How to write essay with example

Tuesday, July 23, 2019

Web based Health Care Essay Example | Topics and Well Written Essays - 750 words

Web based Health Care - Essay Example Sites need to sign up for the HONcode to ensure that they follow the eight principles of this code. Through this then individuals can check out for the red and blue seal of the HONcode on the websites they visit to look for information on different health conditions. One example of a site is the American Diabetes association that provides continuous care to the diabetes patients and enables other individuals to learn about the management, diagnosis and symptoms of diabetes. It also advises individuals on what to eat and what foods to avoid by giving out recipes. The main objective of this site is to cure and prevent diabetes and to improve the lives of all the individuals affected by diabetes. The eight principles of the HONcode comprise of: the authority of the data provided, information privacy and confidentiality; accurate attribution of sources; the transparency of economic sponsorship; the significance of evidently separating editorial content from advertising; complimentary data that does not replace but supports the patient-doctor relationship, and back up assertions concerning performance and benefits. The American Diabetes Association (ADA) website is one of the sites that are abiding by the eight rules of the HON code. In authoritative, when the site publishes a journal about diabetes and made available online for individuals to access it and benefit from the information, the authors of the journals and their qualifications are always indicated. Besides, the sites abides with the third code which is privacy, since if a visitor shares information online to the site, the site does not let the information known to any user of the site as it ensures the information is made private and confidential. Also, if information has been acquired from other sources, the site ensures that it has included the citations, the page of the journal from where the information was retrieved, and the date the journal was published. Through this, the site is trying to

The different between the two families depicted in Flight & your shoes Essay Example for Free

The different between the two families depicted in Flight your shoes Essay The story Flight is about an old man trying to come to terms with his granddaughter growing up. It is form a collection of short stories. The scene is set and the mood of all the characters are established right at beginning of the story. The old man has some pigeons, which he keep as pets. Flight is based around the similarity between the way the old man looks after his pigeons, and how he would like his granddaughters to be controlled and trained the same way. The pigeons are symbols representing his granddaughters. We see, however, that the birds return home. Whether his granddaughters will is another matter. There is a contrast when you look at the syntax in Your Shoes.Which is different from Flight. Here, we have a first person narrative, and because a character is speaking to us, we have the rhythms of speech, changes of direction in the flow of sentences and short, broken speech.This not the cone in Flight which is third person narrative and less personal. Structuarally, the story is very clever. We gradually learn about the woman speaking. At first, we sympathise with her; then learn how she has been horrible to her daughter; how she has tried to control her and keep her unspoilt like the shoes; how she has made the decisions for her; and how, just as she did not get on with her mother, so too this mother-daughter relationship has also collapsed. We are convinced, from the words coming from the womans own mouth, that the failings are her fault. And we move to a final scene in which she is pathetic and sad, locked away from the husband she never loved, pretending love for her daughter and the pair of shoes which symbolises how she would like her daughter to be. Flight is all about growing up and leaving home to starting a new life. For the mother, in this story,Flight this is a natural process, it seems, and she is happy to see her daughters fall in love and marry. The mother is crying,, however because of her father s attitude her father has made all the girls so unhappy by wanting them to be like his birds. Or might it be that she somehow sees his point and is wishing that life could be as simple as he would like it to be that she knows everything might be easier if we could simply return to the coop? Or is she crying for him, because he is so sad and so unfair and wrong? It is up to us to decide! The old man has lost three other granddaughters through marriage. He saw them transformed inside a few months from charming petulant spoiled children into serious young matrons. He is scared of what marriage will do to Alice. When he loses Alice through marriage, he thinks that everything will be gone there will be no more granddaughters at home for him to cherish and he is worried that the girl he loves will change as her sisters did. He is scared of being lonely. He would be left, uncherished and alone, with that square-fronted, calm-eyed woman, his daughter. Therefore, when Alice leaves, he feels that his whole life will be ruined. When he releases his favourite bird (which we can link to Alice), all the other birds go too, because Alice was the one person he had left to love. If she goes, all his capacity to love goes. The mans life will be entirely different with the loss of all his granddaughters it will be entirely different with the loss of all his birds. When he says farewell to one favourite, everything else crumbles for him too. Ending he is now aware, at least that he is how he perceives things. However after releasing the pigeon he turned slowly, taking his time; he lifted his eyes to smile proudly down the garden at his granddaughter. She was starting at him. She did not smile. She was wide-eyed, and pale in the cold shadow, and he saw the tears run shivering of her face. The daughter was still with him.

