Online Learning: Free Lecture Courses on Data Communications, Networking, Cryptography and Computer Security

I've been meaning to bring these resources together into a post for some time now.  There are a ridiculous number of free university level courses on communications, networking, cryptography and computer security available online.  Here are some of the better courses, lectures and video tutorials that I've come across over the last six months, all of which are appropriate for people who are looking for in depth introductions to these fields, or more experienced folks who would like a refresher on the fundamentals.

Lecture Series

Steve Gordon's Lecture Courses
Steve Gordon is an Associate Professor at Sirindhorn International Institute of Technology (SIIT), Thammasat University, Thailand.  On his Youtube page, you can find four complete lecture series on Security and Cryptography, IT Security, Data Communications and Networks, and Internet Technologies and Applications

•  Introduction to Cryptography
Christof Paar, a Professor at Ruhr University, Bochum Germany, provides an introduction to modern cryptography in this series of 24 lectures. 

•  Cryptography and Network Security
Prof. D. Mukhopadhyay, from the Department of Computer Science and Engineering at the Indian Institute of Technology provides a broad introduction to Cryptography and Network security in this series of 41 lectures.  Production quality could be better, but the video lectures are substantive in nature.

•  Computer System Engineering
This undergraduate course, taught by Prof. Robert Morris and Prof. Samuel Madden from MIT, covers the basics of networking and computer security.  The first few lectures are not available.  But the units on networking and cryptography are available in full beginning with lecture 9.  

•  Fundamentals of Computer Networking 
This series contains over 30 lectures by Professor Parviz Kermani Department of Electrical & Computer Engineering at Manhattan College, and provides an in depth introduction to the basics of computer networking.

Miscellaneous Video

•  Whitfield Diffie on the History of Public Key Cryptography
•  Google Tech Talks on Cryptography (Assorted lectures and seminars from the Google Tech Talk series relating to cryptography and computer security)
•  Intro to Network Scanning (Basic introduction to network scanning tools)
•  Intro to Pentesting (10 short tutorials)

British and US Spy Agencies Compromise Yahoo Chat

It needs to be said: the actions of intelligence agencies such as the NSA and the British GCHQ amount to an act of war against innocent civilian populations around the world.  This brings their actions into line with the definition of terrorism, the use of force or the threat of the use of force against civilian populations to achieve political ends.  It is time for people to stand up and call these government agencies out for what they are: state sponsored terrorist groups.  From The Guardian:
Britain's surveillance agency GCHQ, with aid from the US National Security internet users not suspected of wrongdoing, secret documents reveal.
Agency, intercepted and stored the webcam images of millions of GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of "a whole new level of violation of our users' privacy".

Outernet: Project Seeks to Create Worldwide Free Satellite Internet

From Outernet:
Outernet connects everyone around the globe.
There are more computing devices in the world than people, yet only 60% of the global population has access to the wealth of knowledge found on the Internet. The price of smartphones and tablets is dropping year after year, but the price of data in many parts of the world continues to be unaffordable for the majority of global citizens. In some places, such as rural areas and remote regions, cell towers and Internet cables simply don't exist. The primary objective of the Outernet is to bridge the global information divide.
Broadcasting data allows citizens to reduce their reliance on costly Internet data plans in places where monthly fees are too expensive for average citizens. And offering continuously updated web content from space bypasses censorship of the Internet. An additional benefit of a unidirectional information network is the creation of a global notification system during emergencies and natural disasters.
Access to knowledge and information is a human right and Outernet will guarantee this right by taking a practical approach to information delivery. By transmitting digital content to mobile devices, simple antennae, and existing satellite dishes, a basic level of news, information, education, and entertainment will be available to all of humanity.
Although Outernet's near-term goal is to provide the entire world with broadcast data, the long-term vision includes the addition of two-way Internet access for everyone. For free.

Snowden Drip: Government Funded Character Assassination Squads Rampant Online

From The Intercept:
One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.
Over the last several weeks, I worked with NBC News to publish a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”
By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.
Follow the link for all the gory details.  Here's a sample slide from the leaked document:

Voice Chat App Aids Anti-Government Uprisings Across the World

From Defense One:
Entrepreneur Bill Moore was in his Austin, Texas, office last Thursday, watching explosive growth for his company’s walkie-talkpublic dissatisfaction over crime and multiple other factors.
ie app, Zello, inside Venezuela. Zello had become the favorite app of protest organizers there after recently hitting the mark as the most popular app in Ukraine. Over the past few days in Venezuela, the protests ballooned following rapidly rising food prices, controversy over President Nicolas Maduro’s economic policies,
Moore was finding that in Venezuela that popularity had a price. Shortly after 9 p.m., his Twitter feed blew up with messages from users inside the country. The government-owned Internet service provider, CANTV, which hosts 90 percent of Venezuela’s Internet traffic, was blocking the app as well as access to Zello’s website. Downloads were dropping off considerably.
Check out Zello here.

Goto Fail: Apple iOS Bug Compromises SSL, Opens Vector for Attackers

From ZDNet:
Apple on Friday revealed a major SSL (Secure Socket Layer) vulnerability in
its software that affects all devices, allowing hackers to intercept and alter communications such as email and login credentials for countless Apple hardware users.

A new version of Apple's iOS for its tablets and phones was rushed out the door Friday to patch the vulnerability, wherein its mobile, tablet and desktop software is not doing SSL/TLS hostname checking — communications meant to be encrypted, are not.

The patch has only been issued for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation).

Security researchers across several communities believe that Mac computers are even more exposed, as they are currently left hanging without a patch.
Imperial Violet has details on the bug itself:

So here's the Apple bug:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
 OSStatus        err;

 if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
  goto fail;
 if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
  goto fail;
  goto fail;
 if ((err =, &hashOut)) != 0)
  goto fail;

 return err;
(Quoted from Apple's published source code.)
Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn't conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.
If you're worried your system may be affected, follow the link above to Imperial Violent, who has created a tool to do a quick check.

Massive Data Breach at University of Maryland

Governments, corporations, educational institutions, all of them completely incompetent when it comes to basic data security.  This is going to be a headache for a lot of people.  From Malwarebytes:
The University of Maryland (UMD) said it was the victim of a recent cyberattack, according to their statement released Wednesday. In the letter, UMD President Wallace D. Loh said he was informed of the breach yesterday evening by Brian Voss, the Vice President of Information Technology at the university.

“A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel,” Dr. Loh said. “The records included name, Social Security number, date of birth, and University identification number.”