Who are we? Cesena Security and Network Applications. Why join CeSeNA?
|
|
- Amos Byrd
- 6 years ago
- Views:
Transcription
1 Unexpected inputs: the danger of data and code injection
2 Who are we? Cesena Security and Network Applications We like computer security and we want to share our knowledge. Founded by Marco Ramilli in Rebuilt by Luca Mella in Now it s an active group, managed by Alessandro Molari, Luca Molari and Giacomo Mantani. Why join CeSeNA? To learn useful, cool stuff. To improve mental and social skills. To have (a lot of) fun! Daniele Bellavista [CeSeNA] Code and Data Injection What s CeSeNA?
3 Contact us! Requirement to apply CeSeNA Burning desire for knowledge. Passion for computer security. Be a geeky, techky person. Where to find us IRC: #cesena at irc.freenode.net Website: (trust the certificate) Facebook: G+: Daniele Bellavista [CeSeNA] Code and Data Injection What s CeSeNA?
4 INJECTION VULNERABILITY
5 Injection: same old story SQL injection Introduced by sloppy (PHP) programmers. One of the main vulnerability in 2000s. Still present and exploited! Shellshock vulnerability Discovered in Present since September 1989! In some scenarios, it permits remote code execution. Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
6 SQLi example Scenario: system containing secret stuff on the database, which can be accessed only by knowing their secret identifier. Objective: obtain all the secrets! SQL Query: exec ( SELECT FROM S e c r e t s WHERE S e c I d = + s e c r e t I d ) Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
7 SQLi example Scenario: system containing secret stuff on the database, which can be accessed only by knowing their secret identifier. Objective: obtain all the secrets! SQL Query: exec ( SELECT FROM S e c r e t s WHERE S e c I d = + s e c r e t I d ) If secretid is exec ( SELECT FROM S e c r e t s WHERE S e c I d = ) Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
8 SQLi example Query: exec ( SELECT FROM S e c r e t s WHERE ID = + s e c r e t I d ) Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
9 SQLi example Query: exec ( SELECT FROM S e c r e t s WHERE ID = + s e c r e t I d ) Injection if secretid is 0 OR 1=1: exec ( SELECT FROM S e c r e t s WHERE ID = 0 OR 1=1 ) Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
10 A shellshock example Request to a CGI page: GET / v u l n e r a b l e. c g i User Agent : M o z i l l a F i r e f o x Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
11 A shellshock example Request to a CGI page: GET / v u l n e r a b l e. c g i User Agent : M o z i l l a F i r e f o x Response: 200 OK Hi, I m not v u l n e r a b l e! Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
12 A shellshock example Request: GET / v u l n e r a b l e. c g i User Agent : ( ) { i g n o r e d ; } ; echo The f o l l o w i n g s e n t e n c e i s f a l s e Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
13 A shellshock example Request: GET / v u l n e r a b l e. c g i User Agent : ( ) { i g n o r e d ; } ; echo The f o l l o w i n g s e n t e n c e i s f a l s e Response: 200 OK The f o l l o w i n g s e n t e n c e i s f a l s e Hi, I m not v u l n e r a b l e! Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
14 Data and code are confused Untrusted user-supplied inputs Web form fields (yes, even hidden tags). HTTP fields. Shell parameters. No difference between data and code No data type. Semantic checks are performed only on the result. Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
15 Sanitization Whitelist allowed character. Drop or escape the rest. Type awareness: parse integers, encode strings, etc.. Use framework or library functions considered secure. Remember: security isn t just a fix. Daniele Bellavista [CeSeNA] Code and Data Injection Injection Vulnerability
16 EXPLOITATION
17 Bad sanitization: quoting Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + s e c r e t I d + Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
18 Bad sanitization: quoting Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + s e c r e t I d + Previous secretid = 0 OR 1=1 won t work! SELECT FROM S e c r e t s WHERE S e c I d = 0 OR 1=1 Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
