Network Security

For the first few decades of their existence, computer networks were primarily used by university researchers for sending e-mail and by corporate employees for sharing printers. Under these conditions, security did not get a lot of attention. But now, as millions of ordinary citizens are using networks for banking, shopping, and filing their tax returns, network security is looming on the horizon as a potentially massive problem. In this chapter, we will study network security from several angles, point out numerous pitfalls, and discuss many algorithms and protocols for making networks more secure.

Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned with making sure that nosy people cannot read, or worse yet, secretly modify messages intended for other recipients. It is concerned with people trying to access remote services that they are not authorized to use. It also deals with ways to tell whether that message purportedly from the IRS saying: Pay by Friday or else is really from the IRS and not from the Mafia. Security also deals with the problems of legitimate messages being captured and replayed, and with people trying to deny that they sent certain messages.

Network security problems can be divided roughly into four closely intertwined areas: secrecy, authentication, nonrepudiation, and integrity control. Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. This is what usually comes to mind when people think about network security. Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. Nonrepudiation deals with signatures: How do you prove that your customer really placed an electronic order for ten million left-handed doohickeys at 89 cents each when he later claims the price was 69 cents? Or maybe he claims he never placed any order. Finally, how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit or concocted?

All these issues (secrecy, authentication, nonrepudiation, and integrity control) occur in traditional systems, too, but with some significant differences. Integrity and secrecy are achieved by using registered mail and locking documents up. Robbing the mail train is harder now than it was in Jesse James' day.

Also, people can usually tell the difference between an original paper document and a photocopy, and it often matters to them. As a test, make a photocopy of a valid check. Try cashing the original check at your bank on Monday. Now try cashing the photocopy of the check on Tuesday. Observe the difference in the bank's behavior. With electronic checks, the original and the copy are indistinguishable. It may take a while for banks to learn how to handle this.

PHP Networking Functions

People authenticate other people by recognizing their faces, voices, and handwriting. Proof of signing is handled by signatures on letterhead paper, raised seals, and so on. Tampering can usually be detected by handwriting, ink, and paper experts. None of these options are available electronically. Clearly, other solutions are needed.

Before getting into the solutions themselves, it is worth spending a few moments considering where in the protocol stack network security belongs. There is probably no one single place. Every layer has something to contribute. In the physical layer, wiretapping can be foiled by enclosing transmission lines in sealed tubes containing gas at high pressure. Any attempt to drill into a tube will release some gas, reducing the pressure and triggering an alarm. Some military systems use this technique.

Introduction to Cryptography

Historically, four groups of people have used and contributed to the art of cryptography: the military, the diplomatic corps, diarists, and lovers. Of these, the military has had the most important role and has shaped the field over the centuries. Within military organizations, the messages to be encrypted have traditionally been given to poorly-paid, low-level code clerks for encryption and transmission. The sheer volume of messages prevented this work from being done by a few elite specialists.

Until the advent of computers, one of the main constraints on cryptography had been the ability of the code clerk to perform the necessary transformations, often on a battlefield with little equipment. An additional constraint has been the difficulty in switching over quickly from one cryptographic method to another one, since this entails retraining a large number of people. However, the danger of a code clerk being captured by the enemy has made it essential to be able to change the cryptographic method instantly if need be. 

The messages to be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is collectively known as cryptology.

The nonsecrecy of the algorithm cannot be emphasized enough. Trying to keep the algorithm secret, known in the trade as security by obscurity, never works. Also, by publicizing the algorithm, the cryptographer gets free consulting from a large number of academic cryptologists eager to break the system so they can publish papers demonstrating how smart they are. If many experts have tried to break the algorithm for 5 years after its publication and no one has succeeded, it is probably pretty solid.

Since the real secrecy is in the key, its length is a major design issue. Consider a simple combination lock. The general principle is that you enter digits in sequence. Everyone knows this, but the key is secret. A key length of two digits means that there are 100 possibilities. A key length of three digits means 1000 possibilities, and a key length of six digits means a million. The longer the key, the higher the work factor the cryptanalyst has to deal with. The work factor for breaking the system by exhaustive search of the key space is exponential in the key length. Secrecy comes from having a strong (but public) algorithm and a long key. To prevent your kid brother from reading your e-mail, 64-bit keys will do. For routine commercial use, at least 128 bits should be used. To keep major governments at bay, keys of at least 256 bits, preferably more, are needed.

