lunes, 22 de octubre de 2018

Computer Virus Protection

Virus Protection

Conceptual Overview

Imagine having contact with many human beings, getting certain level of connection with every single one of them, every single day of your life. You can imagine that, eventually, you will get sick if you don’t have some precautions (washing your hands, getting your vaccines, keeping your distance, etc.).

When computers interact with other computers, some of them can have a Computer Virus, so they too can get infected, just like us! (sort of).

A Computer Virus is software with malicious intent that replicates itself by modifying other computer programs and inserting its own code. There are many methods in which a computer can get a virus, and there are different Computer Viruses that can have different negative effects on a computer, like accessing private information (your credit card too!), corrupting data (say goodbye to the pictures of your kids), spamming your e-mail contacts, or leaving your computer useless.

Available Methods

Some methods that can help you clean your computer from Viruses, or just to protect it against getting one are:

· Keep your software up to date

o Sometimes software has bugs that can be exploited by hackers, which could be used to infect your computer.

· Don’t click/respond to strange emails

o I’m sorry to tell you, but the Wife of the President of Uganda isn’t contacting you to give you 100 million dollars; you also didn’t win the Bill Gate’s foundation for 50 billion dollars.

· Use an antivirus software

o It’s a program designed to detect and remove viruses from computers and other threats.

· Use a Firewall

o A system designed to prevent unauthorize access to or from a private network.

· Download only from verified places

o Maybe restrain from downloading that movie from a webpage that has 10 different download buttons.

Best Practices

The methods mentioned above, help you protect or remove Viruses from your computer, but you can also do other things to keep your computer away from viruses or to avoid the damages of being infected by a virus:

· Regularly Back Up your computer

o Imagine being able to rewind to the day before you got sick, you could avoid doing the things that got you sick in the first place.

· Use a Strong password

o 1234 or your dog’s name is not enough, you can use software that manages your passwords and create a complex one harder to be hacked.

· Use an Ad-Blocker (or pop-up blocker)

o Some sites love filling your browser with pop-ups, these can lead to your computer to having Virus, so why not avoid them all at once?

Write a solution that's efficient even when we can't put a nice upper bound on the numbers representing our time ranges. Here we've simplified our times down to the number of 30-minute slots past 9:00 am. But we want the function to work even for very large numbers, like Unix timestamps. In any case, the spirit of the challenge is to merge meetings where startTime and endTime don't have an upper bound.

Gotchas

There are some special cases that we must consider:

The cases where the end of a meeting is at the exact same time as the beginning of another different meeting, they should be merged.

For example:

[{x1, x2}, {y1, y2}]

Where x2 = y1

The cases where a meeting is inside the range of another meeting. This means that a meeting starts after another meeting but it also ends before the other meeting ends. A meeting’s range is contained within another meeting range.

For example:

[{x1, x2}, {y1, y2}]

Where y1 > x1 and y2 < x2

The cases that the first meeting takes all of the time of meetings, this means, even if they are other meetings, the first one starts earlier and ends after every other. We still have to check this first one with every other so we don’t leave any meeting without checking it.

For example:

[{x1, x2}, {y1, y2}, {z1, z2}, …, {a1, a2}]

Where x1 < y1, z1, …, a1 and

x2 > y2, z2, …, a2

They told us not to assume that the meeting hours were sorted, so we can have the case that the first meeting in the array matches the last meeting. This means we have to check every combination, even if we don’t want to, because from what the problem gives us and in the way it’s presented, checking every combination is a must.

Breakdown

First, I wrote down the examples given in the problem, I wrote down the special cases explained in the Gotchas and some different ones.

The first way was to put an axis, let’s call it x, that goes from 0 to n, n being the biggest end time.

It would look something like this:

Then we iterate through the complete array, Meeting by Meeting and plot it on the axis.

For example, given [{0,1}, {0,2}, {1,3}, {6,8}]

We plot and have the next result:

We observe that for the first 3 meetings, they all fit through the range [0,3], then there’s some free space without meetings and then we have the range [6,8].

Therefore, we would return [{0,3}, {6,8}].

But this solution is more of a visual one, and computers can’t make the same visual process as I did (not that I know of).

