Lecture-2-3

 Write a short note on marketplace for vulnerabilities.

1. Vulnerable consumers fail to understand their preferences and lack the
knowledge, skills, or freedom to act on them.
2. To protect them, we can censor information, restrict choices, and mandate
behaviours.
3. One-fifth of the public is functionally illiterate and substantial majority of
consumers (adolescents included) appear to be marketplace literate.
4. Rather than curtail consumer prerogatives to protect a vulnerable minority,
education reform focused on the values, knowledge, and skills necessary to
create and navigate responsive markets should be developed.
5. Reformed adult and adolescent education can refine, expand, and accelerate
learner’s informal and experiential understanding of marketplace fundamentals.
6. The aim is to significantly replace trial and error with a robust understanding of
markets, markets habitually governed by social virtues.
7. Evidence suggests that these aims can be better achieved via adolescent choice
and should be the focus of adult basic education reform.

 How can we defend zero-day vulnerabilities?

1. A zero-day vulnerability is a computer software vulnerability that is unknown
to, or unaddressed by, those who should be interested in mitigating the
Vulnerability (including the vendor of the target software).
2. Until the vulnerability is mitigated, hackers can exploit it to adversely affect
computer programs, data, additional computers or a network.
3. An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack.
4. The term ‘zero-day’ referred to the number of days since a new piece of
software was released to the public. So, ‘zero-day’ software was software that
had been obtained by hacking into a developer’s computer before release.
5. The term was applied to the vulnerabilities that allowed this hacking, and to the
number of days that the vendor has had to fix them.
6. Once the vendor learns of the vulnerability, the vendor will usually create
patches or advise workarounds to mitigate it.
7. The more recently that the vendor has become aware of the vulnerability, the
more likely that no fix or mitigation has been developed.
8. Even after a fix is developed, the fewer the days, the higher the probability that
an attack against the afflicted software will be successful, because not every
user of that software will have applied the fix.
9. For zero-day exploits, unless the vulnerability is inadvertently fixed, For
example, by an unrelated update that happens to fix the vulnerability,
the probability that a user has applied a vendor-supplied patch that fixes the
problem is zero, so the exploit would remain available.

 Discuss error 404 hacking digital India part 1 chase.

1. In error 404 hacking digital India part 1 chase, the cyber crime and cyber attacks hack
the information of users like bank detail and personal information.
2. It is real time incident. In this, attacker or hacker creates an attractive video so that
victim gets attracted and plays that video into system.
3. When we clicked on video to play then at the time of buffering, hacker can know our
current location and GPS history but also have complete access to our contacts, text
messages, Facebook, Whatsapp and most importantly our bank details, including our
CVV number.
4. Hackers are creating a kind Trojan file, and android apk files. The apk files that will be
distributed all over the internet. Those who download this file will be hacked easily.
5. Potential cyber attacks that is most common in error 404 hacking :--

a. Web application attacks :

i. A web application is a client-server computer program which uses web browsers and
web technology to allow its visitors to store and retrieve data to/from the database
over the internet.
ii. If there is flaw in the web application, it allows the attacker to manipulate data using
SQL injection attack.
b. Network security attacks :
i. Network security attacks are unauthorized actions against private, corporate or
governmental IT assets in order to destroy them; modify them or steal sensitive data.
ii. As more enterprises invite employees to access data from mobile devices, networks
become vulnerable to data theft or total destruction of the data or network.
c. Mobile security attacks :
i. Mobile security, or mobile device security, has become increasingly important in
mobile computing.
ii. The security of personal and business information now stored on smart phones.
iii. More and more users and businesses use smart phones to communicate, but also to
plan and organize their users' work and also private life.
iv. Within companies, these technologies are causing profound changes in the
organization of information systems and therefore they have become the source of
new risks.
v. Indeed, smart phones collect and compile an increasing amount of sensitive
information to which access must be controlled to protect the privacy of the user and
 the intellectual property of the company.

 Discuss control hijacking in computer security.