From the cryptanalyst's point of view, the cryptanalysis problem has three principal variations. When he has a quantity of ciphertext and no plaintext, he is confronted with the ciphertext-only problem. The cryptograms that appear in the puzzle section of newspapers pose this kind of problem. When the cryptanalyst has some matched ciphertext and plaintext, the problem is called the known plaintext problem.

The next improvement is to have each of the symbols in the plaintext, say, the 26 letters for simplicity, map onto some other letter. For example,

plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z

ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M

The general system of symbol-for-symbol substitution is called a monoalphabetic substitution, with the key being the 26-letter string corresponding to the full alphabet. For the key above, the plaintext attack would be transformed into the ciphertext QZZQEA.

Read More

Program Yahoo! with PHP 5

Take advantage of some of the latest features in PHP to quickly add Yahoo! data to PHP-powered pages.

The recursively named PHP Hypertext Processor language is a popular choice for building dynamic web applications. In fact, Yahoo! itself has made PHP its development platform of choice across the company.

 The PHP platform is continually evolving, and the latest version Version 5 includes a handy XML parser called SimpleXML. As the name implies, it's easy to work with. And as long as the XML that SimpleXML is parsing is fairly simple, it's the perfect tool for getting XML data into objects PHP can easily manipulate.

Yahoo! Search Web Services responses definitely qualify as simple XML, and this hack shows how easy it is to request and parse this data with PHP. You'll need PHP 5 for this hack, but you won't need any external modules.

<?php
// yahoo_search.php
// Accepts a search term and shows the top results.
// Usage: yahoo_search.php?p=<Query>
//
// You can create an AppID, and read the full documentation
// for Yahoo! Web Services at http://developer.yahoo.net/

// Set your unique Yahoo! Application ID
$appID = "insert your app ID";

// Grab the incoming search query, and encode for a URL
$query = $_GET['p'];
$query = urlencode($query);

if ($query == "") { 
 print "usage: yahoo_search.php?p=&lt;Query&gt;"; die;
}

// Construct a Yahoo! Search Query with only required options
$language = "en";
$req_url = "http://api.search.yahoo.com/";
$req_url .= "WebSearchService/V1/webSearch?";
$req_url .= "appid=$appID";
$req_url .= "&query=$query";
$req_url .= "&language=$language";

// Make the request
$yahoo_response = file_get_contents($req_url);

// Parse the XML
$xml = simplexml_load_string($yahoo_response);

// Initialize results counter
$i = 0;
?>
<html>

<body>
<h2>Yahoo! Search Results</h2>
<ol>
<?php
// Loop through the items returned, printing them out
foreach ($xml->Result as $result) {
 $i++;
 $title = $result->Title;
 $summary = $result->Summary;
 $summary = preg_replace("/</i","&lt;",$summary);
 $clickurl = $result->ClickUrl;
 $url = $result->Url;
 print "<li><div style=\"margin-bottom:15px;\">";
 print "<a href=\"$clickurl\">$title</a><br />";
 print "$summary<br />";
 print "<cite>$url</cite></div></li>\n";

}
?>
</ol>
-- Results Powered by Yahoo!
</body>
</html>

This script uses the value of the querystring variable p to build a Yahoo! Web Search request URL and fetches the XML with the file_get_contents() function. Once the script has the XML in the $yahoo_response string, it calls the SimpleXML function simplexml_load_string( ), which parses the XML and makes the data available to PHP as an object. Finally, the script loops through the objects, using print to send the data to the browser.

To run the script, point your web browser to the location of the script on your server and add the querystring variable p:

http://example.com/yahoo_search.php?p=insert word

You can add multiple words by encoding spaces for URLs. For example, here's the search string for "PHP encoding":

http://example.com/yahoo_search.php?p=PHP%20encoding

As the results indicate, you can read the official documentation for PHP's 
SimpleXML function at http://www.php.net/simplexml. With this function, working with 
Yahoo! Search Web Services data is much more 
intuitive than with earlier versions of PHP. 

Read More

Add a Yahoo! Bookmark with One Click

Speed up the process of adding sites to your Yahoo! Bookmarks with a browser bookmark and a bit of JavaScript.

Yahoo! Bookmarks are an easy way to share a list of web sites across several computers. If you have a set of sites you like to visit from home, the office, a friend's house, or any other place you might find yourself in front of a computer, they'll always be just a few clicks away at your Yahoo! account, instead of trapped inside your browser at home.

Unfortunately, setting up this list of sites for the first time can be time-consuming. After logging into My Yahoo!, you must find your bookmarks (usually in the upper-right corner); click Add; copy and paste the site URL, name, and any comments into the form; and click the Save button. This might not sound too labor intensive, but it amounts to quite a few steps if you're adding more than a few sites.