This lead me to change my approach to one that computers are familiar with, numbers.

Solution

Given [{x1, x2}, {y1, y2}]

We know that:

IF x1 <= y2 is TRUE

&& y1 <= x2 is TRUE

Then, the X meeting and Y meeting can be merged.
Why?

It’s pretty simple, if the end time of the second meeting is greater or equal than the start time of the start meeting, this means that the second meeting ends at the same time that the first meeting starts or ends after the meeting.

This is not enough, that’s why we have the AND operator to check if the end time of the first meeting is greater or equal than the start time of the first meeting. These two conditions combined, cover any case in which the two meetings overlap in any time.

This formula will cover every scenario in which the two given meetings can be merged, this includes Gotchas a, b and c.

However, the formula doesn’t tell us the range we have to output by merging two Meetings.
Therefore, we have to:

Compare x1 with y1 to get the minimum (min) value for our new range.

Compare x2 with y2 to get the maximum (max) value for our new range.

With this, we can return a newRange(min, max).

A greedy approach would be to compare every meeting with every meeting to merge as many meetings as possible. We do it with the following:

Given Meetings [{x1, x2}, {y1, y2}, {z1, z2}, {a1, a2}, {b1, b2}]

And so on, and so forth.

This means we have to start from the first element, compare with every single one of the next elements.

Then compare the second element with the next elements and so on.

We merge Meeting1 with Meeting2 if they can be merged and compare that merge with the next iterations, this will save us time and memory, because if we merge Meeting1 with Meeting2, and Meeting2 can be merged with Meeting4 but Meeting1, merging them separately would be a mistake.

Take for example:

[{2,3}, {3,5}, {5,8}]

The result must be [{2,8}].

However, if we do the mistake explained above, we would have as result

[{2,5}, {5,8}]

That takes more memory and we also have to merge that result again, taking more time.

To solve this problem, if two elements can be merged, we merge them and keep comparing that merge to the rest of the elements. After we have the final merge, there’s no need to check those elements with the rest again, so we can skip them.

A pseudo-code for the algorithm explained would be:

For i = 0; i < length ; i++
For j = i; j < length -1; j++
If x1 <= y2 && y1 <= x2 is TRUE
1. Get Minimum from X1 OR Y1
2. Get Maximum from X2 or Y2
3. Merge, newRange(Minimum, Maximum)
4. Set i = j // so you skip this element merged on the iteration, saving time and memory as explained
After iterating j, add newRange to the RESULTS array // after checking every element after the element you’re comparing, this means you return every merge available.
Return array containing all newRanges

Solution complexity

We have a for loop inside another for loop:

for (i = 0; i < meetingsArray; i++){

for (j = i; j < meetingsArray-1; j++){

}

We have n + n-1 + n-2 + … + 1 =

Plus other calculations inside these two for loops, but they don’t add more than the complexity we have for these loops, which is O().

Better solution

If we first sorted the elements of the array from start times, we would have something like this:

[{x1,x2}, {y1,y2}, {z1,z2}]

where x1 <= y1 <= z1

After sorting this way, we would only need to iterate once through the array O(n) and merging the elements that have the same start time. And on another loop, check that, given [{x1, x2}, {y1, y2}], if x2 >= y1.

This means that the start time of the element you’re comparing to, is earlier than the end time of the element you’re comparing with.

An algorithm for this solution would be:

Sort the given array
From the sorted array, iterate through it and merge every element whose startTime is the same. Return newArray.
Iterate through newArray, if the endTime of element1 is >= than startTime of element2, merge them.
If you can’t merge them, this means you won’t be able to merge with any of the rest elements. Add element to RESULT.
Continue iterating.
Return RESULT.

Better solution complexity

The complexity to sort the elements by increasing order is O(n log n)

The complexity of iterating for the first time the sorted array is O(n)

The complexity of iterating the second time the sorted array is O(n)

So we have O(n log n) + O(2n) = O(n log n), which is bad, but still better than O().

Bonus

If we have our ranges with an upper bound to startTime and endTime, if we got an array of Meetings where half of them have an endTime that exceeds the limit, we can halve the computations on this scenario, it would vary from scenario to scenario but we can avoid doing computations that aren’t needed.

