This is the archived Spring 2015 version of the course. For the most recent version, see

Class 12: Mostly About Superfish

Posted: Mon 23 February 2015


  • Quiz 2 will be in class on Wednesday, 25 February. It will be similar in length, format, and content to Quiz 1 (except will cover material from the beginning of the class through Class 10).

  • Project 2 Part 2 starts now! Read the rules carefully to understand what is within scope for this, and please ask for clarifications before doing anything questionable.

Note: due to a bug in slideshare's updated player, ink markings no longer appear in the viewer.
If you download the slides, they are present though. Hopefully, the player will be fixed someday.


Bitcoin Difficulty increased yesterday!: 46684376316

This invalidates our results from the previous class about the SP20 miner being profitable (with our assumption about 5% difficulty increase per month).

PointCoin's difficulty rate reveals something about when students got their miners working, and about how EC2 throttles micro instances:


Here are some articles about superfish:

Komodia/Superfish SSL Validation is Broken, Filippo Valsorda
Extracting the SuperFish certificate, Robert Graham
Lenovo Under Sustained Man in Middle Management Attack, Josh Cincinatti
You Had One Job, Lenovo, David Auerbach, Slate

SSL Warings

Adrienne Felt's work on SSL warnings in Chrome browser:
Improving SSL Warnings (talk slides)
Improving SSL Warnings: Comprehension and Adherence
Experimenting At Scale With Google Chrome's SSL Warning
You can also see her old page about the work she did at UVa: Privacy Protection for Social Network APIs.