# Computer Security - lesson 17
#### Stefano Zanero
###### 16 June 2016

# SSL Security

## New protocol adoption
Every time a new protocol needs to be adopted, it is a critical problem the critical mass question.
This can be a major problem for startups/business plans that aim to replace a big player
with a new, better system.

## SSL
__Phases__:
- cipher suite + random data
- certificate verification
- pre-master key exchange
- pre-master key encryption (and optional signing)

The signing of the master key by the user authenticates it but it is an optional feature
and nobody uses it (99%) so the majority of the times the client is not authenticated.

The exchange of random data in SSL is used to ensure __freshness__ of the communication,
that is used to avoid __replay attacks__ in which a malicious server replays the
exact messages of an old communication and establishes a connection.

### Man in the middle
A simple man in the middle attack can't get the content of a connection because it doesn't 
know the server private key.

## SET system
Meant to protect __transactions__ not __connections__

SET story was used by VISA and MasterCard to give the resposibility of transaction frauds
entirely to merchants, because they offered a secure alternative but the merchants
decided it was not economically convenient to adopt.

# Malware

Categories:
- Virus: is not an executable but a piece of code able to infect programs and self propagate
- Worm: is an executable for of virus
- Trojan Horse: Is a program that seems useful or innocent but hides malicious behaviour
like creation of remote access.