 587 00:41:59,480 --> 00:42:03,740 It's not very hard to sit yourself in a good position to sniff and figure out 588 00:42:03,740 --> 00:42:07,030 what other people are doing. 589 00:42:07,030 --> 00:42:10,830 It's something to keep in mind, especially if you're not sure where the access point is, 590 00:42:10,830 --> 00:42:15,010 and you're browsing say, at a Starbucks. 591 00:42:15,010 --> 00:42:17,360 >> It turns out that sniffing and all of that 592 00:42:17,360 --> 00:42:19,440 isn't really all that hard to do. 593 00:42:19,440 --> 00:42:25,430 There's a program called tcpdump which dumps all sorts of TCP traffic 594 00:42:25,430 --> 00:42:29,910 and you can run it pretty simply--just like I did this morning. 595 00:42:29,910 --> 00:42:32,810 Here's a little bit of a dump, and here's some of the traffic that was coming over 596 00:42:32,810 --> 00:42:34,960 my network at the time. 597 00:42:34,960 --> 00:42:41,500 You can see--if you squint really hard--there's a little bit of Spotify in there. 598 00:42:41,500 --> 00:42:44,050 On top of tcpdump--because this is kind of a pain to use-- 599 00:42:44,050 --> 00:42:48,860 there's a program called Wireshark which bundles this all up in a nice GUI. 600 00:42:48,860 --> 00:42:51,970 Wireshark is super-handy so if you go on to take networking classes, 601 00:42:51,970 --> 00:42:56,780 this is a tool that you'll come to love since it helps you dissect all of the packets 602 00:42:56,780 --> 00:42:59,400 that are floating around out there. 603 00:42:59,400 --> 00:43:01,810 But it can also be used for bad. 604 00:43:01,810 --> 00:43:05,810 It's very simple to just download this program, boot it up, 605 00:43:05,810 --> 00:43:09,300 start a network capture, and see everything that's going on-- 606 00:43:09,300 --> 00:43:14,130 and filter and do all sorts of fun stuff with it. 607 00:43:14,130 --> 00:43:17,930 >> The other thing that you can do with wireless communication 608 00:43:17,930 --> 00:43:25,380 is not only can you eavesdrop but you can also learn how to screw with the network 609 00:43:25,380 --> 00:43:31,020 and inject your own information to control the experience that other people 610 00:43:31,020 --> 00:43:35,140 on the same wireless network are getting. 611 00:43:35,140 --> 00:43:37,140 Let's take a look at that. 612 00:43:37,140 --> 00:43:40,700 Here's Firesheep--which we know and love from last week-- 613 00:43:40,700 --> 00:43:43,590 which is that eavesdropping technology. 614 00:43:43,590 --> 00:43:50,360 If, for example, we wanted to actively have our bad guy go and mess around with 615 00:43:50,360 --> 00:43:52,690 one of these computers, 616 00:43:52,690 --> 00:43:58,380 in this scenario we've got a computer trying to go surf to harvard.edu. 617 00:43:58,380 --> 00:44:04,690 What happens is, the computer first sends a message to the wireless router and says, 618 00:44:04,690 --> 00:44:07,920 hey, I want to go visit www.harvard.edu. 619 00:44:07,920 --> 00:44:10,610 Say for some reason they're trying to get information about the game this weekend. 620 00:44:10,610 --> 00:44:14,940 Bad guy, since he's sitting right in the middle, 621 00:44:14,940 --> 00:44:18,730 right next to that access point, can see that communication coming from the computer 622 00:44:18,730 --> 00:44:26,170 into the router, and he knows, "Aha! Somebody's going to harvard.edu." (evilly laughs) 623 00:44:26,170 --> 00:44:33,870 There's going to be this latency while the communication goes from the router 624 00:44:33,870 --> 00:44:37,780 out to the Internet to go find the webpage at harvard.edu-- 625 00:44:37,780 --> 00:44:42,020 just like you guys all know after doing your PHP psets-- 626 00:44:42,020 --> 00:44:45,680 and so the bad guy has a little bit of time, a little bit of window, 627 00:44:45,680 --> 00:44:49,410 in which he can respond with some stuff. 628 00:44:49,410 --> 00:44:53,660 >> Let's say this bad guy, of course, is a Yaley. 629 00:44:53,660 --> 00:44:59,990 He responds with harvardsucks.org. Boo! 630 00:44:59,990 --> 00:45:02,300 Bad, bad guy! Bad Yaley! 631 00:45:02,300 --> 00:45:06,020 Or even worse, he might respond with that. [http://youtu.be/ZSBq8geuJk0]. 