Course Introduction:
	Syllabus
	Calendar
	Presentations

With the new cyber courses, this is shifting to "Secure Cyber Software Development"
	- We'll keep our eye on software development, basically
	- Other classes can cover other stuff
	
What might an attacker want to do?
	- Steal information
	- Cause problems
	- Have fun
	- Spread messages

The biggest problem:  Humans
	- They use bad passwords
		+ Side note:  XKCD and passwords
	- They lose things
		+ Or give them away
	- They accept bribes
		+ Bananna Bucks
	- They think of ways to make things more convenient
		+ Rogue AP
		+ Passwords taped to stuff
		+ Bringing work home
		+ Surfing the Internet
	- Or answer security questions correctly
		+ E-mail
	
Security often comes at the expense of usability
	- Unsecured WiFi is nice to use!
	- Delays for brute-force attack
	- Screen locking

It's the same in the physical world.
	- Remote car unlocking
	- Constant automatic locking
	- Just not locking ever, and math

Important question:  How valuable is the thing being secured?
	- WEP and credit cards

Useless security measures:
	- Very popular!
	- MAC address restrictions
	- Password restrictions
	- Frequent password changes for infrequently used systems

Black hat side
The grand prize:  Run a program on the target computer
How?
	- Java
	- Social Engineering
	- Viruses, worms, trojans
	- We can do anything.  Keylogger, botnet, break nuclear facilities, etc.

Also good:  Hijack an existing program
	- Buffer Overflows
	- SQL Injection
	- Maybe download and run a different program?

Maybe just the data?
	- Crack encryption
	- Intercept network traffic
	- Maybe the database will give it to us?

Or put something somewhere?
	- Recent twitter hack
	- CF Welcome Screen

If nothing else, maybe we can break it!
	- Denial of Service, in many forms
	
Things to attack:
	- Encryption (directly)
	- Encryption key exchange
	- Programs that open ports
		+ servers
	- Programs that receive data
		+ web browser
		+ TPS
		+ everything else
	- Hardware
		+ Wake on LAN
		+ This is uncommon
	
Easiest hack ever:  Just ask politely!
	+ SMTP
	+ Cell phone pictures
	+ Users who should know better
	+ Google

Unless we build a solid base, social measures are useless

Next time:  Encryption