Monday, July 22, 2019

Julius Caesar Essay Example for Free

Julius Caesar Essay Rhetoric and Power- Examine the ability to make things happen by words alone. Rhetoric and Power is a theme well used in William ShakespeareÃ¢â‚¬â„¢s Julius Caesar. Mark Antony deceives the conspirators into believing he is on their side when he discovers them with JuliusÃ¢â‚¬â„¢ corpse, BrutusÃ¢â‚¬â„¢ speech after killing Julius Caesar makes the Romans believe Julius was a bad person, Mark AntonyÃ¢â‚¬â„¢s speech after Julius CaesarÃ¢â‚¬â„¢s death makes the Romans furious at the conspirators. In the last two situations we see the point of view the countrymen go from one thing to a completely different thing just by the use of words. Ã¢â‚¬Å"Let each man render me his bloody handÃ¢â‚¬ (III,i,185). Antony convinces the conspirators that he knows they must have had a good reason for killing Caesar. He shakes their hands showing a gesture of friendship. Well at least thatÃ¢â‚¬â„¢s what he wants them to think. Ã¢â‚¬Å"Friends am I with you all, and love you allÃ¢â‚¬ (III.i, 222). The conspirators still not fully certain AntonyÃ¢â‚¬â„¢s trust ask him if they could depend on him. Antony calls them friends and tells them he loves them. Antony is using only words to convince the conspirators he is on their side. Ã¢â‚¬Å"not that I loved Caesar less but that I loved Rome moreÃ¢â‚¬ (III.ii, 20-21). Brutus tells the countrymen that he loved Caesar but his love for Rome was greater. He tells the Romans that if Caesar were a live they would all be slaves. Brutus tells them that Caesar was too ambitious and thatÃ¢â‚¬â„¢s why he killed him. Ã¢â‚¬Å"I have the same dagger for myself when it shall please my country to need my deathÃ¢â‚¬ (III.ii.44-45). Brutus ends his speech by telling the Romans he will sacrifice himself for Rome because of his tremendous love for it. At this point the Romans are all understanding to CaesarÃ¢â‚¬â„¢s death and think that what Brutus did is okay. They all begin to chant for him. Ã¢â‚¬Å"When that the poor have cried, Caesar hath wept. Ambition should be made of sterner stuff. Yet Brutus says he was ambitiousÃ¢â‚¬ (III.ii, 91-93). Mark Antony tells the countrymen of all the good deeds Caesar did that show he wasnÃ¢â‚¬â„¢t as ambitious as Brutus says he was. Ã¢â‚¬Å"The evil that men do lives after them; The good is oft interred with their bonesÃ¢â‚¬ (III.ii.75-76). Antony states to the Romans that all the bad things that one does is always remembered, but the good they have done is buried with them. He tells them this because it seems as if the Romans have completely forgotten everything Caesar has done for them. Then Caesar continues his speech by telling the Romans how many times poor Caesar was stabbed. He tells them how Caesar loved Brutus and that didnÃ¢â‚¬â„¢t stop Brutus from killing him. Antony makes the Romans believe that everything the conspirators did isnÃ¢â‚¬â„¢t a good deed but an evil murder. He gets all the Romans against the conspirators all through a speech he made to them. The power to make things happen by words is used a lot through out Julius Caesar. AntonyÃ¢â‚¬â„¢s speech alone led to the death of Brutus, Cassius, and 100 senators. BrutusÃ¢â‚¬â„¢ speech made the evil act the him and conspirators committed seem like a good deed to the Romans. AntonyÃ¢â‚¬â„¢s deceiving words made the conspirators believe he was on their side.

Sunday, July 21, 2019

Techniques of Spoofing Attacks

Techniques of Spoofing Attacks Spoofing is sending fake address of a transmission to gain entry which is illegal into a secure system. It is creates fake responses or signals in order to keep the session alive and prevent timeouts. It captures, alters, re-transmits a communication stream that can mislead the recipient. Hackers use it to refer especially to the TCP/IP packets of addresses in order to disguise a trusted machine. The term spoofing has spread all over the world. The term spoofing refers to stealing the passwords and personal information of a particular person from the internet. The word spoof came into existence by the British comedian Arthur Roberts in 1852.In the 19th century, Arthur Roberts invented the game spoof and thus the name. This game had the use of tricks and non-sense. The first recorded reference to this game in 1884 refers to its revival. Very soon the word spoof took on the general sense of nonsense and trickery. The word spoof was first recorded in 1889.[4] TYPES: Types of Spoofing covered are as follows: 1. E-Mail Spoofing 2. Caller ID Spoofing 3. SMS Spoofing 4. Website Spoofing 5. DLL Spoofing 6. IP Spoofing 1.1.1 Definitions: 1) E-Mail Spoofing: Basically email spoofing is of the type in which the sender address and other parts of the email are altered so that it appears as if it is sent from a different source 2) Caller id Spoofing: Caller id is the way of making fake calls to other people wherein the number of the sender appears as if he/she is calling from another number. 3) SMS Spoofing: SMS Spoofing allows us to change the name or number of the text messages appear to come from. 4) Website Spoofing: Website Spoofing is a method of misleading the people or perhaps the readers that the website has been made by some other organization or by some other known person. 5) DLL Spoofing: DLL code runs in the context of its host program, it inherits the full capabilities of the programs user with spoofing. 6) IP Spoofing: IP spoofing is the way in which the sender gets unauthorized access to a computer or a network by making it appear that a certain message has come from a trusted machine by spoofing the IP address of that machine. SECTION 2 EMAIL SPOOFING 2.1 INTRODUCTION: This is considered to be one of the most used techniques of spammers and hackers. They spoof their return e-mail addresses. That makes it look as if the mail has come from some other person. This is a form of identity theft, as the person who sends the email acts to be someone else in order to distract the recipient to do something. 2.2 OBJECTIVE: The objective of spoofed mail is to hide the real identity of the sender. This can be done because the Simple Mail Transfer Protocol (SMTP) does not require authentication. A sender can use a fictitious return address or a valid address that belongs to someone else. The mails that are spoofed can be very annoying, irritating and at times dangerous. Having your own address spoofed can be even worse. If the sender or probably the hacker uses our address as the return address, then our inbox may fill with receivers complaints as well as they might report us in the spammers as well. This type of spoofing can be very dangerous. 2.3 MOTIVES: These might be the possible motives of an attacker: 1. This is spam and the person who sends doesnt want to be subjected to anti-spam laws 2. The e-mail constitutes threatening or harassing or some other violation of laws. 3. The e-mail contains a virus or Trojan and the sender believes you are more likely to open it if it appears to be from someone you know 4. The e-mail requests information that you might be willing to give to the person the sender is pretending to be, as part of a social engineering. 2.4 PHISHING: Phishing is associated with Email spoofing. Phishing is the practice of attempting to obtain users credit card or online banking information, often incorporates e-mail spoofing. For example, a phisher may send e-mail that looks as if it comes from the banks or credit cards administrative department, asking the user to log onto a Web page and enter passwords, account numbers, and other personal information. Thereby obtaining the users confidential information.[2] 2.5 WORKING: This is the most easily detected form, in e-mail spoofing it simply sets the display name or from field of outgoing messages to show a name or address other than the actual one from which the message is sent. Most POP e-mail clients allow you to change the text displayed in this field to whatever you want. For example, when you set up a mail account in Outlook Express, you are asked to enter a display name, which can be anything you want, as shown in Figure 2.1. Fig 2.1:Ãƒâ€šÃ‚ Setting the display name in your e-mail client The name that we set will be displayed in the recipients mail program as the person from whom the mail was sent. We can type anything you like in the field on the following page that asks for your e-mail address. These fields are separate from the field where you enter your account name assigned to you by your ISP. Figure 2.2 shows what the recipient sees in the From field of an e-mail client such as Outlook. Fig.2.2Ãƒâ€šÃ‚ The recipient sees whatever information you entered When this simplistic method is used, you can tell where the mail originated (for example that it didÃƒâ€šÃ‚ notÃƒâ€šÃ‚ come from thewhitehouse.com) by checking the actual mail headers. Many e-mail clients dont show these by default. In Outlook, open the message and then clickÃƒâ€šÃ‚ View | OptionsÃƒâ€šÃ‚ to see the headers, as shown in Figure 2.3. Fig 2.3:Ãƒâ€šÃ‚ Viewing the e-mail headers In this example, you can see that the message actually originated from a computer named XDREAM and was sent from the mail.augustmail.com SMTP server. 2.6 PREVENTIVE MEASURES: Although legislation may help to deter some spoofing, most agree that it is a technological problem that requires a technological solution. One way to control spoofing is to use a mechanism that will authenticate or verify the origins of each e-mail message. The Sender Policy Framework (SPF) is an emerging standard by which the owners of domains identify their outgoing mail servers in DNS, and then SMTP servers can check the addresses in the mail headers against that information to determine whether a message contains a spoofed address. The downside is that mail system administrators have to take specific action to publish SPF records for their domains. Users need to implement Simple Authentication and Security Layer (SASL) SMTP for sending mail. Once this is accomplished, administrators can set their domains so that unauthenticated mail sent from them will fail, and the domains name cant be forged. SECTION 3 CALLER ID SPOOFING 3.1. INTRODUCTION: This type of spoofing is all about changing the Caller ID to show any desired unidentifiable number on the persons caller id who receives the call [1]. Caller id spoofing is a way of calling someone without them knowing who actually the person is, by hiding the phone number from their caller id. It is also known as the practice of causing the telephone network to display a number on the recipientsÃƒâ€šÃ‚ Caller id displayÃƒâ€šÃ‚ which is not that of the actual originating station. Just asÃƒâ€šÃ‚ e-mail spoofingÃƒâ€šÃ‚ can make it appear that a message came from any e-mail address the sender chooses, Caller ID spoofing can make a call appear to have come from any phone number the caller wishes. Because of the high trust people tend to have in the Caller ID system; spoofing can call the systems value into question hence creating problems for various parties associated with it. NAMES OF COMPANIES THAT PROVIDE THE CALLER ID SPOOFING FEATURE: SpoofCard Phone Gangster StealthCard TeleSpoof 3.2 WAY TO MAKE TEXT DISPLAY ON CALLER ID DISPLAY: With the help of the Spoof Card, Stealth Card, TeleSpoof and many more we can make the text show up on the caller id display instead of number. We have to choose some text from the huge list of funny caller id text phrases and that text will be displayed as our phone number. Some texts are shown below in the image. Fig 3.1 Text that can be shown in the caller-id display 3.3 USES: Caller-id spoofing can be used in the following places: Doctor needing to disguise home number so that he doesnt get unwanted calls on his home number Worried spouse wanting to find the truth Calling back an unknown number to find out the unknown identity without revealing original number Hiding your location 3.4 METHOD: Caller ID can be spoofed in many different ways and with different well advanced technologies. The most popular ways of spoofing Caller ID are through the use ofÃƒâ€šÃ‚ VoIPÃƒâ€šÃ‚ orÃƒâ€šÃ‚ PRIÃƒâ€šÃ‚ lines. Other method is that of coping theÃƒâ€šÃ‚ Bell 202Ãƒâ€šÃ‚ FSKÃƒâ€šÃ‚ signal. This method, calledÃƒâ€šÃ‚ orange boxing, uses software that generates the audio signal which is then coupled to the telephone line during the call. The object is to deceive the called party into thinking that there is an incomingÃƒâ€šÃ‚ call waitingÃƒâ€šÃ‚ call from the spoofed number, when in fact there is no new incoming call. This technique often also involves an accomplice who may provide a secondary voice to complete the illusion of a call-waiting call. Because the orange box cannot truly spoof incoming caller ID prior to answer and relies to a certain extent on the guile of the caller, it is considered as much aÃƒâ€šÃ‚ social engineeringÃƒâ€šÃ‚ technique as a technical hack. 3.5 MOTIVES: Sometimes, caller-id spoofing may be justified. There are necessary reasons for modifying the caller ID sent with a call. These can be the possible places where caller-ids are spoofed: Calls that come from a large organization or company, particularly those companies that have many branches, sending the main number is a good option. Consider this example. A hospital might have the primary number 777-2000, and around 250 lines functioning inside the main building, and another 200 at the clinic that is located around 50 miles away. I t may happen that most of the numbers will be in the form of 777-200XX, but it might also happen that many of them have an unrelated and unidentifiable numbers. Therefore if we have all calls come from 777-2000, it lets the call recipients identify that the incoming call is a hospital call. Most of the calling-card companies display Caller IDs of the calling-card user to the call recipients. Many Business owners and dealers use Caller ID spoofing to display their business number on the Caller ID display when they are calling from a place outside the office premises (for example, on a mobile phone). Skype users have an option of assigning a Caller ID number for preventing their outgoing calls from being screened by the called party (Skype Caller ID in the USA is 000123456). Google application Google VoiceÃƒâ€šÃ‚ displays its users Google Voice number when the users make calls from the service using their landline numbers or mobile phones. Gizmo5Ãƒâ€šÃ‚ sends the users Gizmo5 SIP number as outbound Caller ID on all calls. Because Gizmo5 IDs are in the format 747NXXXXXX, it is possible to confuse calls made from Gizmo5 with calls made fromÃƒâ€šÃ‚ area code 747. Fig 3.2. Software for Caller id Spoofing SECTION 4 SMS SPOOFING 4.1 INTRODUCTION: SMS Spoofing allows us to change the name or number of the text messages a recipient would appear to receive. It replaces the number from which the text message is received with alphanumeric text. This type of spoofing has both legitimate and illegitimate applications. The legitimate manner would be setting your name or company name or the product name for or from which the text message is sent. So thereby the text message received will display the name or the company name or the product name and the purpose in the case for e.g. a product (publicising it) would thus be served. The illegitimate way would be when a person or a company would use the name of some other person or name or a product with the intentions of causing losses to the concerned. 4.2 MOTIVES: SMS Spoofing takes place when the user from sending end changes the address information so as to conceal the original address from reaching the user at the receiver end. It is done mostly to impersonate a user who has roamed onto a foreign network, needs to be submitting messages to the home network. Generally these messages are addressed to destinations that are beyond the range of home network with the home SMSC (short messaging service centre) being hijacked hence causing messages to be sent to other network 4.3. IMPACTS: Following are the impacts of this activity: 1) Due to the hijacking of the home SMSC, The home network can bring in termination charges caused by the delivery of these messages to interconnect partners. This is termed as quantifiable revenue leakage. 2) These messages can be of concern to the partners involved. 3) It is possible that it comes under the notice of the customer that he is spammed and the message sent maybe of personal, financial or political importance to the concerned person. Therefore, there is a risk that the interconnect partners might threaten to stop the home network from functioning until and unless a suitable remedy is found and properly implemented. Hence, the consequence of this would be that the Home subscribers will be unable to send messages into these networks. 4) While fraudsters generally use spoofed-identities to send messages, there is a risk that these identities may match those of real home subscribers. This implies, that genuine subscribers may be billed for roaming messages they did not send and if this situation does arise, the integrity of the home operators billing will be under scrutiny, with potentially huge impact on the brand itself. This is a major churn risk. 4.4 USES: A person sends a SMS message from an online computer network for lower more competitive pricing, and for the ease of data entry from a full size console. They must spoof their own number in order to properly identify themselves. A sender does not have a mobile phone, and they need to send an SMS from a number that they have provided the receiver in advance as a means to activate an account. 4.5 THREATS: An SMS Spoofing attack is often first detected by an increase in the number of SMS errors encountered during a bill-run. These errors are caused by the spoofed subscriber identities. Operators can respond by blocking different source addresses in their Gateway-MSCs, but fraudsters can change addresses easily to by-pass these measures. If fraudsters move to using source addresses at a major interconnect partner, it may become unfeasible to block these addresses, due to the potential impact on normal interconnect services. SMS Spoofing is a serious threat to mobile operators on several fronts: 1. Mischarging subscribers. 2. Being charged interconnects fees by the hubs. 3. Blocking legitimate traffic in an effort to stop the spoofing. 4. Assigning highly trained and scarce resources to tackle the problem 4.6 EXAMPLES: Messages sent from Google are sent with the Sender ID Google. Skype sends messages from its users with the mobile number they registered with. Note that when a user attempts to reply to the SMS, the local system may or may not allow the replying message to be sent through to the spoofed origin. A user who does not have a mobile phone attempts to sign up for a Foxy tag account, which requires an SMS from a phone number that the user registers with. A dynamically assigned number from an anonymous SMS service will not work because the user is not given the dynamic number in advance to register with. Fig 4.1 this picture above shows the process of sms spoofing. SECTION 5 WEB SPOOFING 5.1 INTRODUCTION: Website spoofing is a type of spoofing which creates a website or web pages that are basically run with the intention to mislead users into believing that the particular website is created by a different group or a different person. Another form of website spoofing is creating false or fake websites that generally have the same appearance and layout as the original website and tricking people into sharing their personal or confidential information with the false Website. The fake websites can have a similar URL as well. Another technique associated with false URL is the use of Cloaked URL.This technique uses methods of domain redirection or URL forwarding which convincingly hides the address of the actual website. Website spoofing is often associated with Phishing. It can also be carried out with the intention of criticizing or making fun of the original website or the website developer or fraud as well.[3] 5.2 CONCEPT: So we can say that web spoofing basically enables an attacker/spoofer to create a shadow copy of the entire World Wide Web. Accesses to this fake Web are monitored through the attackers system, which helps the attacker to keep a watch on all of the victims web-activities. These activities include passwords and personal information (bank account numbers). It can also happen that in the victims name, the attacker sends certain information to the web servers or send any kind of information to the victim in the name of any Web server. Basically, the spoofer controls everything The victim does on the Web. 5.3 CONSEQUENCES: As the spoofer or the attacker has complete control(observing capability as well as modifying capability) over any data that is transmitting from the victim to the web servers and also all the data transactions from the servers to the victim , the attacker can misuse this in many ways. Some of the misusing ways are surveillance and tampering. 5.3.1 Surveillance: The attacker can conveniently spy on the traffic, registering which pages and sites the victim visits or surfs as well as the content of those pages. For example, when the victim fills out a particular form on a particular site, the entered details are transmitted to a server. The attacker can record all these details, along with the response sent back by the server. And as we know, most of the on-line commerce is done using forms; this information can also give the attacker -the account passwords and other valuable data of the victim. This is highly dangerous. Surveillance can be carried out by the spoofer even if the victim has a so called secure connection to the web-server. So basically, even if the victims browser shows the secure-connection icon (usually an image of a lock or a key) . It can be possible that the attacker is still successful in his Surveillance. 5.3.2 Tampering: Surveillance is basically just observing and registering confidential data of the victim. The spoofer can also MODIFY any of the data that may be travelling in either direction between the victim and the servers. This is called Tampering. If there are any forms submitted by the victim to the web servers, the attacker can bring about changes in the data entered. For example, if a person is purchasing a certain product on-line, the spoofer can change the product details, product number, shipping address etc. The attacker can also change the data returned by a Web server, for example by inserting misleadingoffensive material to trick the victim or to cause problems between the victim and the server. Misleadingoffensive material to trick the victim or to cause problems between the victim and the server. 5.3.3 Using the Web: It is not really difficult to spoof the entire World Wide Web, even though it might seem to be difficult. The attacker does not really have to store all the contents of the Web. The Web in its entirety is available on-line; so the spoofers server just has to fetch the required page or pages from the real Web whenever it needs to provide a copy of that page on the false Web. 5.4 Working of the attack: For this attack to work, the main duty of the attacker is to sit between the victim and the rest of the Web. This arrangement of sitting between the victim and the web is called a man in the middle attack. 5.5 Method: One of the most frequently used methods for web spoofing is URL Rewriting. 5.5.1 Url Rewriting Once the attacker fetches the real document, the attacker rewrites all of the URLs in the document into the same special form by same spoofing technique. Then the attackers server provides the rewritten page to the victims browser. This is how URL rewriting is used for spoofing. 5.6 Protection: Web spoofing is one of the most dangerous and undetectable security attacks that can be carried out in the web-world today. But of course, there are certain preventive measures that can be taken: 5.6.1 Short-term protection: These are the steps to follow for short term protection: a) Disable JavaScript in your browser so the spoofer wont be able to hide the evidence of the attack; b) Your browsers location line should always be visible; c) Observe URLs displayed on your browsers location line, and make sure that the URLs always point to the server you think youre connected to. 5.6.2 Long-term protection: There is no fully satisfactory long-term solution to this problem. But few things that can be done: a) Changing browsers can help, so they always display the location line. But the users have to know how to recognise the correct URLs. b) Using improved Secured-connection indicators. Fig 5.1.The picture above gives an idea of how web spoofing is done SECTION 6 DLL SPOOFING Dynamic Link Libraries or DLL are software object modules, or libraries, linked into a program while it is running DLLs are a feature that allows programs to share common codes so as to help developers to make programs easily and efficiently.DLLs are extensively used in newer versions of Windows. Fig 6.1.This picture above is hardware id DLL 6.1 INTRODUCTION: DLL code runs in the context of its host program, it inherits the full capabilities of the programs user with spoofing. The DLL spoof causes a legitimate program to load a DLL with a Trojan horse instead of legitimate DLL. DLL spoofing can occur even if the legitimate DLL is beyond the attackers reach. Since when a program loads DLLs it searches through a sequence of directories looking for the required DLL. Spoofing occurs when the attacker succeeds in inserting the infected DLL-file in one of those directory in such a way that program finds it before it finds the legitimate DLL of the same name. Hence even if the file is write-protected or the attacker doesnt have access to the directory which contains the legitimate DLL then also he can attack the program. Whenever a user runs a program there occurs a linking algorithm which is used to find the file that holds the DLL. Usually it is the one with DLL suffix. Linking algorithm searches through three different categories: 1. Programs directory: It is the directory which holds programs file. 2. System directory: Contains a series of entries. As we have discussed earlier to spoof the user only needs to insert an infected or malicious DLL file into the working directory. If the infected DLL file has the same name as the legitimate DLL then the algorithm will link the fake DLL file to the otherwise trusted program. The infected DLL can then create a new process. It runs in the full capabilities of the user who runs the, it perform the task and request the original DLL file as asked by the user so as not to arouse suspicion. With the help of fake DLL the attacker can now do whatever task he want which is under the capabilities of the fake DLL. Among the three above mentioned directories, the program directory and the system directory are most vulnerable as the location is predefined. But in the case of working directory this task is hard to perform as the directory is set by the program only and hence its directory is unknown to the user. Fig 6.2 dependency walker 6.2. WORKING OF ATTACK: This is where the social engineering skills come into play. The attacker tries to convince the user to open a simple file. This simple file can be a image too and can be located at any remote place like http://. Now the victim (in this case our user) tries to open that file (in this case the image) through a preinstalled software on his machine like a image viewer. Now this image viewer is vulnerable by the binary planting attack. Now the image viewer may require a DLL file to load dynamically. As the full path name gas not been specified before hand, image viewer will give instructions to Microsoft Windows to search for the required DLL file in a particular order. Directories in order: Working directory The system directory The 16-bit system directory Windows directory Current directory Directories which are listed in PATH environment variables Usually Current directory is the directory in which the image viewer file is stored. Now the attacker has control over one of the directories which windows search for, and hence he will be able to place a malicious copy of the dll in that directory. In such a case the application will load and run the malicious DLL without verification. And now the attacker has gained full control of the affected machine, and now he will be able to perform all the unwanted actions on the machine such as hack into the existing account, create a new account, access important files on specific directories and more. In such a case web securities like firewall has become an essential instrument to block and prevent the downloading of such malicious files from a remote network location. 6.3 TARGETS: The easiest and the most obvious targets for DLL spoofing are the machines running on windows. As here the registry has not been properly updated with a safe-search order for loading DLLs. The safe-search order is not an issue for the PCs running on XP as there are few infectious program and registries which point to fake DLLs or the DLLs which do not even exist. Such program or entries are the real cause of spoofing in the case of XP. Trojans, web caches and email are some of the ways in which codes are placed in the file system. Since obviously having a misconfigured programs or the search path does not mean that the machine will start running malicious code. As we know this breach is more harmful then the DLL spoof as ordinary user can easily place malicious file in the current folder like in Shared Documents. So when another user with privileged rights opens the document in the same directory, then this directory will become the Current Directory for the machine it will search for the DLLs before the system directory and hence allowing the ordinary user to operate the machine with privileged rights. Now one may ask that simply placing the DLL in the shared directory or a web cache will not allow it to be loaded, for the DLLs to be loaded they must be kept in either of system directory, the application directory or a path provided by the application that tries to load the DLL. So the answer is that being able to write to system and application file space already implies administrator privileges so there would be no need for DLL spoofing. Hence it arises the need of online security against the spoofing and accessing to administrator privileges. Now one may ask that simply placing the DLL in the shared directory or a web cache will not allow it to be loaded, for the DLLs to be loaded they must be kept in either of system directory, the application directory or a path provided by the application that tries to load the DLL. So the answer is that being able to write to system and application file space already implies administrator privileges so there would be no need for DLL spoofing. Hence arises the need of online security against the spoofing and accessing to administrator privileges. 6.4 PROTECTION: Microsoft Windows install auxiliary services like FTP server, telnet and web server which are not critical. If those services which are not needed by the administrator are removed then the threat is reduced at once. Microsoft, which we already know seems to have greatest problem with spoofing, tries to solve this problem using their Microsoft Authenticode Certificates. Well Microsoft needs to update DLLs continuously as outdated DLL could be dangerous in this world of hackers.Now the question arises that how we know that this DLLs are updated. Microsoft solved this problem with Microsoft 2000, by digitally signing the drivers by Windows Hardware Quality Lab(WHQL) tests. The drivers that passed were given a Microsoft digital signature. As mentioned earlier, in the present time this signing is done with Microsoft Authenticode Certificates. An authorized signer is used for these purpose which is known as thwarted. In present time many designers came up with a variety of tamper resistance. They concluded that even though a particular approach may seem effective, only Microsoft would have the resources, scope and platform control to make it practical . Here are two concepts which contain handling of drivers: Protected Path: Specifically known as PVP (Protected Video Path) and PUMA (Protected User Mode Audio). These are the mechanism used to support DRM (Digital Rights Management) rules about safe content presentations. Protected Environment: It is a kernel mechanism to ensure that kernel-mode drivers are safe for protected contents. These drivers should be signed by Microsoft and must implement specific security functions. All the kernel-mode drivers should be signed to ensure there safe origin and also that they are not tampered with. New mechanisms like OCP (Output Content Protection) are used in the versions after Windows Vista. Though at higher level OCPs Protected Path and Protected Environment make sense but it includes great complexity, management process and supporting infrastructure. Also implementation of OCP means device drivers get numerous new security responsibilities. Going back to DLL, a new complexity is revocation. Authorization is not useful unless it can be revoked when a compromise is discovered. For this Microsoft runs a revocation infrastructure that distributes a Microsoft Global Revocation List to identify no longer authorized driver software. Software revocation is problematic because of potential effect on users who may suddenly be unable to play content through no fault of their own. So revocation is likely to occur well, only after updates are distributed. So we have seen that after all the measures used by Microsoft, there is a long window of content vulnerability SECTION 7 IP SPOOFING 7.1 INTRODUCTION: IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the p

Saturday, July 20, 2019

Death Penalty Essay -- essays research papers

The death penalty is the ultimate cruel, inhuman and degrading punishment, and violates the right to life. It's hard for me as a Swede to understand that a country such as USA still have that kind of punishment. For many people and nations the USA serves as a model, so it is to me very difficult to imagine how you can persuade nations like Burma and China to respect basic human rights when you don't do it yourself. Body A. Concerning the Death Penalty Capital punishment -- the death penalty -- is supposed to select the worst criminals who committed the worst murders and punish them and protect society by taking their lives. In numbers far beyond our greatest fears, innocent people are being convicted of murder and sentenced to death. Nationally, more than 75 innocent people have been freed from death row in the last 20 years. Here in Illinois alone, we've executed 12 and we've exonerated 11. That's almost a 50% error rate on the most fundamental question of guilt or innocence. B. The poor are often represented by incompetent or underfunded lawyers. Some people are on death row not because they committed the worst crimes, but because they had the worst lawyers. In Illinois, as in most places, there are no minimum standards for death penalty defense work. Any lawyer can defend a client in a capital case, with no experience. There is some very good lawyering going on in death penalty cases in Illinois, but there's also some very bad lawyering. C. The death penalty is e...

Step into my ParlorÃ¢â‚¬Â¦ : Perceptions of Cultural Survival among the Kyapo and Yanomani :: Essays Papers

Step into my ParlorÃ¢â‚¬ ¦ : Perceptions of Cultural Survival among the Kyapo and Yanomani When caught in the web of global media, the Ã¢â‚¬Å"cultural survivalÃ¢â‚¬ of indigenous communities becomes a potent international issue. As affirmed in a 1997 UN declaration, international communities receive, Ã¢â‚¬Å"with gratitude, the message of harmony and respect for all life brought to us by ancient [indigenous] people whose culture mayÃ¢â‚¬ ¦make a worthy contribution to the world communityÃ¢â‚¬ (Neizen 2). With the Ã¢â‚¬Å"politics of shameÃ¢â‚¬ winnowing away at the public integrity of Brazil, the two cultures of the Kayapo and Yanomami are strategically set in the international web as endangered peoples suffering Ã¢â‚¬Å"onslaught of civilizationÃ¢â‚¬ , yet still worth some Ã¢â‚¬Å"contribution to the worldÃ¢â‚¬ . Yet to what degree is their Ã¢â‚¬Å"worthy contributionÃ¢â‚¬ qualified by dominant international definitions of their Ã¢â‚¬ËœcultureÃ¢â‚¬â„¢? The global reception of "threatened" indigenous cultures is colored with pre-existing values and assumptions. In contrast to the dominant consumerist culture pulsing in global politics, indigenous groups are seen to offer elements of fantasy rather than diplomacy, and provide a kick-back to the Ã¢â‚¬Å"primitiveÃ¢â‚¬ ideology of early man. As the general public enjoys indigenous romanticism like a favorite Hollywood movie, romanticizing indigenous cultures through media is quite common. Yet, romanticism creates an indigenous cultural dichotomy. Sustained interaction with governments broker change among indigenous people and elements of culture assimilate. Interaction provokes Kayapo demands for goods Ã¢â‚¬Å"from fish hooks to cooking potsÃ¢â‚¬ (Rabben 48). The Kayapo became dependent on whites Ã¢â‚¬Å"for goods they wanted but had no way of producing themselvesÃ¢â‚¬ (47). Dominant society assumes that Ã¢â‚¬Å"cultural survivalÃ¢â‚¬ is only achieved by preserving a static and untransformed people. To safe guard indigenous authenticity and exotic appeal, the common assumption is such that native ways of life must not be influenced or changed in anyway. However, to survive as a people in the modern world, indigenous cultures must be aware of their civil rights, for negotiations with imperialistic governments are essential. In 1981, the Kayapo were cheated out of 99.99% of their mining profits because they did not know Ã¢â‚¬Å"enough arithmetic to perceive the trickÃ¢â‚¬ in the white manÃ¢â‚¬â„¢s contract (71). Only after years of litigation were they able to win 5% profit. The Yanomami are constantly pressured to Ã¢â‚¬Å"assimilate into Brazilian society as the poorest of the poorÃ¢â‚¬ rather than remain a fractioned culture (86). Ã¢â‚¬Å"Cultural survivalÃ¢â‚¬ thus becomes a question of protecting the collective rights of an indigenous people from governmental abuse, while educating the people to the extent that they people may choose and protect their own future in a world of inescapable influence.

Friday, July 19, 2019

The Farm Essay -- Personal Narrative Writing

The Farm In the summer, the creek bubbles and the leaves are in bloom. In the winter that same creek is frozen and everything around it is blank and barren. The memories for me in this part of the world are unforgettable, even though some are happier than others. I can still remember a particular dreadful event on the farm like it was yesterday. I was walking through the house on a hot summer day. I dare not go outside because I knew I'd die of heat exhaustion. In the house alone were my sister and I. My mother had run into town to do some errands, and my dad was out on the farm doing some chores. The phone rang and I casually picked it up. It was my dad. Ã¢â‚¬Å"Adam,Ã¢â‚¬ he said, sort of anxiously, Ã¢â‚¬Å"I need you to come down the lane and give me a hand.Ã¢â‚¬ My sister was listening in on the conversation as usual, and my Dad dared not to give me any specifics because he knew of this. As I apathetically told him yes, I went on to the porch, grabbed some shoes and wondered what on earth he could possibly need help with. I stepped outside and the burning sun immediately attacked me. I had no doubt that if my Dad needed a hand with some hard work it would be dreadful. Just two weeks earlier he needed me to help him put some barbed wire on some fence posts. It was an awful job, and may have been the worst two hours of my life. I had helped my Dad on the farm throughout my childhood, and I knew by the particularly terrible jobs I had to help him with before, that I should always fear when he asked for help. I hopped into my steaming hot truck and started back down the lane. As I drove down further back, I remembered the terrifying tornado that had struck our house, and had ripped an entire line of trees out of the ... ...m high school here. I had also spent times playing make-believe with my brother during my elementary years. I had even gone as far as attempting to raft down the little flooded creek. What a great place, how could I ever forget it? We dug a hole right under some old, dried up looking trees. We threw her down about three feet and buried her. The one animal that had been important throughout my entire childhood was now gone. The one place that was important my whole childhood, I was about to leave. The trees, the grass, the creek and the lane, so important, yet it was time to leave them. As I had left Patch, I had left the farm. I havenÃ¢â‚¬â„¢t been on the farm behind my house for the two years since PatchÃ¢â‚¬â„¢s death. I guess it was time for me to grow up. I miss my dog, and I miss being young. But life goes in circles, and itÃ¢â‚¬â„¢s always time to start anew.