Free Software and Information Security
Class Outline and Teaching Materials

1. Linux Recap

  1. Run ubuntu-based OS in your browser
  2. Run linux bash terminal in your browser
  3. Creating your own UEFI bootable USB
  4. virtualbox
  5. linux beginner guides: GUIfile managerbasic tools

2. Security of Mobile Phones

  1. Why not iPhone? Juice Jacking, [graphic explanation], find my, always on
  2. Mobile privacy advices
  3. Android-x86
  4. f-droidosmand
  5. adb
  6. scrcpy
  7. primitive ftpd
  8. mitmproxy

3. Theoretical Backgrounds

  1. Cryptographic Hash functions: TutorialsPoint, CoalFire, synopsys, Alexis Rodriguez, salt in /etc/shadow, Greg's Notes (zh_TW), [most popular passwords, rainbow table: CSO, wikipedia ]
  2. asymmetric encryption: Greg's Notes (zh_TW), SavvySecurity, Infosec Insights, USNA,
  3. digital signature: wizardforce1, OpenLearn, auth0,
  4. supplementary notes: RSA basics, How RSA Works With Examples, iMessage vulnerable to MitM attack
  5. privacy concepts
  6. cryptocurrency and blockchains: Greg's Slides (zh_TW), Jimi S.'s intro series incl. terminology / transaction: btc wiki, ResearchGate / PoW, PoS, PoA / ethereum block time and EVM / token vs coin /
  7. blockchain bridges: Berenzon, Sidhu, cryptonews, Whiteboard Crypto / Polkadot, Solana "wormhole",

4. Security of Desktop Computers and Laptops

  1. Giving up convenience in exchange for security: live CD + slim browsers lynx/w3m/dillo
  2. browser fingerprinting (canvas fingerprinting, panopticlick) / cross device tracking e.g. "audio beacon"
  3. Firefox security: ublock origin and privacy badgerNoScript, and other extensions
  4. firefox master password, where do firefox and chromium store passwords?
  5. how does ssh work, ssh keys
  6. vnc, novnc, SSL, (zh_TW: vnc, ssh tunnel, novnc )
  7. reverse ssh tunnel ( zh_TW)
  8. GnuPG: Searching, devdungeon, digitalocean (zh_TW: GnuPG)
  9. mailvelope (zh_TW)
  10. How the RSA "Dual EC DRBG" backdoor works
  11. Finfisher
  12. Rootkit in Your Laptop / Intel ME Secrets / Libreboot FAQ
  13. steganography (zh_TW)
  14. backup vs wiping out data (ps. gmail backup)
  15. digital forensics

5. Security of Servers

  1. securing ssh (zh_TW)
  2. fail2ban
  3. single packet authorization
  4. Certtool generation
  5. raspberry pi "door god"

5. Conclusions

  1. TED talk: I love Cyber Security - Tom Hofmann
  2. suggestions for personal security and privacy
  3. TED talk: The Security Mirage - Bruce Schneier

(back to course homepage)