TU Wien:Privacy-Enhancing Technologies VU (Weippl)/Final Exam 2017-12-11

Aus VoWi
Zur Navigation springen Zur Suche springen

1) how many roundtrips for handshake in TLS 1.2 ?

  • 1
  • 2
  • 3
  • 4


2) what was mirai ?

  • biggest ddos attack of all time
  • ddos attack with iot devices
  • ddos attack with ???
  • using default credentials


3) what problems are there with iot devices ?

  • hardcoded standard passwords
  • bad bluetooth security
  • irgendwas mit scharfen kanten ?
  • high power consumption


4) was sind die konsequenzen, wenn man seinen laptop mit gespeicherten private key für PGP verliert ?

  • nachdem ich kein passwort für den private key gespeichert habe, können angreifer alle alten nachrichten entschlüsseln und lesen
  • da ich ein backup gemacht habe wo auch der private key drauf ist -> kein problem
  • ich habe subkeys verwendet und kann mit dem master key den verlorenen private key revoken


5) PGP disadvantages ?

  • weak encryption
  • bad usability
  • no forward secrecy (entire history can be decrypted if one has the private key)


6) ultrasonic beacon (oder so ähnlich) attacks are used to:

  • identify users and track their profiles
  • find out what a certain user is watching on TV
  • <something stupid>
  • <something stupid>


7) who is in a good position to do website fingerprinting ?

  • internet service provider
  • local network admin
  • autonomous system (?)
  • ?


8) which of the following are true about supercookies ?

  • they are installed in many different locations on the device to make erasing difficult
  • they are good for privacy (oder so)
  • cookie resyncing is used to update the cookie content from one location to others (if they were removed there)
  • ?


9) what are the problems with privacy on mobile apps ?

  • ad services are often granted the same permissions as the app itself
  • location data is more accurate than on desktops
  • to make smartphones "pro-privacy", one needs to adjust / change the underlying operating system (rooting etc.)
  • <something about standard browser settings>


10) social networks...

  • facebook/twitter/... can track user activity outside their pages with social share buttons on external websites
  • by clicking "like" on an external website, facebook exactly knows when you visited this site
  • ?
  • ?

11) TLS_DHE_RSA_WITH_AES_256_CBC_SHA is using

  • ephemeral Diffie-Hellman for key exchange
  • SHA512 for hashing
  • AES in RSA mode
  • TLS as TLS cipher (or something like that)

12) browser fingerprinting

  • relies on the usage of cookes
  • ?
  • ?
  • ?
Abgerufen von „https://vowi.fsinf.at/index.php?title=TU_Wien:Privacy-Enhancing_Technologies_VU_(Weippl)/Final_Exam_2017-12-11&oldid=168282