19 Bad sanitization: quoting Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + s e c r e t I d + Previous secretid = 0 OR 1=1 won t work! SELECT FROM S e c r e t s WHERE S e c I d = 0 OR 1=1 So, just send secretid = 0 OR 1 = 1 SELECT FROM S e c r e t s WHERE S e c I d = 0 OR 1 = 1 Celebrate Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
20 Bad sanitization: blind escaping Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + escapequotes ( s e c r e t I d ) + Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
21 Bad sanitization: blind escaping Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + escapequotes ( s e c r e t I d ) + The previous trick won t work: secretid = 0 OR 1 = 1 SELECT FROM S e c r e t s WHERE S e c I d = 0\ OR \ 1\ =\ 1 Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
22 Bad sanitization: blind escaping Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + escapequotes ( s e c r e t I d ) + The previous trick won t work: secretid = 0 OR 1 = 1 SELECT FROM S e c r e t s WHERE S e c I d = 0\ OR \ 1\ =\ 1 However, a similar query without quotes won t be protected! SELECT FROM S e c r e t s WHERE S e c I d = + escapequotes ( s e c r e t I d ) Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
23 Bad sanitization: blind escaping Quoted SQL statement: SELECT FROM S e c r e t s WHERE S e c I d = + escapequotes ( s e c r e t I d ) + The previous trick won t work: secretid = 0 OR 1 = 1 SELECT FROM S e c r e t s WHERE S e c I d = 0\ OR \ 1\ =\ 1 However, a similar query without quotes won t be protected! SELECT FROM S e c r e t s WHERE S e c I d = + escapequotes ( s e c r e t I d ) Just try 0 OR 1=1 SELECT FROM S e c r e t s WHERE S e c I d = 0 OR 1 = 1 Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
24 Bad sanitization: string replace Smartest fix ever: SELECT FROM S e c r e t s WHERE S e c I d = + r e p l a c e ( s e c r e t I d, OR, ) Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
25 Bad sanitization: string replace Smartest fix ever: SELECT FROM S e c r e t s WHERE S e c I d = + r e p l a c e ( s e c r e t I d, OR, ) If secretid = 0 OR 1=1 SELECT FROM S e c r e t s WHERE S e c I d = 0 1 = 1 Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
26 Bad sanitization: string replace Smartest fix ever: SELECT FROM S e c r e t s WHERE S e c I d = + r e p l a c e ( s e c r e t I d, OR, ) If secretid = 0 OR 1=1 SELECT FROM S e c r e t s WHERE S e c I d = 0 1 = 1 What if, secretid = 0 OORR 1=1 SELECT FROM S e c r e t s WHERE S e c I d = 0 OR 1 = 1 Daniele Bellavista [CeSeNA] Code and Data Injection Exploiting Injection
27 IT S YOUR TURN
28 Let s get our hands dirty Go to: Daniele Bellavista [CeSeNA] Code and Data Injection Exercise
29
Model-based Testing - From Safety to Security
Model-based Testing - From Safety to Security Josip Bozic, Franz Wotawa Graz University of Technology {jbozic, wotawa}@ist.tugraz.at October 24, 2012 Josip Bozic, Franz Wotawa October 24, 2012 Page 1/28
More informationDatabases Exam HT2016 Solution
Databases Exam HT2016 Solution Solution 1a Solution 1b Trainer ( ssn ) Pokemon ( ssn, name ) ssn - > Trainer. ssn Club ( name, city, street, streetnumber ) MemberOf ( ssn, name, city ) ssn - > Trainer.
More informationCS 243 Lecture 11 Binary Decision Diagrams (BDDs) in Pointer Analysis
CS 243 Lecture 11 Binary Decision Diagrams (BDDs) in Pointer Analysis 1. Relations in BDDs 2. Datalog -> Relational Algebra 3. Relational Algebra -> BDDs 4. Context-Sensitive Pointer Analysis 5. Performance
More informationSecret Sharing CPT, Version 3
Secret Sharing CPT, 2006 Version 3 1 Introduction In all secure systems that use cryptography in practice, keys have to be protected by encryption under other keys when they are stored in a physically
More informationTowards information flow control. Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011
Towards information flow control Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011 Mandatory access controls and security levels DAC vs. MAC Discretionary access control
More informationMathOverflow. David Brown. University of Wisconsin-Madison Slides available at Rice University
MathOverflow David Brown University of Wisconsin-Madison Slides available at http://www.math.wisc.edu/~brownda/slides/ Rice University March 29, 2011 Introduction Mathoverflow: http://mathoverflow.net/.