1. Hijacking is a type of network security attack in which the attacker takes control
of a communication.
2. In hijacking (also known as a man in the middle attack), the perpetrator takes
control of an established connection while it is in progress.
3. The attacker intercepts messages in a public key exchange and then retransmits
them, substituting their own public key for the requested one, so that the two
original parties still appear to be communicating with each other directly.
4. The attacker uses a program that appears to be the server to the client and
appears to be the client to the server.
5. This attack may be used simply to gain access to the messages, or to enable the
attacker to modify them before retransmitting them.
6. Attacker’s goal in control hijacking :
a. Takeover target machine (for example web server)
b. Execute arbitrary code on target by hijacking application control flow
7. There are three types of control hijacking in computer security :
a. Buffer overflow attacks
b. Integer overflow attacks
c. Format string vulnerabilities

 Buffer overflow attacks in Control Hijacking :

1. Buffers are memory storage regions that temporarily hold data while it is being
transferred from one location to another.
2. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the
storage capacity of the memory buffer.
3. As a result, the program attempting to write the data to the buffer overwrites
adjacent memory locations.
4. Attackers exploit buffer overflow issues by overwriting the memory of an application.
This changes the execution path of the program, triggering a response that damages
files or exposes private information.
5. Following are the types of buffer overflow attacks :
a. Stack-based buffer overflows : These are more common, and leverage stack
memory that only exists during the execution time of a function.
b. Heap-based attacks : These are harder to carry out and involve flooding the
memory space allocated for a program beyond memory used for current runtime
operations.
  How to prevent buffer overflow attack ?
Buffer overflow attack can be prevented using :
1. Address Space Randomization (ASLR) :
a. It randomly moves around the address space locations of data regions.
b. Buffer overflow attacks need to know the locality of executable code, and
randomizing address spaces makes this virtually impossible.
2. Data execution prevention :
It flags certain areas of memory as non-executable or executable, which stops an
attack from running code in a non-executable region.
3. Structured Exception Handler Overwrite Protection (SEHOP) :
a. It helps to stop malicious code from attacking Structured Exception Handling (SEH),
a built-in system for managing hardware and software exceptions.
b. It prevents an attacker from being able to make use of the SEH overwrite
exploitation technique.
c. At a functional level, an SEH overwrite is achieved using a stack based buffer
overflow to overwrite an exception registration record, stored on a thread’s stack.

 Integer overflow attack in Control Hijacking :

1. An integer overflow attack occurs when an attacker causes a value in the program to
be large enough to overflow unexpectedly.
2. A common form of this attack is to cause a buffer to be allocated that is too small to
hold data copied into it later, thus enabling a buffer overflow attack.
3. We are able to detect buffer overflow attacks in the same way as a normal buffer
overflow attack.
4. An integer overflow is the condition that occurs when the result of an arithmetic
operation, such as multiplication or addition, exceeds the maximum size of the
integer types used to store it.
5. When an integer overflow occurs, the interpreted value will appear to have wrapped
around the maximum value and started again at the minimum value, similar to a
clock that represents 13 : 00 by pointing at 1 : 00.

Integer overflow can be prevented by :

1. Avoidance :
a. By allocating variables with data types that are large enough to contain all values
that may possibly be computed and stored in them, it is always possible to avoid
overflow.
b. Static analysis tools and formal verification techniques can be used to ensure that
overflow does not occur.
2. Handling :
If it is anticipated that overflow may occur, then tests can be inserted into the
program to detect when it happens and do other processing to mitigate it.
3. Propagation :
a. If a value is too large to be stored it can be assigned a special value indicating that
overflow has occurred.
b. This is useful so that the problem can be checked for once at the end of a long
calculation rather than after each step.
c. This is often supported in floating point hardware called FPUs.

 Format string vulnerabilities

1. A format string vulnerability is a bug where user input is passed as the format
argument to printf, scanf, or another function in that family.
2. The format argument has many different specifies which could allow an attacker to
leak data if they control the format argument to printf. Since printf and scanf are
variadic functions, they will continue popping data off of the stack according to the
format.
3. For example, if we can make the format argument “%x.%x.%x.%x”, Printf will pop off
four stack values and print them in hexadecimal, potentially leaking sensitive
information.
4. Printf can also index to an arbitrary “argument” with the following syntax: “%n$x”
(where n is the decimal index of the argument we want).

Preventing format string vulnerabilities:

1. Always specify a format string as part of program, not as an input. Most format string
vulnerabilities are solved by specifying “%s” as format string and not using the data
string as format string.
2. Make the format string a constant.
3. If the above two practices are not possible, use defences such as Format_Guard.