What we learned

This problem can easily be solved with a greedy approach, but this would have taken a lot of time for a very long array list. Given the problem specifications, even if you try to get a solution from iterating once from the array, there’s no way to do it.

The problem told us not to assume that the elements were sorted, this gave me the idea to sort them first, and see if now I can only iterate once through the array, to avoid the O() complexity.

Sorting the elements and then iterating the array twice, but at different times (not a loop inside a loop), let me reduce a little bit the complexity, which was a good finding.

miércoles, 2 de mayo de 2018

Cryptography is fun, TC2027

Let's wikipedia:

Cryptography is the practice and study of techniques for secure communication from third parties.
It is about constructing and analyzing protocols that prevent unauthorized access to the message.

Modern cryptography is based on mathematics and computer science, thanks to computers, we have the power to encrypt data and make it 'impossible' for a human to decrypt it.

Getting started
The way I got into cryptography, was with the series "Gravity Falls", they put some hidden messages all over the place, on the intro, at the end of the episode, and they used different encryption methods. It was really fun to try to decypher a code that you found on an episode.
If you know nothing about cryptography, I would recommend to enter the link provided at the end of this document, and to watch the animated series.

Encryption methods
Some encryption methods that were used on Gravity Falls are:

Caesar cipher: substitute the original letter for the nth letter before it. In the case for letters X, Y, and Z, (if n = 3) one would have to cycle through to the beginning of the alphabet.

Atbash cipher: decoded by reversing the letters. (A turns into a Z)
EXAMPLE: World -> D

A1Z26: simple substitution cipher decoded by substituting the nth letter of the alphabet for given number n.

Vigenère cipher: it's a series of Caesar ciphers where each letter shift depends on a key word. Vigenère ciphers use a Vigenère square to encrpyt the message.

These are relatively simple Encryption methods, computers use other methods but I will write about it on another blog, I want this one to be for "begginers".

http://gravityfalls.wikia.com/wiki/List_of_cryptograms

Revolution, TC2027

We need one, we need a revolution on the way we learn.

I am currently developing a project that started with one of our professors, Sergio Hernández.
He started Estación Meiquer to give Social Service hours to ITESM GDA students. I was lucky to be one of them, because it covers topics I really like.
But for about a year now, we wanted to do more than giving Social Service hours, we see that there is a need for kids to change the way they think and the way they learn. We see everyday the consequences of a bad educational system, even here, at my school; there hasn't been a single time where partials are comming, and I see students studying from very specific questions and exercises (it took me a few semesters to realize they were studying from exams). I've seen students that take pictuers of the exam as soon as it's on their hands, before making it and after the professor gives them back so we can check our mistakes. What went wrong? Why is it more important to get an exam or find really clever ways to copy, than actual learning? Why is a number (grade) more important than all the effort someone can make on a whole semester learning by experimentation or research? Why aren't we allowed to make mistakes? We're not perfect, we learn from mistakes, I can tell you that the things I remember or learned the most, are things I struggled with, I had to find a way to solve it or I f*cked up really bad.

Our project is called Estación Meiquer, our goal is for kids to develop skills that, according to the World Economic Forum, will drive the 4^th Industrial Revolution. These skills are:

· Problem solving
· Critical thinking
· Creativity
· Emotional intelligence
· Collaboration

We should stop and think about what we’re learning, having the ability to solve problems on our own and in a creative way. We do so with activities and games, every one of them focuses on at least one of these skills. For every activity, we do the following steps:

Inspire: we inspire the kids with a story or an example of something big that has been made or something important for the activity we will present them.
Imagine: we give them time to imagine what they want to do, to draw whatever their solution is, with the intention to let them explore their imagination and don’t give them any limitations.
Create: now we let kids create the idea they worked on, here they face challenges and roadblocks, we don’t tell them the solutions, we encourage them and guide them to try to solve them on their own.
Share: After they’ve created their idea, we let them share it with their classmates, to make them feel proud of what they made and it’s a space in which they must talk in front of other kids while the attention is on them, they also learn what other kids created.
Play: we give them this free space to play, using what they created, with other kids.