More informationHomework 4 for Modular Arithmetic: The RSA Cipher
Homework 4 for Modular Arithmetic: The RSA Cipher Gregory V. Bard April 25, 2018 This is a practice workbook for the RSA cipher. It is not suitable for learning the RSA cipher from scratch. However, there
More informationAbstract parsing: static analysis of dynamically generated string output using LR-parsing technology
Abstract parsing: static analysis of dynamically generated string output using LR-parsing technology Kyung-Goo Doh 1, Hyunha Kim 1, David A. Schmidt 2 1. Hanyang University, Ansan, South Korea 2. Kansas
More informationAttack Graph Modeling and Generation
Attack Graph Modeling and Generation Ratnesh Kumar, Professor, IEEE Fellow Electrical and Computer Engineering, Iowa State University PhD Students: Mariam Ibrahim German Jordanian University Attack Graph:
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 18 November 3, 2014 CPSC 467, Lecture 18 1/43 Zero Knowledge Interactive Proofs (ZKIP) Secret cave protocol ZKIP for graph isomorphism
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 19 November 8, 2017 CPSC 467, Lecture 19 1/37 Zero Knowledge Interactive Proofs (ZKIP) ZKIP for graph isomorphism Feige-Fiat-Shamir
More informationThe Research and Improvement in the Detection of PHP Variable WebShell based on Information Entropy
Journal of Computers Vol. 28, No. 5, 2017, pp. 62-68 doi:10.3966/199115992017102805006 The Research and Improvement in the Detection of PHP Variable WebShell based on Information Entropy Chundong Wang
More informationLecture 7: Boneh-Boyen Proof & Waters IBE System
CS395T Advanced Cryptography 2/0/2009 Lecture 7: Boneh-Boyen Proof & Waters IBE System Instructor: Brent Waters Scribe: Ioannis Rouselakis Review Last lecture we discussed about the Boneh-Boyen IBE system,
More informationWeak Synchronization & Synchronizability. Multi-tape Automata and Machines
Weak Synchronization and Synchronizability of Multi-tape Automata and Machines Oscar H. Ibarra 1 and Nicholas Tran 2 1 Department of Computer Science University of California at Santa Barbara ibarra@cs.ucsb.edu
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationSafety and Liveness. Thread Synchronization: Too Much Milk. Critical Sections. A Really Cool Theorem
Safety and Liveness Properties defined over an execution of a program Thread Synchronization: Too Much Milk Safety: nothing bad happens holds in every finite execution prefix Windows never crashes No patient
More informationSemantic Web SPARQL. Gerd Gröner, Matthias Thimm. July 16,
Semantic Web SPARQL Gerd Gröner, Matthias Thimm {groener,thimm}@uni-koblenz.de Institute for Web Science and Technologies (WeST) University of Koblenz-Landau July 16, 2013 Gerd Gröner, Matthias Thimm Semantic
More informationLanguage-based Information Security. CS252r Spring 2012
Language-based Information Security CS252r Spring 2012 This course Survey of key concepts and hot topics in language-based information security The use of programming language abstractions and techniques
More information8 Security against Chosen Plaintext
8 Security against Chosen Plaintext Attacks We ve already seen a definition that captures security of encryption when an adversary is allowed to see just one ciphertext encrypted under the key. Clearly
More informationQuantitative Approaches to Information Protection
Quantitative Approaches to Information Protection Catuscia Palamidessi INRIA Saclay 1 LOCALI meeting, Beijin 06/11/2013 Plan of the talk Motivations and Examples A General Quantitative Model Quantitative
More informationPHP-Einführung - Lesson 4 - Object Oriented Programming. Alexander Lichter June 27, 2017
PHP-Einführung - Lesson 4 - Object Oriented Programming Alexander Lichter June 27, 2017 Content of this lesson 1. Recap 2. Why OOP? 3. Git gud - PHPStorm 4. Include and Require 5. Classes and objects 6.
