Profile

jledoux profile image

jledoux

Student

  • 5 reviews
  • 5 completed
Content 
Instructor 
Provider 
First, the professor gets 4 stars in my book, but the course gets 2. He really tried to listen to students and was really responsive in improving the course and getting feedback. But the aim of the course was too loosely defined and honestly I feel I learned next to nothing besides some malware jargon taking the course and a brief overview of the extent of malware out there. To really understand malware, you have to really understand the machine language code, operating system, and all the internals. You need to do a lot of programming and really get it. E.g., assembly can't be learned in half a lecture by walking through one example. So you don't really learn or practice anything in this course, you just get a first exposure to a bunch of topics. The first lectures were bad format-wise, as it was the prof going through a powerpoint slide, without the powerpoint slide only being zoomed in briefly barely long enough to read. Granted this was adjusted after student complaints. There's no book or further source to look up. The quiz questions just contained random factoids from the lectures or recommended readings -- which were just a collection of academic papers (not really at the appropriate level for the course). The factoids don't have enough of a basis for you to really grok, so you just end up regurgitating a few facts. E.g., at "the bottom of the kernel stack points to the current executing thread" or China's malware forums are on Baidu and QQ or the main target of phishing in China according in 2011 according to APAC was "____" (and list the top four choices). Also the quiz questions never changed, making it really easy to get a perfect score in your three attempts. The one programming challenge took maybe 30 minutes (and most of that was just figuring out what format he wanted the answer in).
Content 
Instructor 
Provider 
Good course, my first udacity course (after taking several coursera ones). Loved the fact that I could just churn through it at my own pace (that is I finished the course in about one week). Best thing about the class were the challenge programming assignments and how he touched on very modern cryptographic concepts. Second best thing; unlike the coursera course, spends little to no time on formalism, but gets to interesting applications of crypto. So you don't learn about "semantic security" or "deterministic encryption" or the details of how symmetric encryption works (e.g., no Merkle- Damgard construction; no work through of AES). Instead, you get a good quick overview of stuff like if you had a symmetric block cipher here's how to combine it (CBC, CTR, CFB) mode, Diffie-Hellman, and (textbook) RSA. Then quickly jump into more advanced stuff like anonymous money (bitcoin), anonymous voting, anonymous routing (tor), blind signatures, breaking GSM, BEAST SSL attack, and secure multiparty communication. However, when going through many of these topics he doesn't always clearly define assumptions (who knows what information), threat model, power of attackers, etc. Worst thing about the class: vague quiz questions. First, all questions were videos reading a question to you aloud which is annoying format compared to being able to read the question with its assumptions explicitly on the same page as the answers when you try to answer. (Versus having to rewind). Next, the questions only accepted one answer, and were occasionally subjective, and even more rarely wrong (usually with an instructor's note at the bottom right of the page that's easy to miss). E.g., at one point the answer to three decimal digits was .327 and the system wouldn't accept "0.327" or "0.33", but you had to put in "0.32"; at another point a derivation there was a sign error and no options were correct. The answer often depends on unstated assumptions and that you have to watch a video to hear the question, versus seeing it written out with the assumptions actually spelled out. You just have to learn not to take the questions too seriously, and have no problem getting the vague/subjective ones wrong. Examples of bad questions include the first one in the course: "Which of these involve cryptology: Opening a door, playing poker, doing a google search, logging into udacity" (and the answer is all of them). I had skipped the intro video (where he spoke "opening a door with a key" (even though no key was written down) and that I'll buy when adding a key, that is cryptology. But playing poker does not by traditional definitions involve cryptology even though if it involves "secrets". Cryptology is the combination of cryptography (secret writing) and cryptanalysis (how to break cryptography without the key). Or another example, they do the standard proof by contradiction that there's no maximal prime and instead an infinite number. You first assume (wrongly) that you have a finite set of all primes. You multiply them all the primes together and add one to that (e.g., P = p1 p2 p3 ... pN +1) where p1 is the first prime, pN is the assumed maximal prime). At this point, the lecture stops and asks "is p prime?" Yes, No, or Maybe. The system would only accept "Yes" which has a perfectly logical argument (p is greater than the assumed largest prime pN; so it can't be prime as we've assumed all primes are smaller than pN). But you can also argue, that it must not have any divisors with your finite list of prime numbers (since p mod p_i = 1 for all p_i in your set and you would have p mod p_i = 0 work for some p_i if p was composite), and if a number is not divisible by any prime number less than itself, then it must be prime. So either option has a good argument behind it, but only one answer works. The problems involving the actual material often had similar issues from vaguness, poorly defined assumptions as well. Anyhow, overall great recommended course; take away 0.5 stars from vagueness of some questions and how assumptions about attacker/threat model were often left unstated.
Content 
Instructor 
Provider 
Good course. Assignments are pretty much college level, and fun. Learn things like (old-style) buffer overflow, basic reverse engineering, how to implement malloc, basics of assembly/gdb. Instructors are very good, though recommend speeding up Guillermo's lectures (20%) as he speaks slowly (but don't speed up Luis's). Really hope they follow up at some point with a Systems Programming or Operating Systems course. The biggest downside of this course was that they presented many challenges that were hard, there was a very long hard deadline so you could never discuss the answers or the best way to do something. (E.g., you needed to be able to do some challenges in less than say 8 operations for full credit - but some managed to do it in 6 operations -- what tricks were used?) Also like a normal course, the course work isn't 100% self-contained in the class -- e.g., you can watch the lectures and still have to experiment a bunch to figure it out.
Content 
Instructor 
Provider 
An awesome course. I signed up when the course was nearly over, so only watched the videos and took a few quizzes after the deadline, and downloaded some of the readings. Very engaging, well-produced, well-written lectures and very interesting content. Great for listening while say walking your dog, or commuting to work. (Versus say more mathematical courses where you have to follow equations, plots, etc.) Granted I have a feeling that some of the observed experimental effects aren't as strong as purported (e.g., effects of experimenting on elite college students or effects of subjects attempting to go along with what they perceive the experimenters desired results are).
Content 
Instructor 
Provider 
Awesome course. I've tried teaching myself RSA several times, but from this course it finally stuck and not just text-book RSA, but the real things (as well as El Gamal). It starts being a bit annoying that it seems he's being a stickler for things on the quizzes. E.g., a lot of quizzes rely on whether you remember and can functionally deal with the precise definitions for semantic security, perfect secrecy, trapdoor functions, etc. But it starts making sense later on, as you precisely define under what characteristics you have guaranteed security. The programming assignments are a lot of fun, though sadly there are only six assignments (e.g., much less than a real crypto course) and its strictly a bonus. E.g., do a padding oracle attack; or break RSA if p and q differ by less than N^(1/4). The content of the course is hard if you don't have any prior experience or a strong math background. However, the course is quite doable; e.g., you can take any exam multiple times (even the final -- though the questions/answers will vary slightly) and the programming assignments are optional. I wouldn't recommend the course if you don't have the programming skills to say take the XOR of two byte arrays.