Our intention is to change the lives of these kids, showing them how awesome learning can be and letting them experiment and never be afraid of failing. We want them to fail, we want to show them that when we fail or f*ck up, NOTHING happens, that's the way A LOT of things that we have nowaydays happened. We don't want them competing for a place, or a number, we want them to work at their pace, and believe they are capable of doing great things.

I imagine, if everyone learns this way or is motivated this way, we wouldn't see the things we see even at a school such as ITESM, where students are really, really good... at cheating.

Elevation of Privileges, TC2027

What is Elevation of Privileges?

Elevation of Privileges or Privilege Escalation is exploiting a system or application to gain more access than you normally should have. This means you have the power to do unauthorized actions.

There are two branches of privilege escalation, Horizontal and Vertical.

Horizontal

Access to other user's information or content. It's horizontal because you are in the scope of a user, but you can gain access to other users, this is still gaining more access than you should, but not at a higher level.

Vertical

Access to information or content that should only be accessd by someone with higher access. You stay on your scope, but now you "escalate steps" in the privilege section.

The following image shows the different levels of privileges that a system has.

My favorite example of elevation of privileges:

Jailbreak

I remember I was in highschool when I got my first iPod Touch, it was Christmas and Santa gave me and my brothers an iPod. I was really excited and I opened it on the bathroom, as soon as I took it out of the box, it fell.

I always liekd playing and listening to music on my iPod, but after a while (still in highschool) I discovered that you could "jailbreak" it, letting you add more functionalities and customize your iPod, I didn't know it back then but that was a form of Elevation of Privileges.

Normally, you couldn't do all those things that Cydia allowed you to do, but when you jailbreaked it, you gained control of many things and it felt really nice.

Other methods

This webpage tells more about EoP and ways that it cacn be exploited:

https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/06/07/all-you-know-about-stride-elevation-privilege-threat-eop
Here there are 6 ways to exploit and gain EoP that the webpage mentions:

User Group / Profile Manipulation: In order to get the write access a non-privileged user can create the profile of the legitimate user using different parameters/ profiles/ ids passing in the HTTP request/ response.
Condition value Manipulation. In an environment where the server throws an error message contained as a value in a specific parameter in a set of answer codes. Manipulating those values to get administrative rights.
IP Address Manipulation: Some websites uses IP address to limit the access or log the number of error login based on IP address. For example - If the website uses the value of 'X-forwarded-For' as client IP address, attacker may change the IP value of the 'X-forwarded-For' HTTP header to work around the IP source identification and fulfill the requirements.
URL Traversal: Try to traverse the website and check if some of pages that may miss the authorization check.
White Box: If the URL authorization check is only done by partial URL match, then its likely hackers may workaround the authorization by URL encoding techniques. Ex - endswith(), contains()
Weak Session Id: Weak Session ID has algorithm may be vulnerable to brute Force attack. For example, one website is using MD5 (Password + UserID) as session ID. Then, attacker may manipulate and generate different Session ID in order to get unprivileged access.

There are many methods to gain EoP, but this is something we have to have in mind when we design software, we DON'T want people WITHOUT access to do things they shouldn't.

sábado, 17 de marzo de 2018

Essay of How Not To Be Wrong, The Power of Mathematical Thinking

HOW NOT TO BE WRONG, The Power of Mathematical Thinking is a book written
by Jordan Ellenberg, a Mathematician and a child prodigy, this book focuses on
mathematics, but he approaches it on such a way for everyone to understand even if
they don’t have much mathematical background, while still letting people with
knowledge about mathematics to learn more things without being too easy or too
boring.

“The armor, said Wald, doesn’t go where the bullet holes are. It goes where the
bullet holes aren’t: on the engines.” This is from the second story the author opens the
book with, which is a great example on the purpose of the book and how it develops.
Ellenberg does an excellent job at telling us different stories –that involve mathematics
in one way or another– and teaching us –the readers– some valuable insights.
This second story is about Wald, a member from the Statistical Research Group, he was
considered a mathematician eminence, and he was approached to find the optimum way
to shield planes so they’re not too heavy but they’re protected enough, and his way of
thinking let him realize there was no use on analyzing the bullet holes from the planes
that did come back, and if they didn’t have many holes on the engine, it was simply
because the ones that did get hit, didn’t come back.