More informationA Quick Look at some Mathematics and Cryptography A Talk for CLIR at UConn
A Quick Look at some Mathematics and Cryptography A Talk for CLIR at UConn Jeremy Teitelbaum September 5, 2014 Secret Key Ciphers A cipher is a method of communication in which the letters making up the
More informationMath 3361-Modern Algebra Lecture 08 9/26/ Cardinality
Math 336-Modern Algebra Lecture 08 9/26/4. Cardinality I started talking about cardinality last time, and you did some stuff with it in the Homework, so let s continue. I said that two sets have the same
More informationSlides based on those in:
Spyros Kontogiannis & Christos Zaroliagis Slides based on those in: http://www.mmds.org High dim. data Graph data Infinite data Machine learning Apps Locality sensitive hashing PageRank, SimRank Filtering
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationInt er net Saf et y Tip s
BE CAREFUL AS: Facebook oft en means People oft en pret end t o be people t hey are not so be wary of t his!! Int er net Saf et y Tip s N ever accept people you do not know. Never give out your real name
More informationAppendix 4 Weather. Weather Providers
Appendix 4 Weather Using weather data in your automation solution can have many benefits. Without weather data, your home automation happens regardless of environmental conditions. Some things you can
More informationWhy write proofs? Why not just test and repeat enough examples to confirm a theory?
P R E F A C E T O T H E S T U D E N T Welcome to the study of mathematical reasoning. The authors know that many students approach this material with some apprehension and uncertainty. Some students feel
More informationLecture Notes, Week 10
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 10 (rev. 2) Professor M. J. Fischer March 29 & 31, 2005 Lecture Notes, Week 10 1 Zero Knowledge Interactive
More informationCourse Announcements. Bacon is due next Monday. Next lab is about drawing UIs. Today s lecture will help thinking about your DB interface.
Course Announcements Bacon is due next Monday. Today s lecture will help thinking about your DB interface. Next lab is about drawing UIs. John Jannotti (cs32) ORMs Mar 9, 2017 1 / 24 ORMs John Jannotti
More informationHASH FUNCTIONS. Mihir Bellare UCSD 1
HASH FUNCTIONS Mihir Bellare UCSD 1 Hashing Hash functions like MD5, SHA1, SHA256, SHA512, SHA3,... are amongst the most widely-used cryptographic primitives. Their primary purpose is collision-resistant
More informationIntroduction to Algebra: The First Week
Introduction to Algebra: The First Week Background: According to the thermostat on the wall, the temperature in the classroom right now is 72 degrees Fahrenheit. I want to write to my friend in Europe,
More informationThe Roots of Higher Mathematics Computing Square Roots and the Rabin Cryptosystem William J. Martin, WPI
The Roots of Higher Mathematics Computing Square Roots and the Rabin Cryptosystem William J. Martin, WPI Abstract: We explore thought experiments dealing with the computation of square roots in various
More informationInequalities. CK12 Editor. Say Thanks to the Authors Click (No sign in required)
Inequalities CK12 Editor Say Thanks to the Authors Click http://www.ck12.org/saythanks (No sign in required) To access a customizable version of this book, as well as other interactive content, visit www.ck12.org
More informationLecture 11- Differential Privacy
6.889 New Developments in Cryptography May 3, 2011 Lecture 11- Differential Privacy Lecturer: Salil Vadhan Scribes: Alan Deckelbaum and Emily Shen 1 Introduction In class today (and the next two lectures)
More informationYour World is not Red or Green. Good Practice in Data Display and Dashboard Design
Your World is not Red or Green Good Practice in Data Display and Dashboard Design References Tufte, E. R. (2). The visual display of quantitative information (2nd Ed.). Cheshire, CT: Graphics Press. Few,
More informationElite Galaxy Online. API Documentation v Elite Galaxy Online. All rights reserved
Elite Galaxy Online API Documentation v2.1 Contents 1. Version Control... 3 2. Overview of Elite Galaxy Online API... 4 3. Retrieving Data from Elite Galaxy Online... 5 3.1. Retrieving Star System Data...
