1)
a) The -U flag ...
   1 Mark for part of "() ... passwd"
b) 1 Mark for each of ...
   - User-Agent environment variable is set to ...
   - Then creates a subshell to run shellshock.cgi with User-Agent exported to the subshell
   - User-Agent is interpreted as a function so the definition is executed
     leading to the latter part, after 
        () { :;} 
     being executed
   - this creates an http response, sending headers and body consisting of
     the contents of /etc/passwd, sent through Apache and back to the client

2) 1 Mark for each of 
   p - find pre-image for hashes (from passwords), offline
       combine /etc/passwd and /etc/shadow
   w - wordlist = password list+mangling rules
   s - single crack - user info+mangling rules
   i - incremental - brute force
   r - rules - what are they

3) 1 Mark for each to a max of 5
   o - online
   b - brute force
   d - dictionary attack
   p - can attack via many protocols
   p - parallel - can target single / multiple machines
   c - some misc comparison, speed of attempts to hide attack

4) Marks for each type of answer, each converted to a mark out of 3

   SYN Flood
      s - syn (.5 marks)
      sa - syn-ack (.5 marks)
      na - no ack (1 mark)
      r - wait/uses resources (1 mark)

   slowloris
      w - webserver attack or attack involves http requests
      m - many simultaneous connections
      s - slowly send headers to keep connection open
      r - uses up open connections so other clients can't 
          connect (vs bandwidth/memory etc)

          .5 for r if just say 'resources'
           1 for r if some notion of maximum open connections in web server

   DNS Flood 
      s - simultaneous
      d - dns requests to dns server
      t - target is DNS server

   DNS Amp 
      s - spoof target
      s - send simultaneous DNS requests
      d - to dns servers
      t - multiple DNS servers respond to target, use up targets resources

   RUDY
      w - webserver 
      p - post field
      l - large content
      s - 1 byte at a time slowly send body
      m multiple simultaneous requests

   SMURF
      s - spoofed ip
      b - on broadcast network
      i - icmp requests
      f - servers flood target with responses

5) 1 mark for discussing each of the following
  file 
  dtd
  all
  send
  sum up
  -1 for wrong sequence, lack of details

6) 
   Purpose:
   1 mark for something reasonable

   Protocol 
   p - alice chooses prime p
   > - restriction on prime wrt m1 and m2, p>m1+m2
   q - q1,q2 random ints
   c - compute c1, c2 as ci=mi+p*qi
       then send to Bob
   + - bob computes c1+c2, sends to alice
   r - alice recovers m1+m2 by (c1+c2)%p

   1 mark for each of the above 
   then -1 for total out of 5

7) Marks out of 7 then mapped back to mark out of 5
   Explain: read(a+read(b))
      r - read memory location 100 -> value *
      r - read memory location (2000+value) **
      c - cache **, this is an important point, caching * won't help
      s - segfault

   Attacker then determines timing
      t - timing attack
      r - read (2000), ..., read(2255) ***
      r - recover read(100) based on timing: 
          value is v such that read(2000+v) in *** is fastest
   
   7 -> 5
   6 -> 4.5
   5 -> 3.5
   4 -> 3
   3 -> 2
   2 -> 1.5
   1 -> 1

8) 3 marks for each of the two. 3 marks for something reasonable. 
   Typically everyong got 3/3 for each of the parts on this.