If you've installed the Yahoo! Toolbar, you might have already experienced the joy of one-click Yahoo! Bookmarks. On any web page, you can click the Add Bookmark button to add a site. From then on, the site will be available at your Yahoo! Bookmarks. If you don't want to install the Yahoo! Toolbar (to save browser real estate) but still want the convenience of adding bookmarks, you can build your own JavaScript bookmarklet and add it to your browser's bookmarks toolbar to get the same one-click effect.

A bookmarklet is a bit of JavaScript code stored in a web browser bookmark. Bookmarklets give you a way to run code that can interact with the current page in the browser. For example, bookmarklets can change the size and colors of fonts on a page, open new browser windows, or extract information about the current page. With bookmarklets, you're in control of the script, because it runs when you click the bookmark.

In order to implement this hack, the only thing you'll need is a browser that has bookmarks and understands JavaScript. Don't worry, that covers just about every web browser!

the functioning bookmarklet code will be formatted without linebreaks or spaces.

// Dissected JavaScript bookmarklet for one-click Yahoo! Bookmarks
 
 // Set d to the document object as a shortcut
 var d = document;

 // Set t to the currently selected text, if available
 var t = d.selection?d.selection.createRange( ).text:d.getSelection( );

 // Build the URL that will add a bookmark to Yahoo! Bookmarks
 var url = 'http://e.my.yahoo.com/config/edit_bookmark?';
 url += '.src=bookmarks&';
 url += '.done=http%253a%2F%2Fe.my.yahoo.com/config/set_bookmark&';
 url += '.folder=1&';
 url += '.action=ab&';
 url += '.display=1&';
 url += '.protocol=http%3A%2F%2F&';

 // include the URL of the current page
 url += '.url='+escape(d.location.href)+'&';

 // include the title of the current page
 url += '.name='+escape(d.title)+'&';

 // include any selected text of the current page as a comment
 url += '.comment='+escape(t)+'&';
 url += '.save=+Save+';

 // open a new window to add the bookmark and show the results
 window.open(url,
    '_blank',
    'width=640,height=440,status=yes,resizable=yes,scrollbars=yes');

Take a look at the bold querystring variables in the code. These are the primary elements of the Yahoo! URL we're concerned with. Here's a quick look at what each variable represents:

.done

The URL to display after the action is completed.

.folder

The ID of the folder in which you'd like the bookmark to be included. If you don't have multiple folders, use 1, which is the default.

.url

The URL of the site you're adding as a bookmark.

.name

The name of the site you're adding as a bookmark.

.comment

Some arbitrary text that is associated with the bookmark.

Read More

Samsung Galaxy K zoom

Samsung has unveiled the Galaxy K zoom cameraphone a week ago. It's a successor of the Galaxy S4 zoom from last year and couples the Galaxy S5 design with a 20.7MP camera with 10x optical zoom. Samsung has already detailed the official pricing and availability - the Galaxy K zoom should hit the shelves across Europe in mid-May for €499.

As it turns out the retail price for Germany will be higher, though. Samsung has just issued a press release for Germany, where it says the official price for the Galaxy K zoom is €519. The availability stays the same - mid-May. This is quite interesting. Germany is the only EU country (so far), where the Sony Xperia Z2 costs less - €679 instead of €699.
Samsung galaxy note-3

Read More

Nokia HERE apps for Android and iOS

There's strong evidence to believe that Nokia plans on releasing their collection of HERE apps for Android and iOS. The Finnish company released two job postings that call for mobile software engineers who have experience in iOS and Android application development.

 Check out the postings below: "As an Android / iOS developer you will be a key member of our growing mobile engineering team, developing industry-leading mobile SDKs / applications. This is an experienced position that requires fluency in the latest Java capabilities and improvements in the Android and iOS  SDK. The ideal candidate is motivated to explore and deliver the best possible solutions to our customers The ideal candidate will have experience shipping one or more Android / iOS apps, currently on Google Play / Apple Store. You should have a strong passion for technology as evidenced by your personal projects that demonstrate your aptitude for superior engineering and strong customer-centric product sense. You should enjoy working outside the comfort zone and love to learn new technologies.

The position will be based in Berlin / Frankfurt and will report to the Tem Lead Development team Mobile SKDs for Business, HERE Platform for Business." There's also a second job posting that calls for a specific Android mobile developer: "We are now looking for a Mobile App Developer (Android) to join our team. In this role, you will be responsible for: •Working directly with developers, product management and UX Design to conceptualize, build, test and deliver mobile products •Deliver across the entire app life cycle -concept, design, build, deploy, test, release to app stores and support •Build prototypes at tech scoping stage of projects •Working along the web developers to create and maintain a robust framework to support the apps •Working with the front end developers to build the interface with focus on usability features •Keep up to date on the latest industry trends in the mobile technologies •Explain technologies and solutions to technical and non-technical stakeholders" From the two job descriptions, it seems that Nokia plans on bringing the entire HERE experience to both Android and iOS, and not just their navigation and maps software. This is a smart move on Nokia's part, as the more users they're able to get invested in their services,

Read More

Samsung Galaxy Note 3

An updated Samsung catalog for South Korea has revealed two new color choices for the Samsung Galaxy Note 3 Neo. The phablet will soon hit its home market in pink and red flavors, but there's no further information on when exactly that will happen. It also highly probable for the new hues to be part of an upcoming Galaxy Note 3 Neo La Fleur line-up. Sadly, we don't know if the new color choices will make it outside South Korea, but history has proved they'll eventually launch internationally, too.

 The Samsung Galaxy Note 3 Neo launched in the last day of January this year. It packs a 5.5" 720p Super AMOLED display, 2GB of RAM, 16GB of built-in memory. It's powered by a hexa-core chipset, which consists of two 1.7GHz Cortex-A15 cores and four 1.3GHz Cortex A7 cores, while the HSPA+ features a 1.6GHz quad-core Cortex-A7 CPU.

Read More

Samsung Galaxy S5 Developer Edition

Samsung has released a Developer Edition of the Galaxy S5 smartphone and it is available exclusively on Verizon. The difference between this model and the standard model is that the Developer Edition comes with an unlocked bootloader, facilitating flashing custom ROMs on the device.

 The phone is being sold for $599 contract free, although the phone is still locked to Verizon's network. The Developer Edition will only be available in 16GB configuration in Charcoal Black.

Read More

The HTC One - is a properly pretty phone

one that has a design so sleek that it looks great in just about any color. However, that shouldn't be an excuse not to offer us more choice and we are glad to report HTC is not using it. We've got a press photos of yet another hue that is going to join the HTC One (M8) palette - Pink. The distinctly feminine color is said to launch this year, but that's as specific as the info from the source gets.

We are even not sure if the pink color will be available before or after the red version we heard about earlier. Anyway, whenever that happens the total number of available HTC One (M8) colors will be brought to five. The smartphone launched in the more classical Gunmetal grey, Amber gold and Glacial silver versions, while the two new colors will add some more punchiness to its design. We've also heard rumors of a blue version coming, but there has been nothing solid on that one just yet.

Read More

LG G3 posted on Twitter

Alleged image of LG G3 posted on Twitter reveals that the upcoming Android powerhouse will be available with brushed metal finish. The photo was posted on the social network by @evleaks. The latest LG G3 leaked image (click to enlarge) The leaked image comes with a message that the LG G3 will not be prone to fingerprints, thus addressing one of its predecessor's shortcomings. The LG G2 as we noted in our review, is highly susceptible to smudges.Japanese market LG -g3

The leaked image does not mean that the LG G3 will sport brushed metal finish like the HTC One (M8). We expect the handset to be made of polycarbonate with the special treatment. LG G3 has already appeared on a number of occasions. The smartphone will be officially unveiled later this month, on May 27 with 5.5" QHD display, Qualcomm Snapdragon 801 SoC,LG lucid 3.

LG l80 magic
LG g3 screenies

Read More

iTunes And iPod Software

iTunes & iPod Software -

Come to CNET Download.com for free and safe iTunes & iPod Software downloads and reviews including iPod Backup, iPod Utilities, iPod Video Software and many more.

iTunes Utilities for Windows

The most downloaded iTunes Utilities software, including AnyMP4 iPhone Data Recovery, Wondershare Dr.Fone for iOS, and Xilisoft iPhone Transfer

Other iTunes & Ipod Software for Windows

The most downloaded Other iTunes & Ipod Software software, including Apple iTunes, RecBoot, and ReiBoot

iPod Utilities for Windows

The most downloaded iPod Utilities software, including CopyTrans Photo, iTools, and CopyTrans Drivers Installer

iPod Backup for Windows

The most downloaded iPod Backup software, including CopyTrans, CopyTrans Contacts, and TinyUmbrella

Read More