Free Software and Information Security
Class Outline and Teaching Materials

Linux Recap

  1. Run ubuntu-based OS in your browser
  2. Run linux bash terminal in your browser
  3. Creating your own UEFI bootable USB
  4. virtualbox
  5. linux beginner guides: copy/paste by mouse or in terminal, virtual terminals, AltDrag, file manager (zh_TW), basic tools (zh_TW), inputrc,
  6. I/O redirection and pipe, regular expressions

Security of Mobile Phones

  1. Why not iPhone? Juice Jacking, [graphic explanation], find my, always on
  2. Mobile privacy advices
  3. f-droid, osmand
  4. adb + scrcpy
  5. primitive ftpd

Theoretical Backgrounds

  1. Cryptographic Hash functions: TutorialsPoint, CoalFire, synopsys, Alexis Rodriguez, salt in /etc/shadow, Greg's Notes (zh_TW), [most popular passwords, rainbow table: CSO, wikipedia ]
  2. asymmetric encryption: Greg's Notes (zh_TW), SavvySecurity, Infosec Insights, USNA,
  3. digital signature: wizardforce1, OpenLearn, auth0,
  4. supplementary notes: RSA basics, How RSA Works With Examples, iMessage vulnerable to MitM attack
  5. privacy concepts
  6. cryptocurrency and blockchains: Greg's Slides (zh_TW), Jimi S.'s intro series incl. terminology

Security of Desktop Computers and Laptops

  1. Giving up convenience in exchange for security: live CD + slim browsers lynx/w3m/dillo
  2. browser fingerprinting (canvas fingerprinting, panopticlick) / cross device tracking e.g. "audio beacon"
  3. Firefox security: ublock origin and privacy badger, facebook container, NoScript, and other extensions
  4. firefox master password, where do firefox and chromium store passwords?
  5. how does ssh work, ssh keys
  6. vnc, novnc, SSL, (zh_TW: vnc, ssh tunnel, novnc )
  7. reverse ssh tunnel, Forward and reverse SSH tunnels in pictures ( zh_TW)
  8. GnuPG: Searching, devdungeon, digitalocean (zh_TW: GnuPG)
  9. mailvelope (zh_TW)
  10. Backdoor stories: Dual EC DRBG, Finfisher, Rootkit in Your Laptop, Intel ME Secrets + Libreboot FAQ

A Brief Introduction to Virtualization

  1. virtualization terminologies
  2. kvm in 5 min, with UEFI
  3. virt-manager, zh_TW

Security of Servers

  1. securing ssh (zh_TW)
  2. fail2ban
  3. single packet authorization
  4. Certtool generation

Digital Forensics

  1. backup vs wiping out data
  2. gimp for digital forensics
  3. steganography (zh_TW)
  4. Wireshark Labs, decrypting https w/ wireshark
  5. mitmproxy

Conclusions

  1. TED talk: I love Cyber Security - Tom Hofmann
  2. suggestions for personal security and privacy
  3. TED talk: The Security Mirage - Bruce Schneier

(back to course homepage)