There are many stories that Ellenberg gives us to show us precisely what he
showed above, that sometimes we are stuck with some problem or there’s something
going on in the world, and mathematics let us think and analyze things in such a way
that we can solve problems in an unexpected way.

Ellenberg is successful in collecting real life situations, from every possible
field, that mathematics had a big impact in them. To write about every single one of
them would be pointless, I encourage you to read the whole book. The subjects that he
goes through go from war, to personal anecdotes, economics, politics, lotteries,
parabolas, calculus, infinity, science, social studies, etc. showing us that no matter the
field, no matter where we are looking at or trying to do, we can always make informed
decisions and “not be wrong” if we have mathematical knowledge and we take them
into consideration.

Going through a lot of real life examples through a wide variety of subjects is to
convince us –the readers– that no matter what you do, what you like, what your future
plans are, you will face certain situations, certain problems, that require a way of
thinking that mathematics provides and can solve the problem.

By reading this book and changing the way we think, the way we approach
problems and the way we accept or decline ideas –Ellenberg’s objective with his book
is met by this– we can change the way we live and the way others live, by not being
fooled so easy, by making good decisions, by demanding ourselves to think critically
and analytically.

He closes the book with the following:

“Every time you observe that more of a good thing is not always better, or you
remember that improbable things happen a lot, given enough chances, and resist the
lure of the Baltimore stockbroker, or you make a decision based not just on the most
likely future, but on the cloud of all possible futures, with attention to which ones are
likely and which ones are not, or you let go of the idea that belief of groups should be
subject to the same rules as beliefs of individuals or simply you find that cognitive sweet
spot where you can let your intuition run wild on the network of tracks formal reasoning
makes for it, without writing down an equation or drawing a graph, you are doing
mathematics.

When are you going to use it? You've been using mathematics since you were born and
you'll probably never stop. Use it well.”

I really enjoyed this book, I have always loved mathematics and many of the
things he talked about, I had lived a similar story. I have friends that are mathematicians
(or will be) and we have talked about this, about how crucial it is for everyone to grasp
concepts about mathematics, it doesn’t matter what they want to be professionally;
listening to people say things like “I hate maths” or “I can’t wait to study [INSERT
COLLEGE CAREER WITHOUT MATHS] so I don’t encounter maths for the rest of
my life” is really sad, because they will use maths for the rest of their lives, and they’re
truly beautiful, and if they were taught mathematics in a different way, they wouldn’t
hate it.

My conclusion would be, if you like knowledge, if you want to challenge your
ideas and want to be amazed by all the applications that mathematics has, give this book
a try, it will not disappoint you.

viernes, 16 de marzo de 2018

20:10 p.m.

I have a huge passion for knowledge and research, I would love to create knowledge as a full-time job and do research. For the past few years I've been following a lot of YouTube channels related to science or stuff that I like. Basically I'm at YouTube 24/7 and whenever I find a new video I watch it to learn more and more.

With the blog I have to do for Ken's class, I've decided to write about things I learn on (maybe a weekly basis) and about stuff that I like, some of it won't be related to Computer Security. This, with the hope of creating a YouTube channel and doing videos about stuff that I like and know, so other people that like similar stuff can enjoy and learn more.

So here's the list, I hope you like and enjoy them as much as I do and if you know about more interesting channels, please let me know.

Mark Rober

https://www.youtube.com/user/onemeeeliondollars/featured

ASAP Science:

https://www.youtube.com/user/AsapSCIENCE/videos

Brain Stuff: How stuff works

https://www.youtube.com/watch?v=n8EvWzWEbz0

C de Ciencia

https://www.youtube.com/user/CdeCiencia/videos

Crash Course:

https://www.youtube.com/channel/UCX6b17PVsYBQ0ip5gyeme-Q

How Stuff Works

https://www.youtube.com/channel/UCWIQBDDWcnaDtZ_7E7CeSVg/videos