632 00:45:06,020 --> 00:45:09,530 I'll let you guys figure out what that is. 633 00:45:09,530 --> 00:45:14,840 This is actually a technology called Airpwn! which was debuted at 634 00:45:14,840 --> 00:45:18,950 one of the security conferences a few years back. 635 00:45:18,950 --> 00:45:25,190 With Airpwn! you're able to actually inject traffic back into the network. 636 00:45:25,190 --> 00:45:30,060 The computers that were trying to go out to the Internet and trying to get to 637 00:45:30,060 --> 00:45:33,090 Google.com, to Facebook.com, to harvard.edu 638 00:45:33,090 --> 00:45:39,190 see the malicious response come in and immediately assume, okay, 639 00:45:39,190 --> 00:45:43,550 that's the response that I was waiting for and end up getting content from 640 00:45:43,550 --> 00:45:48,860 harvardsucks.org or nameyourfavoriteshocksite.com, 641 00:45:48,860 --> 00:45:55,270 and you can see how quickly things will deteriorate. 642 00:45:55,270 --> 00:46:00,190 >> All of these sorts of things can't be done 643 00:46:00,190 --> 00:46:05,870 with these wired connections because with a wired connection 644 00:46:05,870 --> 00:46:08,710 it's hard to snoop on to traffic. 645 00:46:08,710 --> 00:46:13,020 If I'm a bad guy and on one end is your computer 646 00:46:13,020 --> 00:46:14,460 and on the other end is your router--your modem-- 647 00:46:14,460 --> 00:46:20,180 the only way I can get in between that connection is to actually splice my computer 648 00:46:20,180 --> 00:46:22,180 in somewhere in the middle 649 00:46:22,180 --> 00:46:26,820 or do something else with the router, something downstream. 650 00:46:26,820 --> 00:46:33,360 But with wireless, it can be as easy as sitting in the front row of a classroom, 651 00:46:33,360 --> 00:46:38,200 and you can do all sorts of nasty stuff to the people in the back. 652 00:46:38,200 --> 00:46:41,570 >> Let's talk about how you might defend against some of these things. 653 00:46:41,570 --> 00:46:46,860 The people who developed the wireless standards--the 802.11-- 654 00:46:46,860 --> 00:46:50,820 they are not dumb people by any stretch of the imagination. 655 00:46:50,820 --> 00:46:56,110 This is cool technology and when it debuted in 1999, 656 00:46:56,110 --> 00:47:00,780 they came out with this standard called WEP. 657 00:47:00,780 --> 00:47:03,360 You can see here when you try and join a wireless network, 658 00:47:03,360 --> 00:47:07,450 you have all sorts of different security options. 659 00:47:07,450 --> 00:47:11,800 That's kind of a pain because there are 6 all together 660 00:47:11,800 --> 00:47:14,790 and it never really makes sense which 1 to join. 661 00:47:14,790 --> 00:47:19,190 This 1 at the top is the first one that they came up with called WEP. 662 00:47:19,190 --> 00:47:27,960 WEP stands for Wired Equivalent Privacy, I believe, 663 00:47:27,960 --> 00:47:31,730 not Wireless Encryption Protocol which is a common misnomer. 664 00:47:31,730 --> 00:47:36,170 Because it tries to give you privacy equivalent and security protection 665 00:47:36,170 --> 00:47:40,590 equivalent to that of a wired network 666 00:47:40,590 --> 00:47:46,710 With WEP what ends up happening is, 667 00:47:46,710 --> 00:47:52,300 you have a simple, little password that you type in and that serves to encrypt 668 00:47:52,300 --> 00:47:56,210 all of your communications between your computer and your router. 669 00:47:56,210 --> 00:47:58,210 >> What's the problem with WEP though? 670 00:47:58,210 --> 00:48:01,470 The password with WEP is really short, 671 00:48:01,470 --> 00:48:04,900 and also everybody uses that same exact password, 672 00:48:04,900 --> 00:48:07,610 and so it's really easy to decrypt. 673 00:48:07,610 --> 00:48:10,580 So very quickly people figured out that WEP was a problem, 674 00:48:10,580 --> 00:48:16,100 and the only reason you see it show up still on this little guy is-- 675 00:48:16,100 --> 00:48:18,890 there are some older systems that do use WEP-- 676 00:48:18,890 --> 00:48:25,710 what you should instead be looking for are the WPA and even WPA2 standards 677 00:48:25,710 --> 00:48:29,130 that were released later on. 678 00:48:29,130 --> 00:48:35,040 These systems are a much better go at protection on wireless Internet. 679 00:48:35,040 --> 00:48:41,090 That said, they still do have some hackability. 