#header-inner {background-position: right !important; width: 100% !important;}

11/27/15

Brute Force & Dictionary attacks on an Internet Application.

Brute Force Attack on Password.

we have a user name, for example: admin ... then we try each of character combinations as a password using automated script.

for example:

user: admin password: 1 -- login fail
user: admin password: 2 -- login fail

... (many login attempts) ...

user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail

... (many login attempts) ...

user: admin password: T3h_s3cr3t -- login success.


Dictionary Attack on Password.

we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated into a longer password. again we use automation tool as script for example.

opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.

often it's better to start with a dictionary, before trying brute force or other methods later.

all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.

for a simplified example:

username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.

after using script we'd have following dictionary attack:

user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail

... (many login attempts) ...

user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail

... (many login attempts) ...

user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success


Attack on an Internet Application.

The difference between logging in on a local system & logging into the Internet Application is that login information is the part of the HTTP(S) request.

We can create a HTTP(S) request manually, inserting the authentication data as proper, then connect to the attacked Internet Application using script.

Providing there's no security mechanisms as 'Captcha' for example, we'll login after a certain amount of time & tries.

HTTP(S) protocol knowledge here comes handy ... at least part(s) of it, but perhaps we can just analyze login-related traffic between our browser & the application using a tool as 'HTTP Trace' plugin for the 'Google Chrome' browser.




HTTPS Traffic.



then we can extract HTTP Request & forge a new, similar one.

there are tools as well, for example:
- THC-Hydra (Linux),
- Brutus (Windows).

... i'd use these preferably.


   


Hydra & Brutus - Online Password Cracking Tools.



11/14/15

Electromagnetic Flight ?

'Basics of Electronics'

by Elmar Dehler & others.
REA 2012. EUROPA LEHRMITTEL.

(this book has a chapter about electricity, magnetism & Lorentz force).


'Waves & Antennas'

by Jarosław Szóstka.

(this book has chapters about electromagnetism,
also about waves & about energy in electromagnetic fields).


---
'Electromagnetic propulsion (EMP), is the principle of accelerating an object by the utilization of a flowing electrical current and magnetic fields.

The electrical current is used to either create an opposing magnetic field, or to charge a fluid, which can then be repelled.

When a current flows through a conductor in a magnetic field, an electromagnetic force known as a Lorentz force, pushes the conductor in a direction perpendicular to the conductor and the magnetic field.

This repulsing force is what causes propulsion in a system designed to take advantage of the phenomenon.

The term electromagnetic propulsion (EMP) can be described by its individual components: electromagnetic- using electricity to create a magnetic field (electromagnetism), and propulsion- the process of propelling something.

One key difference between EMP and propulsion achieved by electric motors is that the electrical energy used for EMP is not used to produce rotational energy for motion; though both use magnetic fields and a flowing electrical current.'

source: Wikipedia.

Questions:

1. can this be used to propel small flying objects such as Milimetrites (Mili Electro Mechanical Systems; a milimeter is 10-3 of meter), MEMS (Micro Electro Mechanical Systems; a micrometer is 10-6 of meter) devices or perhaps even NEMS (Nano Electro Mechanical Systems; a nanometer is 10-9 of meter) devices ?
2. can the flight vector be chosen that way ?

i am not an expert yet, but i think i should answer these questions a certain day in a future.


see also, if You wish or need : 'The World's First Flying Saucer: Made Right Here on Earth' on 'Scientific American', Nanoscale.


imagining however:
- perhaps ionizing air, creating plasma, makes coordination of NEMS nanites quite a daunting task, aside from software's inherent complexity,
- because of charged air or other medium, as well as plasma, pressure on objects can be of kinetic nature (particle collisions) or of electromagnetic nature, perhaps of yet another type(s) as well,
- how to handle wireless communication between devices as well ? this also leaves space charged as the wireless signal is also an electromagnetic wave,
- perhaps precalculating 'cases' for different energy fields will be neccessary.


      
'Quantum Fields Theory part 1st'

by S. Weinberg.
'Vectors, Derivatives, Integrals'

by W.Korczak, M.Trajdos.

'Ola AH' Programming Language for Nanotech ?

... this seems to be quite advanced in time thinking, but has to start somewhere anyway.

i think that since a certain day NEMS nanites & other nanotechnologies will be well understood by many of the people,

i think that since a certain day NEMS device drivers will be part of available technologies.

programming languages for coordinating 3-dimensional nanite swarm clouds will be neccessity, 'Ola AH' Programming Language should compete against other such solutions, i think.

... this will be one of possible use cases for this a Language, not only the nanotech.

there are many use cases for 3D worlds or realities modelling, including modelling market shares that Companies own, or modelling 3D Game Worlds.

i have faith that if something dramatic & catastrophic won't happen, 'Ola AH' Programming Language will have a lot of use cases in this life.

(i am a 38 years old scientist & artist at this moment, i am mostly Proficient with computer software programming including 5-years Professional Programming experience, i've did a Parser at work as well.).


     
'Nanotechnologies'

by R.W. Kelsall,
I.W. Hamley,
M.Geoghegan.
a Post in the LinkedIn's NEMS Group.

11/13/15

Multi-State.

when thinking about hardware layer of the Stitie Processor cubes, ideas come to my mind,

how to handle limited amount of memory in a single Stitie Machine?

perhaps State can have a links (pointers or references) to other memory parts, perhaps in different Spaces.

these referenced memory parts might together form an address space, a flat,
1-dimensional, State's a part.

this 1-dimensional space can be arranged many ways, for example as classical up-down memory address list that contains instructions & data.

other possible forms are theoretically possible, but i fail to see reasons for these, perhaps future will correct me in that.

there might be method that reserves a given selection of stitie machines & produces State object that hides these links & references from user's awareness, providing simpler model as for example Hash Map to protect his or her sanity, to increase productivity as well.


---
Pseudocode might look as that:


  StitieSpace space1 = ...;
  StitieSpace space2 = ...;

  Coordinates[] coordsList = { ... };
  State smA = space2.getFlatStateFromMachinesAtCoords(coordsList);

  StitieMachineImpl machineA = space1.getStitieMachineAtCoords(...);
  machineA.setState(smA);



---
A part of Stitie Computer, consisting of many Stitie Processor cubes (shown on image below as colored spheres) might look as that:



Green Machines belong to Stitie Space #1,
Grey Machines are unassigned,
Blue Machines belong to Stitie Space #2.



(connections & infrastructure were hidden on this image for picture's clarity).


Stitie Space's Object that creates State for example would be a part of infrastructure electronics, placed in-between individual machines.


---
a warning: 'Combining State' article is not very related to what i am doing here.