CNT 5605
Syllabus, lectures, and other materials — Fall 2018

NOTE: Due to Hurricane Michael, your midterm has been rescheduled to October 25.



Assignment 1, due Wednesday September 12 by 11:59pm

Assignment 3, lab day Thursday, September 13

LFS 8.3 kickoff

LFS 8.3 through Chapter 5 (due by October 9)

LFS 8.3 completion (due by October 23)

Assignment 7 (due by November 15)

Class Notes


Understanding Linux userland at the lowest level

Building Blocks

Boot time

Building the process tree

Building the process tree

uid == 0

uid > 0



The real world

Other Material


A simple program to display parent/child fork(2) information.

A small program to display parent/multiple children fork(2) information.

Extended Attributes in Ext4

Email lists, newsgroups, RSS feeds, and so forth

I highly recommend reading comp.risks (you can read it in rdf format at, or via email --- instructions are at or adding its RSS feed at to your feed browser. Also, you might want to join the FSU Nolenet mailing list.

The Evolution of the Unix Time-sharing System

Open Sources: Voices from the Open Source Revolution; Appendix A, The Tanenbaum-Torvalds Debate

The Art of Unix Programming

   Network Warrior, 2nd edition
   by Gary A. Donahue
   Publisher: O'Reilly
   Pub Date: 2011
   Print ISBN-13: 978-1-449-38786

2008-06-09: An Email about a SAN here at FSU: SAN Issue -- root cause explanation

2008-06-09: An Email about a Mailman problem here at FSU: Mailman problem

2008-06-11: An Email about a ClamAV problem with respect to Selinux: ClamAV/Selinux problem

2008-06-16: Morgan Stanley and AFS: When Your Business Depends On It: The Evolution of a Global File System for a Global Enterprise

2008-06-27: 2008 article on top-level domains in the New York Times: New Flavors for Addresses on the Web Are on the Way

[ 2010-08-23: So, where are we at with the above article? Current List of Internet Top Level Domains ]

2008-07-07: Article on consumer views of service downtimes in the New York Times: As Web Traffic Grows, Crashes Take Bigger Toll

2008-07-09: Article on patching DNS flaw: Vendors form alliance to fix DNS poisoning flaw

2008-07-09: DNS patches prove fatal for some software: MS DNS patch snuffs net connection for ZoneAlarm users

2008-08-08: Press release from Dr. Bernstein on DNS cache poisoning: DNS still vulnerable, Bernstein says

2008-08-11: Plastic Keys to Physical Locks: Researchers Crack Medeco High-Security Locks With Plastic Keys

2008-08-20: An Email about an administrator failing to set permanent state after setting temporary state: Blocked Hosts List?

2008-08-22: An Email about an intrusion at Redhat's Fedora: Infrastructure report, 2008-08-22 UTC 1200

2009-01-05: Backup woes: Hard Lessons in the Importance of Backups: JournalSpace Wiped Out

2009-01-22: NSA Selinux link:

2009-02-10: Data breach at FAA: FAA reports 45,000 data records pilfered from server

2009-03-06: Finally, a vulnerability found in DJBDNS: Security Issue in DJBDNS Confirmed

2009-03-06: And a second vulnerability also found in DJBDNS: Rapid DNS Poisoning in DJBDNS

2009-04-01: Spam Back to 94% of All E-Mail

2009-04-06: Carbonite loses customer backups, sues Promise Technology

2009-05-15: Backup woes at Avsim: Hackers 'destroy' flight sim site

2009-05-20: Microsoft IIS hole fells university server

2009-05-21: Microsoft IIS6 bug exposes sensitive files sans password

2009-07-15: U.S. Postal Service Gives Stamp of Approval to FOSS

2009-07-15: DHCP server can take over client

2009-07-21: Open-source firmware vuln exposes wireless routers

2009-07-23: Adobe Flash woes: New attacks exploit vuln in (fully-patched) Adobe Flash

2009-07-29: Major BIND bug: BIND crash bug prompts urgent update call

2009-07-29: FSU's response to the BIND bug: [Nolenet] DNS server code upgraded

2009-07-30: Data Exposure in the U.S. government: US Congress probes accidental top secret file sharing

2009-07-30: Hardware security: Intel warns over bare-metal BIOS bug

2009-07-31: DNS: Wildcard certificate spoofs web authentication

2009-07-31: iPhone: How To Hijack 'Every iPhone In The World'

2009-07-31: Fun with NULL pointers, part 1

2009-08-31: Warming server rooms: Intel says data centers much too cold: Frozen assets a waste of cash

2009-08-31: IIS bug gives attackers complete server control

2009-09-02: Why Gmail Failed Today

2009-09-09: Microsoft confirms critical unpatched Vista, Windows 7 RC bug

2009-09-09: Windows unpatchable: Microsoft: Patching Windows 2000 'infeasible'

2009-09-16: The Curious Case of the Failing Connections, The Curious Case of the Failing Connections, Part 2

2009-10-07: A practical example of why you do not want to still be using 512-bit RSA keys: TI-83 Plus OS Signing Key Cracked

2009-10-12: Linux saves Aussie electrical grid

2009-10-16: Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack

2009-12-04: Test setup leaks into production: Bing dies (briefly) after Microsoft hits wrong button

2010-08-23: Why RAID 5 stops working in 2009

2010-09-01: Microsoft releases FixIt for critical flaw in 100 apps

2010-09-07: Part one of Doomsday Weekend: who can you trust?

