Monday, September 21, 2009

Lab 6

Venue : Makmal Sistem, Building FTMK.
Date : 10-9-2009
Time : 10.00 a.m. – 11.50 a.m.



After studying networking for almost three years finally I have the chance to get exposed to the topic related to hacking. To me hacking is a cool stuff and full of mystery sometimes. It allows people to bypass a network security without authority rights. As what I have known so far, hacking are characterised into two main types, they are white hat hacking (for good purposes only) and black hat hacking (for bad purposes). The title for the lab session this week was web application security.
Basically, we were using two tools to complete the tasks in this lab – WebGoat and WebScarab. WebGoat is a simulation toolkit used to demonstrate how we can exploit the vulnerabilities of a poorly design web application; while WebScarab is a tool designed for people who needs to expose to the workings of HTTP/ HTTPS based application. It is whether to allow the developer to debug for difficult problems or to allow the security specialist to identify vulnerabilities in the application.
After finished setup and configuring WebGoat and WebScarab, we started to do the tasks in the lab module. Basically, there were three tasks in the lab module. The tasks were about the top three web vulnerabilities based on OWASP – Cross site scripting (XSS), injection flaws and malicious file execution. XSS happens when a web application accept any input and sends it to a web browser without encoding the content.
Injection flaw like SQL injection will cause web application to run an SQL code that was not the intention of the application. The attacker might manipulate the SQL statement to perform the injection. The SQL query below is one of the examples that can be applied in PHP:
$sql = "SELECT * FROM table user WHERE id = '" .$_REQUEST['id'] . "'";

The attacker can manipulate the statement by adding ‘OR1=1 -- or OR ‘1'=’1’ --. It will return all the data from the table named user.

Finally, the last task was about Malicious File Execution. It is the web application vulnerabilities caused by failing to control application input. The lab this week was indeed very interesting, although we just practised it using simulation tool, if it is happened in real life, I guess it would not be so interesting any more. It makes me think that the web application was not very safe after all, who knows one of my accounts like facebook, Friendster, email and so on has been hacked before? If one day I want to become a hacker, I would go for white hat hacker for sure.
Posted by at No comments:

Program Security

Venue : BK7, Building FTMK.
Date : 9-9-2009
Time : 9.00 a.m. – 10.50 a.m.

The lecture for this week was about Program Security. Throughout this lecture, I have learnt several important facts about the security of a program such as the non-malicious errors, malicious code, control against the threats and so on. Basically, there are three types of non-malicious program error, and they are the buffer overflows, incomplete mediation – data exposed or uncontrolled and time of check to time of use. I would like to show some examples and give some brief explanations for each type of the non-malicious errors:

Types of error

Example/ Explanation

Buffer Overflows

Example: In C programming, instead of using strcpy(des, src), it would be better if we use strncpy(des, src, n).

Explanation: To copy a string from a source to its destination, the case for buffer overflow will occur if the array size for destination is smaller than the array size for its source. For instance:
src[10];
des[9];

The error will occur if we copy the whole string by using the coding strcpy(des, src). We can avoid the error by not copying the whole string, but just copying the string partially by using the coding strncpy(des, src, n). For example, strncpy(des, src, 7), where n = 7. In this case, we are copying the seven alphabets from the source (size = 10), to its destination (src = 9), so the buffer overflows can be prevented.

Incomplete Mediation

Example: The link below shows the use of get method in web application development:-
http://www.testing.com/order.asp?cutID=115&part=666&qty=3&price=500&total=1500

Explanation: One of the disadvantages of get method is that it exposes too many values for data in the link. The values are to be passed to the databases or as the reference for the next targeted webpage. Just imagine, if the values are being changed by the user before they are passed and stored into databases, what are the possible consequences? To make everything clear, I would like to use the link above to explain. If the user changes the values of price and total to zero, he or she can purchase the item for free, does it make sense? So, it would be better if we use the post method to avoid the data to be exposed in a link.

Time of check to time of use

It is basically the process of executing the instruction. It would process all the data rather than putting them on clipboard.


Next, I have learnt about the Malicious Programs. The table below shows the examples of malicious codes and some of their descriptions:

Type of malicious codeExplanation
TrojanA program which performs a useful function but also performs an unexpected action.
VirusA code segment which replicates by attaching copies to existing executables.
WormA program which replicates itself and causes execution of the new copy.
BacteriaReplicates until it fills all disk space, or CPU cycles.
Logic BombMalicious code that actives on an event.
Trap doorUndocumented entry point written into code for debugging that can allow unwanted user.

For the trap door type, Mr Zaki told us about a real life story related to it – “The Salami Attack”. It was very interesting. The story is about a guy named Salami, who was once a programmer for a bank. He came out with a brilliant idea to make money through the program he wrote. He transferred the third decimal place of the value for every transaction to its own bank account through the coding he wrote. As I said just now, he was very brilliant because nobody would notice the third decimal place of a currency as the value is too small and very hard to be traced. However, no one in this world can escape from the punishment after committing a crime, he was caught for whatever he had done. People started to notice and investigate it when he bought houses, branded cars and so on using cash.
Finally, the lecture was end with the pillars of software security. Three of the pillars of software security are risk management, touchpoints and knowledge.

Posted by at 1 comment:

Lab 5

Venue : Makmal Sistem, Building FTMK.
Date : 27-8-2009
Time : 10.00 a.m. – 11.50 a.m.


The title for the lab session this week was Modern Cryptography (extended version). It continued from last week’s lab session actually. So after learning the RSA algorithm last week, this week we have learnt about DES algorithm. DES is a topic that we have learnt during the lecture last week; the difference is that we got to do DES practically this week.
After that, we were asked to do the review question. Luckily, Mr. Zaki guided us to do that, if not everyone will be fainted. We used Microsoft Office Excel to do the task and it was quite fun although the task is very complicated and quite frustrated sometimes. Before the lab session ended, Mr. Zaki told us for those who are interested in doing Final Year Project on this topic; we can let him know next semester. Developing an application to perform DES by using C++, vb .net or Java, sounds cool to me, I will consider it wisely… …
Posted by at No comments:

Modern Cryptography – Part 2

Venue : BK7, Building FTMK.
Date : 26-8-2009
Time : 9.00 a.m. – 10.50 a.m.

The lecture just now began with a brief re-cap for the topic DES which we have learnt last week. Soon after that, the lecture continued with the topic Message Authentication. Message Authentication can be used to protect against active attacks. The diagram below show how it actually works:

Next, Mr. Zaki taught us about the Hash Function. There are three methods for has function:

  • Using conventional encryption

  • Using public-key encryption

  • Using secret value

The three algorithms used in hashing function are MD5, SHA-1 and SHA-256.Then, we learned about digital signatures. It is the provision of a means of settling disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process. The diagram below shows how digital signature works:

To create a digital signature using RSA:

The signature can be verified by anyone who knows the corresponding public key. Certification Authority (CA) is the next topic of this chapter. CA’s aim it to guarantee the authenticity of public key by signing a certificate containing user’s identity and public key with its secret key. In order to do so, all users must have an authentic copy of the Certification Authority’s public key. The lectures continued with the topic Key Management, the diagram below depicts the life cycle of a key:

The last two topics for today’s lecture ware RSA which was learnt during the lab session last week and methods of attacks. The four general attacks against encrypted information are:

  • Ciphertext-only attack

  • Known Plaintext

  • Chosen-plaintext

  • Chosen-ciphertext attack

Then the attacks that can be launched against encryption systems are:

  • Brute-Force attack

    • Exhaustive key search - trying every possible combination.

  • Replay attacks

    • Taking encrypted information and playing it back at a later point in time.

  • Man-in-the-middle attacks

  • Fault in Cryptosytem
Posted by at 1 comment:
Subscribe to: Posts (Atom)