680 00:48:41,090 --> 00:48:44,010 There are tools out there that can go do this. 681 00:48:44,010 --> 00:48:47,490 One thing in particular that can be nasty is that 682 00:48:47,490 --> 00:48:55,370 if you connect and authenticated to a wireless router and are using some sort of 683 00:48:55,370 --> 00:49:00,940 encrypted communication, it turns out that a hacker can easily send a single packet 684 00:49:00,940 --> 00:49:03,990 to disconnect you from the router, 685 00:49:03,990 --> 00:49:07,220 and once they've disconnected you they can then listen in-- 686 00:49:07,220 --> 00:49:11,800 they can sniff those packets as you try to re-establish the connection with your router. 687 00:49:11,800 --> 00:49:16,800 And with that information they can then go in and decrypt the rest of your communication. 688 00:49:16,800 --> 00:49:24,580 This isn't by any means any sort of secure beyond all imagination. 689 00:49:24,580 --> 00:49:30,060 >> The other thing you can do when you're setting up wireless networks 690 00:49:30,060 --> 00:49:35,460 or you're joining them is--you notice that here when I'm joining this network, 691 00:49:35,460 --> 00:49:37,640 it asks for the name of my network. 692 00:49:37,640 --> 00:49:41,060 This is also known as the SSID. 693 00:49:41,060 --> 00:49:48,610 And you see here that on the right I have a box that shows me the available SSIDs. 694 00:49:48,610 --> 00:49:52,690 There's a Harvard University, a CS50, and a CS50 Staff network. 695 00:49:52,690 --> 00:49:59,180 Now, how many of you knew there was a CS50 Staff network around? 696 00:49:59,180 --> 00:50:01,910 Some of you. Not all of you. 697 00:50:01,910 --> 00:50:08,800 The problem with this, of course, is that had we not put this up on our list of SSIDs, 698 00:50:08,800 --> 00:50:10,930 nobody would have known about it most likely. 699 00:50:10,930 --> 00:50:16,090 I hope. Unless you guys are all trying to crack into our wireless. 700 00:50:16,090 --> 00:50:18,700 But this is something you can do that's really important when you're setting up 701 00:50:18,700 --> 00:50:20,280 a router at home. 702 00:50:20,280 --> 00:50:22,820 This probably won't happen for a few years for a lot of you, 703 00:50:22,820 --> 00:50:29,010 but do keep in mind that keeping that SSID out of there and not also naming it 704 00:50:29,010 --> 00:50:34,630 something super-common will help keep you more secure in the long run. 705 00:50:34,630 --> 00:50:38,070 >> A final couple of things you can do. One is HTTPS. 706 00:50:38,070 --> 00:50:44,760 If you are at a Starbucks, if you are in a public wi-fi area 707 00:50:44,760 --> 00:50:52,620 and you do decide to access your bank account, access your Gmail, your Facebook, 708 00:50:52,620 --> 00:50:56,140 make sure that those connections are going over HTTPS. 709 00:50:56,140 --> 00:50:59,800 It's an added layer of security, an added layer of encryption. 710 00:50:59,800 --> 00:51:01,520 The one thing to keep in mind here is, 711 00:51:01,520 --> 00:51:04,740 how many of you have ever clicked through that big, red screen that says, 712 00:51:04,740 --> 00:51:07,480 "This website might be bad." 713 00:51:07,480 --> 00:51:09,710 I know I have. 714 00:51:09,710 --> 00:51:13,090 It's probably when you're all browsing to go see Homeland or something like that, right? 715 00:51:13,090 --> 00:51:19,900 Yeah. (audience laughter) Yeah. There you go. We know who's watching Homeland. 716 00:51:19,900 --> 00:51:24,540 That big, red screen right there 717 00:51:24,540 --> 00:51:28,600 often indicates that something funky is going on. 718 00:51:28,600 --> 00:51:32,530 Sometimes it's just the website itself is insecure, 719 00:51:32,530 --> 00:51:35,520 but that same big, red screen comes up when people are trying to 720 00:51:35,520 --> 00:51:37,520 mount network attacks on you. 721 00:51:37,520 --> 00:51:40,220 So if you see that big, red screen come up at a Starbucks, 722 00:51:40,220 --> 00:51:42,440 don't click through it. 723 00:51:42,440 --> 00:51:45,350 Bad news. Bad news bears. 724 00:51:45,350 --> 00:51:51,490 >> The final thing that you can look at 725 00:51:51,490 --> 00:51:54,120 is some sort of VPN. 726 00:51:54,120 --> 00:52:00,280 This VPN is available through Harvard--vpn.fas.harvard.edu-- 727 00:52:00,280 --> 00:52:03,260 and what this does is it actually establishes a secure connection 728 00:52:03,260 --> 00:52:06,460 between you and Harvard, funnels your traffic through it, 729 00:52:06,460 --> 00:52:12,160 and that way if you're sitting at a place like a Starbucks 730 00:52:12,160 --> 00:52:19,030 you can connect to Harvard, get that safe traffic, and then browse from Harvard. 731 00:52:19,030 --> 00:52:21,950 Again, not foolproof. People can get in the middle. 732 00:52:21,950 --> 00:52:25,850 They can start to break it, but this is far more secure than relying on the security 733 00:52:25,850 --> 00:52:28,620 of the wi-fi alone. 734 00:52:28,620 --> 00:52:32,570 >> All right. In sum, 735 00:52:32,570 --> 00:52:34,580 when you are setting up wireless networks, 736 00:52:34,580 --> 00:52:37,250 when you are going out to use wireless in public-- 737 00:52:37,250 --> 00:52:43,430 whether it's a Starbucks, whether it's Five Guys, whether it's B.Good, 738 00:52:43,430 --> 00:52:46,440 something like that--wherever they have wi-fi-- 739 00:52:46,440 --> 00:52:48,440 be aware of your surroundings. 740 00:52:48,440 --> 00:52:50,440 Be aware of what people can do. 741 00:52:50,440 --> 00:52:53,890 And be safe. Don't access your bank account. 742 00:52:53,890 --> 00:52:58,740 It could be a rude awakening if somebody shows up with your password later on. 743 00:52:58,740 --> 00:53:05,480 With that, go crimson! And I'm going to turn things back over to David for a final word. 744 00:53:05,480 --> 00:53:11,270 (applause) 745 00:53:11,270 --> 00:53:14,360 >> [David] I thought I'd share one thing from personal experience. 746 00:53:14,360 --> 00:53:19,940 A tool you might like to play with--though Apple has largely eradicated this issue 747 00:53:19,940 --> 00:53:22,710 if you've updated your software since-- 748 00:53:22,710 --> 00:53:26,670 but toward this end of not really being able to trust software that we use, 749 00:53:26,670 --> 00:53:33,270 and to Nate's points, being able to sniff quite a bit of what other people are doing 750 00:53:33,270 --> 00:53:37,010 out there--this was a piece of software that came out about a year-and-a-half ago now. 751 00:53:37,010 --> 00:53:39,010 [iPhoneTracker] [http://petewarden.github.com/iPhoneTracker/] 752 00:53:39,010 --> 00:53:41,010 For some time, iTunes--before iCloud, when you were syncing your iPods or your iPhones or 753 00:53:41,010 --> 00:53:45,570 or your iPads with iTunes--in the interest of backups, 754 00:53:45,570 --> 00:53:48,340 what your iPhone and these other devices have been doing for some time is 755 00:53:48,340 --> 00:53:50,340 making use of GPS data. 756 00:53:50,340 --> 00:53:52,710 >> You all know perhaps that your iPhones and Androids and Windows mobile phones 757 00:53:52,710 --> 00:53:55,410 and the like these days can track where you are in the interest of showing you maps 758 00:53:55,410 --> 00:53:59,440 and similar--well what Apple and these other companies do is 759 00:53:59,440 --> 00:54:02,650 they typically track almost everywhere you've actually been in the interest of 760 00:54:02,650 --> 00:54:05,380 improving quality of service. 761 00:54:05,380 --> 00:54:07,170 One, you can get more targeted advertising and the like, 762 00:54:07,170 --> 00:54:10,740 but two, they can also figure out where are there wireless hotspots in the world, 763 00:54:10,740 --> 00:54:14,780 and this can help with geo-location--sort of triangulation of people's position. 764 00:54:14,780 --> 00:54:18,520 >> Long story short, all of us had been walking antennae for some amount of time. 765 00:54:18,520 --> 00:54:22,180 Unfortunately, Apple had made the design decision--or lack thereof-- 766 00:54:22,180 --> 00:54:26,590 to not encrypt this information when it was being backed-up to iTunes. 767 00:54:26,590 --> 00:54:30,330 And what the security researcher found was that this was just a huge XML file-- 768 00:54:30,330 --> 00:54:33,810 a huge text file--sitting in people's iTunes software, 769 00:54:33,810 --> 00:54:35,400 and if you were just a little bit curious, 770 00:54:35,400 --> 00:54:38,990 you could go poking around your spouse's history, your roommate's history, 771 00:54:38,990 --> 00:54:41,050 your sibling's history and the like, 772 00:54:41,050 --> 00:54:44,590 and thanks to some free software, you could plot all of these GPS coordinates-- 773 00:54:44,590 --> 00:54:46,590 latitude and longitude. 774 00:54:46,590 --> 00:54:48,590 >> So, I actually did this with my own phone. 775 00:54:48,590 --> 00:54:51,210 I plugged in my phone, and sure enough, my version of iTunes was not encrypted at the time, 776 00:54:51,210 --> 00:54:53,900 and what I was able to see were my own patterns. 777 00:54:53,900 --> 00:54:56,970 Here's the United States and each of these blue circles represents 778 00:54:56,970 --> 00:55:01,670 where I happened to have been over those previous months of owning this particular phone. 779 00:55:01,670 --> 00:55:04,940 I spend a lot of time, of course, up in the Northeast, a little time in California, 780 00:55:04,940 --> 00:55:08,690 a short-lived trip to Texas, and if you then zoom in on this-- 781 00:55:08,690 --> 00:55:11,120 this is all sort of fine and interesting, but I knew this. 782 00:55:11,120 --> 00:55:13,890 Most of my friends knew this, but if you dive in deeper, 783 00:55:13,890 --> 00:55:17,090 you see where I spend most of my time in the Northeast. 784 00:55:17,090 --> 00:55:20,330 If you latch onto some familiar-looking towns-- 785 00:55:20,330 --> 00:55:24,670 this big, blue ink splotch is essentially centered over Boston, 786 00:55:24,670 --> 00:55:29,510 and then I spend a little bit of time out in the suburbs radiating out from Boston. 787 00:55:29,510 --> 00:55:32,780 But I was also doing quite a bit of consulting that year. 788 00:55:32,780 --> 00:55:36,090 And this year is the eastern seaboard, and you can actually see me 789 00:55:36,090 --> 00:55:41,920 and my iPhone in my pocket traveling back and forth between Boston and New York 790 00:55:41,920 --> 00:55:47,510 and Philadelphia further down, as well as spending a little bit of vacation time 791 00:55:47,510 --> 00:55:50,340 on the Cape, which is the little arm out there. 792 00:55:50,340 --> 00:55:53,030 So, each one of these dots represents some place I had been, 793 00:55:53,030 --> 00:55:56,970 and completely unbeknownst to me, this entire history was just sitting there 794 00:55:56,970 --> 00:55:58,410 on my desktop computer. 795 00:55:58,410 --> 00:56:00,470 If you zoom out--this actually was a little troubling. 796 00:56:00,470 --> 00:56:04,190 I had no recollection of ever having been in Pennsylvania that particular year. 797 00:56:04,190 --> 00:56:07,840 But I though a little harder about it and I figured out, oh, it was in fact that trip 798 00:56:07,840 --> 00:56:11,160 and sure enough, my phone had caught me. 799 00:56:11,160 --> 00:56:14,180 >> Apple has since encrypted this information, 800 00:56:14,180 --> 00:56:17,380 but this too is just testament to how much information is being collected about us, 801 00:56:17,380 --> 00:56:20,850 and how easily--for better or for worse--it's acceptable. 802 00:56:20,850 --> 00:56:23,340 One of the take-aways hopefully from Rob's talk, from Nate's talk 803 00:56:23,340 --> 00:56:27,370 and little visuals like this today is just to be all the more cognizant of this 804 00:56:27,370 --> 00:56:31,160 so that even though--as to Rob's point--we're sort of screwed, right? 805 00:56:31,160 --> 00:56:33,920 There's not much we can do when it comes to some of these threats, 806 00:56:33,920 --> 00:56:37,130 but at the end of the day we have to trust something or someone 807 00:56:37,130 --> 00:56:38,510 if we want to actually use these technologies. 808 00:56:38,510 --> 00:56:43,150 At least we can be making informed decisions and calculated decisions whether or not 809 00:56:43,150 --> 00:56:46,390 we should actually be checking this particularly sensitive account 810 00:56:46,390 --> 00:56:49,330 or we should actually be sending that slightly suspect instant message 811 00:56:49,330 --> 00:56:52,180 in a wi-fi environment like this. 812 00:56:52,180 --> 00:56:54,990 >> So, with that said, just one quiz remains, one lecture remains. 813 00:56:54,990 --> 00:56:57,740 We'll see you on Wednesday then Monday. 814 00:56:57,740 --> 00:57:02,100 (applause and cheers) 815 00:57:02,100 --> 00:57:06,100 [CS50TV]