2010-09-07: A series of disorderly events

2010-09-08: DNSSEC versus DNSCurve OpenDNS adopts DNSCurve

2010-09-15: Stuxnet attackers used 4 Windows zero-day exploits

2010-09-16: Intel eats crow on software RAID

2010-09-20: Siemens: Stuxnet worm hit industrial systems

2010-09-21: PostgreSQL 9.0 is now available

PSN was running on unpatched Apache server with no firewall .

2011-05-10: Why Sony's PSN problem won't take down cloud computing

2011-05-10: Summary of the Amazon EC2 and Amazon RDS Service Disruption in the US East Region

2011-05-10: Global CIO: Why The Amazon Cloud Outage Is Irrelevant

2011-06-06: How a cheap graphics card could crack your password in under a second

2011-08-02: Anatomy of a Unix breach

2011-08-30: Fixing a CGI-like Script

2011-09-12: Rent-a-Bot Networks Tied to TDSS Botnet

2011-11-04: Chaos Computer Club analyzes government malware

2011-11-14: Et tu, Boeing? FACT CHECK: SCADA Systems Are Online Now

2011-11-14: Underground call-centre for identity theft uncovered by security researchers

2011-11-14: The Dark Side Of Biometrics: 9 Million Israelis' Hacked Info Hits The Web

2011-11-14: The Underground Economy of Fake Antivirus Software (PDF)

2011-11-14: The Perfect Scam

2011-11-14: Who killed the fake-antivirus business?

2011-11-14: Russian police take a bite out of online crime

2011-11-28: Japan's continuing cybersecurity problems: Upper House confirms falling victim to cyber-attacks

2011-11-28: Japan's continuing cybersecurity problems: Only 45% of lawmakers changed passwords after cyber-attack

2011-11-30: Carrier IQ saga: Carrier IQ Tries to Silence Security Research Exposing Its Rootkit, gets Pinned Down by the EFF

2011-11-30: Carrier IQ saga: The Rootkit Of All Evil — CIQ

2011-11-30: Carrier IQ saga: Carrier IQ Tries to Censor Research With Baseless Legal Threat

2011-11-30: Carrier IQ saga: Smartphone Invader Tracks Your Every Move

2011-11-30: Carrier IQ saga: CarrierIQ

2011-11-30: Carrier IQ saga: Proof Published that Carrier IQ is Recording Key Presses and Location Data

2011-11-30: Carrier IQ saga: The Storm Is Not Over Yet — Lets Talk About #CIQ

2012-04-19: OpenSSL flaw

2012-06-11: US Navy buys Linux to guide drone fleet

2012-08-31: Finspy: Software Meant to Fight Crime Is Used to Spy on Dissidents

2012-08-31: Finspy: Egypt, FinFisher Intrusion Tools and Ethics

2012-08-31: Finspy: From Bahrain With Love: FinFisher’s Spy Kit Exposed?

2012-08-31: Finspy: The SmartPhone Who Loved Me: FinFisher Goes Mobile?

2012-09-24: DNT: Why Do Not Track is worse than a miserable failure

2013-01-16: "Red October" Diplomatic Cyber Attacks Investigation

2013-02-18: U.S. said to be target of massive cyber-espionage campaign

2013-02-20: APT1: Exposing One of China's Cyber Espionage Units

2013-02-25: Code certificate laissez-faire leads to banking Trojans

2013-03-04: Where Apps Meet Work, Secret Data Is at Risk

2013-03-22: How whitehats stopped the DDoS attack that knocked Spamhaus offline

2013-04-08: How a banner ad for H&R Block appeared on - without Apple's OK

2013-05-14: The Case of the 500 Mile Email

2013-05-16: Network outage here at FSU

2013-07-11: US agency baffled by modern technology, destroys mice to get rid of viruses

2013-07-11: Netragard's Hacker Interface Device (HID).

2013-07-16: Fraudsters trick people into handing over cards on doorstep

2013-08-01: Trusting iPhones plugged into bogus chargers get a dose of malware

2013-08-26: The Guardian's NSA Files collection of articles (also related, The Guardian's general NSA keyword articles)

2013-08-26: They Know Much More Than You Think

2013-08-27: Snowden Interview

2013-08-27: Viewing PRISM: XKEYSCORE

2013-09-10: The NSA Is Breaking Most Encryption on the Internet

2013-09-10: NSA Foils Much Internet Encryption

2013-09-10: The NSA's Secret Campaign to Crack, Undermine Internet Security

2013-09-10: Revealed: how US and UK spy agencies defeat internet privacy and security

2013-09-10: The Factoring Dead: Preparing for the Cryptopocalypse

2013-09-10: How Advanced Is the NSA's Cryptanalysis—And Can We Resist It?

