Tuesday, November 10, 2009

JAVA

Variables on Java

A typical program uses various values and these values keep changing while the program is running. For example, you create a program that is used to perform calculations, the values entered by one user will obviously be different from the values entered by another user. This also means that, when creating the program, you cannot know all possible values that will be entered in your program. You should still be able to manage the values that the users will eventually enter in your program.

If you create a program used to perform calculations as introduced above, when a user enters a new value that would be involved in the calculation, to manage that value, you can (temporarily) store it in the computer memory. Since the values entered in a reserved memory area change regularly, they are called variables. Because neither you nor the compiler can predict all possible values that would be used, there are safeguards you can use. First, you must ask the compiler to reserve an area of memory for a value you intend to use. Asking the compiler to reserve an area of memory is referred to as Declaring a Variable. Remember that when you declare a variable, the compiler reserves an area of the compiler memory for you. Eventually, you can put the desired but appropriate values in that memory space.

After declaring a variable, when you need the value stored in its memory area, you can ask the compiler to retrieve it and hand it to you. To effectively handle this transaction, the compiler would need two pieces of information from you: a name of your choice for the memory area that will be reserved, and the type of value that will be stored in that area of memory. Based on this, the formula to declare a variable is:

TypeOfValue VariableName

As done in some languages like Pascal or Basic, we will start with the name.

The Name of a Variable

When you want the compiler to reserve an area of memory for some values used in your program, you must set a name, also called an identifier, that will allow you to refer to that area of memory. The name can be anything of your choice but there are rules you must follow:

  • The name of a variable can be made of one letter (a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, or Z) only
  • The name of a variable can start with a letter, an underscore "_", or the dollar sign $. The name cannot start with a digit. If the name starts with an underscore, the second character must be an alphabetical letter
  • After the first character, the name of the variable can include letters, digits (0, 1, 2, 3, 4, 5, 6, 7, 8, or 9), or underscores in any combination
  • The name of a variable cannot be one of the words that the Java languages has reserved for its own use. A reserved word is also called a keyword. This means that you cannot use one of the following keywords to name your variable:

Beyond these rules as a foundation, you can add yours. For example, we will follow suggested standards of the Java documentation. The rules will follow are:

  • A name will start with a letter in lowercase. Examples are age, f4, name, g_14, country
  • When a name is a combination of words, only the first name will start in lowercase. Examples are firstName, dateOfBirth, pi_314159
  • When the name is an abbreviation, we will use uppercase on all characters. Examples are EAU, UN, CIA, NSA
Variable Initialization

After declaring a variable, you can store a value in the memory reserved for it. When you have just declared a variable, it may not hold a significant value. To know the value it has, you should put an initial value into that memory space. Putting an initial value is referred to as initializing the variable.

To initialize a variable, on the right side of its name, type the assignment operator, followed by the value you want to put in the reserved memory. As we will see in the next few sections, you cannot and should not put just any type of value in a variable. We will see that there are different types used for different variables.

After declaring a variable and once it has a value, to display that value, you can provide the name of the variable to the parentheses (in future lessons, we will learn that this is referred to as passing) of the System.out.print() method.

Source : http://www.functionx.com/java

Thursday, June 4, 2009

Wireless Spoofing

There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

MAC Address Spoofing

The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

Typical APs control access by permitting only those stations with known MAC addresses. Either the attacker has to compromise a computer system that has a station, or he spoofs with legitimate MAC addresses in frames that he manufactures. MAC addresses are assigned at the time of manufacture, but setting the MAC address of a wireless card or AP to an arbitrary chosen value is a simple matter of invoking an appropriate software tool that engages in a dialog with the user and accepts values. Such tools are routinely included when a station or AP is purchased. The attacker, however, changes the MAC address programmatically, sends several frames with that address, and repeats this with another MAC address. In a period of a second, this can happen several thousand times.

When an AP is not filtering MAC addresses, there is no need for the attacker to use legitimate MAC addresses. However, in certain attacks, the attacker needs to have a large number of MAC addresses than he could collect by sniffing. Random MAC addresses are generated. However, not every random sequence of six bytes is a MAC address. The IEEE assigns globally the first three bytes, and the manufacturer chooses the last three bytes. The officially assigned numbers are publicly available. The attacker generates a random MAC address by selecting an IEEE-assigned three bytes appended with an additional three random bytes.

IP spoofing

Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

The IP layer of the OS simply trusts that the source address, as it appears in an IP packet is valid. It assumes that the packet it received indeed was sent by the host officially assigned that source address. Because the IP layer of the OS normally adds these IP addresses to a data packet, a spoofer must circumvent the IP layer and talk directly to the raw network device. Note that the attacker’s machine cannot simply be assigned the IP address of another host X using ifconfig or a similar configuration tool. Other hosts, as well as X, will discover (through ARP, for example) that there are two machines with the same IP address.

IP spoofing is an integral part of many attacks. For example, an attacker can silence a host A from sending further packets to B by sending a spoofed packet announcing a window size of zero to A as though it originated from B.

Frame Spoofing

The attacker will inject frames that are valid by 802.11 specifications, but whose content is carefully spoofed as described above.

Frames themselves are not authenticated in 802.11 networks. So when a frame has a spoofed source address, it cannot be detected unless the address is wholly bogus. If the frame to be spoofed is a management or control frame, there is no encryption to deal with. If it is a data frame, perhaps as part of an on-going MITM attack, the data payload must be properly encrypted.

Construction of the byte stream that constitutes a spoofed frame is a programming matter once the attacker has gathered the needed information through sniffing and probing. There are software libraries that ease this task. Examples of such libraries are libpcap (sourceforge.net/projects/libpcap/), libnet (libnet.sourceforge.net/), libdnet (libdnet. sourceforge.net/) and libradiate (www.packetfactory.net/projects/libradiate/ ).

The difficulty here is not in the construction of the contents of the frame, but in getting, it radiated (transmitted) by the station or an AP. This requires control over the firmware and driver of the wireless card that may sanitize certain fields of a frame. Therefore, the attacker selects his equipment carefully. Currently, there are off-the-shelf wireless cards that can be manipulated. In addition, the construction of special purpose wireless cards is within the reach of a resourceful attacker.

Source : http://www.cs.wright.edu