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More information6.080 / Great Ideas in Theoretical Computer Science Spring 2008
MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationIntroduction to Cryptography Lecture 13
Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple
More informationNatural Language Processing Prof. Pawan Goyal Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Natural Language Processing Prof. Pawan Goyal Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture - 18 Maximum Entropy Models I Welcome back for the 3rd module
More informationCHAPTER 7 FUNCTIONS. Alessandro Artale UniBZ - artale/
CHAPTER 7 FUNCTIONS Alessandro Artale UniBZ - http://www.inf.unibz.it/ artale/ SECTION 7.1 Functions Defined on General Sets Copyright Cengage Learning. All rights reserved. Functions Defined on General
More informationThe Architecture of the Georgia Basin Digital Library: Using geoscientific knowledge in sustainable development
GEOLOGIJA 46/2, 343 348, Ljubljana 2003 The Architecture of the Georgia Basin Digital Library: Using geoscientific knowledge in sustainable development B. BRODARIC 1, M. JOURNEAY 2, S. TALWAR 2,3, R. HARRAP
More informationPseudonym and Anonymous Credential Systems. Kyle Soska 4/13/2016
Pseudonym and Anonymous Credential Systems Kyle Soska 4/13/2016 Moving Past Encryption Encryption Does: Hide the contents of messages that are being communicated Provide tools for authenticating messages
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationELECTRE TRI plug-in in Quantum GIS and ElectreTriBM webservice What s new?
ELECTRE TRI plug-in in Quantum GIS and ElectreTriBM webservice What s new? Olivier Sobrie University of Mons Faculty of engineering October 17, 2011 University of Mons Olivier Sobrie - October 17, 2011
More informationLECTURE 15: SIMPLE LINEAR REGRESSION I
David Youngberg BSAD 20 Montgomery College LECTURE 5: SIMPLE LINEAR REGRESSION I I. From Correlation to Regression a. Recall last class when we discussed two basic types of correlation (positive and negative).
More informationPatrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies
Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Jun Dai, Xiaoyan Sun, and Peng Liu College of Information Sciences and Technology Pennsylvania State University,
More informationMap reading made easy
Map reading made easy 1. What is a map? A map is simply a drawing or picture (in 2-D) of a landscape or area of a country (in 3-D). It could be anything from a sketch map for a visitor to find your school
More informationEvaluation Module 5 - Class B11 (September 2012) Responsible for evaluation: Dorte Nielsen / Cristina Lerche Data processing and preparation of
2011 Evaluation Module 5 - Class B11 (September 2012) Responsible for evaluation: Dorte Nielsen / Cristina Lerche Data processing and preparation of report: Cristina Lerche Contents Contents... 2 Questions
More informationMadame Curie By Eve Curie
Madame Curie By Eve Curie If you are searched for a book Madame Curie by Eve Curie in pdf format, then you have come on to correct site. We present full variant of this ebook in doc, txt, epub, PDF, DjVu
More informationFIT100 Spring 01. Project 2. Astrological Toys
FIT100 Spring 01 Project 2 Astrological Toys In this project you will write a series of Windows applications that look up and display astrological signs and dates. The applications that will make up the
More informationMap reading made easy
Map reading made easy Maps can be great fun and they can lead you to all sorts of discoveries. They can help you get to know an area really well, because they pinpoint interesting places that are often
More informationFingerprinting the Stars Lab (Sarah Hansen & Monica Valluri)
Fingerprinting the Stars Lab (Sarah Hansen & Monica Valluri) Introduction Every element produces a unique fingerprint of spectral lines. By identifying the spectral features in stellar spectra, we can
More informationWeather Analysis and Forecasting Handbook
Weather Analysis and Forecasting Handbook Tim Vasquez Click here if your download doesn"t start automatically Weather Analysis and Forecasting Handbook Tim Vasquez Weather Analysis and Forecasting Handbook
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationStart of the maintenance:
1 Summary of the last season (Dec. 2013 June 2014) Start up measurements, adjustment, & internal use: October 21, 2013 32nd open use: Dec. 16, 2013 June 10, 2014 TZ2, T70 (risk share) released to the open
More informationIntroduction to ArcGIS Server Development
Introduction to ArcGIS Server Development Kevin Deege,, Rob Burke, Kelly Hutchins, and Sathya Prasad ESRI Developer Summit 2008 1 Schedule Introduction to ArcGIS Server Rob and Kevin Questions Break 2:15
More informationThe Ultimate Guide To Chatbots For Businesses ONLIM 2018
The Ultimate Guide To Chatbots For Businesses O N L I M 2 0 1 8 Where We're At Today Y o u ve probably heard a lot a b o u t c h a t b o t s d u r i n g 2 0 1 7. The l a s t y e a r h a s s h o w n u s
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationDifferential Privacy
CS 380S Differential Privacy Vitaly Shmatikov most slides from Adam Smith (Penn State) slide 1 Reading Assignment Dwork. Differential Privacy (invited talk at ICALP 2006). slide 2 Basic Setting DB= x 1
More informationPlease click the link below to view the YouTube video offering guidance to purchasers:
Guide Contents: Video Guide What is Quick Quote? Quick Quote Access Levels Your Quick Quote Control Panel How do I create a Quick Quote? How do I Distribute a Quick Quote? How do I Add Suppliers to a Quick
More informationWhat did you think of Exam 1? ! Dates: a)! Too easy b)! Too hard c)! Just right d)! A little easy e)! A little hard
! Good job!! Average = 83.3! Median = 84 This Class (Lecture 15): The Dying Sun Micro-meteorite lab due tonight! Next Class: Killer Sun HW 6 due next Monday. Music: Why Does the Sun Really Shine They Might
More informationPseudorandom Generators
Outlines Saint Petersburg State University, Mathematics and Mechanics 2nd April 2005 Outlines Part I: Main Approach Part II: Blum-Blum-Shub Generator Part III: General Concepts of Pseudorandom Generator
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 16 March 19, 2012 CPSC 467b, Lecture 16 1/58 Authentication While Preventing Impersonation Challenge-response authentication protocols
More informationDiscoveryGate SM Version 1.4 Participant s Guide
Citation Searching in CrossFire Beilstein DiscoveryGate SM Version 1.4 Participant s Guide Citation Searching in CrossFire Beilstein DiscoveryGate SM Version 1.4 Participant s Guide Elsevier MDL 14600
More informationSPATIAL INFORMATION GRID AND ITS APPLICATION IN GEOLOGICAL SURVEY
SPATIAL INFORMATION GRID AND ITS APPLICATION IN GEOLOGICAL SURVEY K. T. He a, b, Y. Tang a, W. X. Yu a a School of Electronic Science and Engineering, National University of Defense Technology, Changsha,
More informationCS 4110 Programming Languages & Logics. Lecture 16 Programming in the λ-calculus
CS 4110 Programming Languages & Logics Lecture 16 Programming in the λ-calculus 30 September 2016 Review: Church Booleans 2 We can encode TRUE, FALSE, and IF, as: TRUE λx. λy. x FALSE λx. λy. y IF λb.
More informationGeneralization of Fibonacci sequence
Generalization of Fibonacci sequence Etienne Durand Julien Chartrand Maxime Bolduc February 18th 2013 Abstract After studying the fibonacci sequence, we found three interesting theorems. The first theorem
More informationUnit 2: Polynomials Guided Notes
Unit 2: Polynomials Guided Notes Name Period **If found, please return to Mrs. Brandley s room, M 8.** Self Assessment The following are the concepts you should know by the end of Unit 1. Periodically
More informationIncident Response tactics with Compromise Indicators
Vladimir Kropotov, Vitaly Chetvertakov, Fyodor Yarochkin RusCrypto 2014 March 25-28, 2014 Outline Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions Introduction Indicators
More informationAstrology: An In-Depth Look Into The Zodiac Signs: Become Wealthy, Find Your True Love, And Master Your Destiny Using Astrology
Astrology: An In-Depth Look Into The Zodiac Signs: Become Wealthy, Find Your True Love, And Master Your Destiny Using Astrology Dylan Campbell Click here if your download doesn"t start automatically Astrology:
More informationMathematical Logic Part One
Mathematical Logic Part One Question: How do we formalize the definitions and reasoning we use in our proofs? Where We're Going Propositional Logic (oday) Basic logical connectives. ruth tables. Logical
More informationScience in the Kitchen
Program Support Notes by: Margaret Bishop B.Ed, Dip T Produced by: VEA Pty Ltd Commissioning Editor: Sandra Frerichs B.Ed, M.Ed. Executive Producer: Simon Garner B.Ed, Dip Management Davis Film and Video
More informationUniversity School of Nashville. Sixth Grade Math. Self-Guided Challenge Curriculum. Unit 2. Fractals
University School of Nashville Sixth Grade Math Self-Guided Challenge Curriculum Unit 2 Fractals This curriculum was written by Joel Bezaire for use at the University School of Nashville, funded by a grant
More informationPseudorandom Generators
Principles of Construction and Usage of Pseudorandom Generators Alexander Vakhitov June 13, 2005 Abstract In this report we try to talk about the main concepts and tools needed in pseudorandom generators
More informationBig Bang, Black Holes, No Math
ASTR/PHYS 109 Dr. David Toback Lectures 2 & 3 1 Prep For Today (is now due) L3 Reading (If you haven t already): Required: BBBHNM: Chapter 1-4 Recommended: (BHOT: Chap. 1-3, SHU: Chap. 1-2, TOE: Chap.
More informationAbout Science Prof Online PowerPoint Resources
About Science Prof Online PowerPoint Resources Science Prof Online (SPO) is a free science education website that provides fully-developed Virtual Science Classrooms, science-related PowerPoints, articles
More informationYou separate binary numbers into columns in a similar fashion. 2 5 = 32
RSA Encryption 2 At the end of Part I of this article, we stated that RSA encryption works because it s impractical to factor n, which determines P 1 and P 2, which determines our private key, d, which
More informationNotes on Zero Knowledge
U.C. Berkeley CS172: Automata, Computability and Complexity Handout 9 Professor Luca Trevisan 4/21/2015 Notes on Zero Knowledge These notes on zero knowledge protocols for quadratic residuosity are based
More informationFarmington Square Times. Find us on Facebook! INSIDE THIS ISSUE
PLACE STAMP HERE 0 Bailey Lane Eugene, OR 0 Administrative Staff: Jill Maher Assisted & Memory Care Newsletter July 0 Find us on Facebook! We ve been sharing more on our Facebook page recently and would
More informationLocally Differentially Private Protocols for Frequency Estimation. Tianhao Wang, Jeremiah Blocki, Ninghui Li, Somesh Jha
Locally Differentially Private Protocols for Frequency Estimation Tianhao Wang, Jeremiah Blocki, Ninghui Li, Somesh Jha Differential Privacy Differential Privacy Classical setting Differential Privacy
More informationGeneral SQL guide for Virtual Observatory users
General SQL guide for Virtual Observatory users Hands on workshops 1. Turn on your computer, or find someone with a computer and say hi to him/her. (you can also say Hola ) 2. Go to http://gavo.mpa-garching.mpg.de/millennium/
More information(So SamID 1 ( ) = Ken W. Smith.)
In an earlier lesson, we introduced functions by assigning US citizens a social security number (SSN ) or by assigning students and staff at Sam Houston State University a student ID (SamID) The function
More informationarxiv: v1 [cs.cr] 16 Dec 2015
A Note on Efficient Algorithms for Secure Outsourcing of Bilinear Pairings arxiv:1512.05413v1 [cs.cr] 16 Dec 2015 Lihua Liu 1 Zhengjun Cao 2 Abstract. We show that the verifying equations in the scheme
More informationImpossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs
Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs Dafna Kidron Yehuda Lindell June 6, 2010 Abstract Universal composability and concurrent general composition
More informationTuring Machines Part Three
Turing Machines Part Three What problems can we solve with a computer? What kind of computer? Very Important Terminology Let M be a Turing machine. M accepts a string w if it enters an accept state when
More information3.4 Complex Zeros and the Fundamental Theorem of Algebra
86 Polynomial Functions 3.4 Complex Zeros and the Fundamental Theorem of Algebra In Section 3.3, we were focused on finding the real zeros of a polynomial function. In this section, we expand our horizons
More informationmicromodels of software declarative modelling and analysis with Alloy lecture 4: a case study MIT Lab for Computer Science Marktoberdorf, August 2002
micromodels of software declarative modelling and analysis with Alloy lecture 4: a case study Daniel Jackson MIT Lab for Computer Science Marktoberdorf, August 2002 on research strategy 2 on research strategy
More informationCS Homework 2: Combinatorics & Discrete Events Due Date: September 25, 2018 at 2:20 PM
CS1450 - Homework 2: Combinatorics & Discrete Events Due Date: September 25, 2018 at 2:20 PM Question 1 A website allows the user to create an 8-character password that consists of lower case letters (a-z)
More informationUnit 2: Polynomials Guided Notes
Unit 2: Polynomials Guided Notes Name Period **If found, please return to Mrs. Brandley s room, M 8.** Self Assessment The following are the concepts you should know by the end of Unit 1. Periodically
More informationDear AP Calculus AB student,
Dear AP Calculus AB student, The packet of review material is a combination of materials I found on-line from other teachers of AP Calculus AB and from basic algebraic concepts I have seen my former Calculus
More informationLecture 14: Secure Multiparty Computation
600.641 Special Topics in Theoretical Cryptography 3/20/2007 Lecture 14: Secure Multiparty Computation Instructor: Susan Hohenberger Scribe: Adam McKibben 1 Overview Suppose a group of people want to determine
More informationPredicting the Past. Anticipatory Analysis with Remotely Sensed Data Kevin Ayers. IBM Government Analytics Forum 2014 May 22, 2014
Predicting the Past Anticipatory Analysis with Remotely Sensed Data Kevin Ayers May 22, 2014 Approved for public release, 14-339 Outline OUTLINE What is GEOINT? Anticipatory Analysis in a Remotely Sensed
More informationDear ABC ji: It would be a pleasure for us to be able to help you with your query.
Dear ABC ji: It would be a pleasure for us to be able to help you with your query. Thanks for ordering Jupiter transit report. We take pride in giving the most authentic Vedic astrology reports with best
More informationGeorge Danezis Microsoft Research, Cambridge, UK
George Danezis Microsoft Research, Cambridge, UK Identity as a proxy to check credentials Username decides access in Access Control Matrix Sometime it leaks too much information Real world examples Tickets
More informationQ: How can quantum computers break ecryption?
Q: How can quantum computers break ecryption? Posted on February 21, 2011 by The Physicist Physicist: What follows is the famous Shor algorithm, which can break any RSA encryption key. The problem: RSA,
More informationClassical Verification of Quantum Computations
Classical Verification of Quantum Computations Urmila Mahadev UC Berkeley September 12, 2018 Classical versus Quantum Computers Can a classical computer verify a quantum computation? Classical output (decision
More information