2013-09-10: A Few Thoughts on Cryptographic Engineering

2013-09-10: New Snowden Documents Show NSA Deemed Google Networks a "Target"

2013-09-24: The iPhone 5s Touch ID hack in detail

2013-09-26: UEFI Boot to Zork

2013-09-30: Meet the Machines that Steal Your Phone's Data

2013-10-10: A Computer Infection That Can Never Be Cured

2013-10-10: The Next Frontier of Password Cracking

2013-10-17: Analysis of the HTTPS Certificate Ecosystem

2013-10-22: The Privacy Challenges of Big Data: A View from the Lifeguard's Chair

2013-10-22: Experian Sold Consumer Data to ID Theft Service

2013-10-31: Meet "badBIOS," the mysterious Mac and PC malware that jumps airgaps

2013-10-31: The DEFCON21 Social Engineer Capture The Flag Report (PDF)

2013-11-01: Just Six People Got Insurance Through on Day One

2013-11-05: Top 100 Adobe passwords

2014-01-09: NSA ANT document in PDF format (rough OCR has been applied)

2014-01-09: The Danger of Rogue System Administrators

2014-01-09: NSA Codenames

2014-01-09: A new Dual EC DRBG flaw

2014-01-23: A First Look at the Target Intrusion, Malware

2014-01-23: Bluetooth Hackers Allegedly Skimmed Millions Via Gas Stations

2014-01-28: Spy Agencies Probe Angry Birds and Other Apps for Personal Data

2014-02-05: 7 Die in Fire Destroying Argentine Bank Archives

2014-05-13: Analyzing Forged SSL Certificates in the Wild

2014-05-13: Feds: Sailor hacked Navy network while aboard nuclear aircraft carrier

2014-05-22: The Naming of Hosts Is a Difficult Matter

2014-06-03: Filing by Computer: A Pillow Helped

2014-06-25: Mathematicians Discuss the Snowden Revelations

2014-07-22: Mayhem

2014-08-26: Protecting processes from a hostile operating system: Virtual Ghost

2014-09-11: Execute in Place

2014-09-11: Supporting filesystems in persistent memory

2014-09-25: The Astonishing Story of the Federal Reserve on 9-11

2014-10-16: The human element: Core Secrets: NSA Saboteurs in China and Germany

2014-10-20: Kickstarter pulls Anonabox, a Tor-enabled router that raised over $585,000

2014-10-20: Report: Cybercrime costs US $12.7M a year

2014-11-05: "The Devil had possessed his netbook" — and other tales of IT terror

2014-11-19: Unscheduled Windows update kills critical security bug under active attack

2014-11-19: It's A Return To The Azure-Alypse — Microsoft Azure Suffers Global Outage

2014-11-20: Update on Azure Storage Service Interruption

2015-09-28: Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud


2015-10-26: Google Cloud Brownout Fix Forget Some Servers

Nerves rattled by highly suspicious Windows Update delivered worldwide

Internet of Things Poses Opportunities for Cyber Crime

File Says N.S.A. Found Way to Replace Email Program

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

2016-05-11: Building and Scaling Fastly Network

2016-05-11: Bangladesh Bank Woes

2016-05-13: Salesforce outage

2016-05-13: Open Source Should Not Imply Live Access

2016-06-08: Ransomware at University Calgary

2016-06-08: University statement

2016-06-10: Microsoft's Compiler Shenanigans (also see the classic Thompson "Trusting Trust" paper)

2016-07-15: HTTP 2 in the real world

2016-07-15: Cybercrime over takes traditional crime in the United Kingdom

2016-07-15: Linux kernel insecurity

2016-07-20: Five million Danish ID numbers sent to Chinese firm by mistake

2016-07-20: Regex woes

2016-09-07: House of Keys

2016-09-12: FTP Servers mint money

2016-09-22: Github Load Balancer

2016-10-08: Strange Loop — IP Spoofing

2016-10-26: A low-level kernel hibernation bug hunt

2016-10-26: IOT

2016-10-31: Senator Prods Federal Agencies on IOT Mess

2016-11-10: Vlany LD_PRELOAD rootkit

2016-11-16: Truly impressive USB attack

2016-11-16: VLANY, LD_PRELOAD attack strategy

2016-11-16: Cryptpad

2017-05-15: Two days after WCRY worm, Microsoft decries exploit stockpiling by governments

2017-05-16: Efficient Memory Disaggregation with Inifiswap (courtesy of "The Morning Paper")

2017-05-22: HTTPS on Stack Overflow

2017-06-15: I Know What You Did Last Summer — in the Cloud

2017-06-21: Fuzzing node.js

2017-06-21: Gray Failure

2017-07-04: IoT Goes Nuclear: Creating a ZigBee Chain Reaction

2017-07-24: Swedish data leak

Links to look at on an ongoing basis: