Archive for the analysis Category

MATLAB Does Add Up – A 64bit Response

| May 4th, 2010
s2avatarsetting

standards

by

Chung-Hung Tsai

SENCAW | AUTHOR

Matlab and Octave DO support 64 bit unsigned numbers, they don’t support any mathematical operations on them. Computations in matlab/octave are limited as follows because they follow the IEEE standard for binary arithmetic:

  1. matlab does compute64 bits are allocated to a number,
  2. The LSB is N1 (to match with Matlab/Octave nomenclature), MSB is N64
  3. Then N1 is used as a sign bit
  4. N2-N13 are used to store the exponent (ranging from -1021 to 1024)
  5. The remaining bits 52 are used to store the mantissa (the fractional component)

There is no way to perform computations on unsigned 64 bit number – doing so will result in truncation. If your unsigned number exceeds 53bits you’ll begin seeing truncation of your least significant bits.

Here is one cheesy way to do it:

Create a set of functions which convert numbers to string and perform operations on those string (Next Two Code Sources from J. Franco):

Converting to a big int:

[code language="cpp"] function number = toBigInt(n);
number = '';
while n ~= 0
number = [char(mod(n,10)+'0') number];
n = floor(n/10);
end
end[/code]

Adding two big ints:

[code language="cpp"]function s3 = addBigInt(s1,s2);

if length(s1) < 1 && length(s2) < 1 s3 = '0';  % if s1,s2 == [] answer = 0
elseif length(s1) < 1 s3 = s2;        % if s1 == [] then s2 is the answer
elseif length(s2) < 1 s3 = s1;        % if s2 == [] then s1 is the answer
else
carry = 0;                         % define the carry
s3 = '';                           % define the answer
dh = max(length(s1),length(s2));   % maximum number of digits to worry about

% From least significant digit, change digit chars to numbers, add with
% carry to get new carry and new digit, convert new digit back to char
% and stick into solution.  If a number runs out of digits, use 0.
for i=1:dh
if i <= length(s1) n1 = s1(length(s1)+1-i)-'0'; else n1 = 0; end
if i <= length(s2) n2 = s2(length(s2)+1-i)-'0'; else n2 = 0; end
n = n1 + n2 + carry;            % add the ith digits of s1, s2 and carry
carry = floor(n/10);            % save the carry
s3 = [char(mod(n,10)+'0') s3];  % compute the answer digit
end
% If there is a carry at the end, change to char and stick it at front
if carry > 0 s3 = [char(carry+'0') s3]; end
end
[/code]

Get it? – perform your your operations on strings,  when necessary,  split the strings into manageable chunks and change them back to numbers with the correct exponentiation.

It’s possible to do this cleaner and more efficient– this is just a quick and dirty solution.

Posted in access, analysis, code, ieee | No Comments »

Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP

| July 30th, 2009
injectionInsider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies. This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity More
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
injectionIn general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies.
This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity
More

Posted in analysis, code, inection, input, ip, malicious, queries, soap-apache-mysql, sophisticated applications, vulnerability | No Comments »