Thursday Nov 26, 2009

No Bit, say Qubit with first programmable quantum computer

Researchers have built the first programmable quantum computer with 79% accuracy in results, according to a paper published in Nature. This universal quantum computer is such a device that can simulate any physical system. Unlike the Bit computing system we use today, quantum computing makes use of qubits. Qubit can be 0, 1 or a combination of 0 and 1, a state called Superposition

These researchers have created a programmable two-qubit quantum processor ,  two beryllium ions chilled to just above absolute zero and trapped by a magnetic field on a gold-plated aluminum chip, formed the qubits. Short laser bursts manipulated the beryllium ions to perform the processing operations, while nearby magnesium ions kept the beryllium ions cool and still.

The researchers have estimated 99.99% accurate results and trying to improve the system's fidelity with stronger laser and other refinements. Quantum computing has successfully stepped a move ahead towards large-scale systems through this exciting experiment.

Ref :

Thursday Nov 27, 2008

FOSS.IN 2008

FOSS.IN 2008 has been started from Tuesday , 25th November at IISC, Bangalore. I am lucky enough to get the opportunity to participate there on behalf of Sun Microsystems, one and only 'Gold Sponsor' of the event. Open source enthusiasts from all over the country as well as outside India gathered there to share and develop their knowledge and expertise about various open source products. lots of conferences and interesting workouts were organized there. some of them are like KDE on Solaris , profiling Gnome using DTrace etc. Sun has one booth there and talented folks from IEC were always present there to demonstrate various interesting and outstanding feature of Sun products. Open Solaris , Virtual Box , NetBeans, Cifs , Amber road , Mysql , IPS ,Open solaris 2008.11, Cross bow, D trace , Open Office everything was presented in front of enthusiastic guys. The delegate kit was equipped with the latest open solaris distro i.e OpenSolaris 2008.11 and a bunch of Sun products like Sun studio, open office , virtual box , mysql , websynergy , netbeans , glassfish and a lot more. Participants were helped by Sun volunteers to install and use those products in their own system. Foss enthusiasts from sun has started blogging with exclusive news from Foss , Sun @ FOSS.IN 2008 - be sure to check it out !

There were also some other booths from vmware , nokia etc. It's going to be ended by tomorrow, 29th November for this year , 2008. We are all looking forward to make it again next year more successful and more gorgeous.

Sunday Nov 02, 2008

Vulnerability through Data Structure sentinels

When we create a data structure code say a linked list or simply a string , a sentinel is used to determine the end point. Typically a NULL character is used at the last position of a string or at the address part of the last node of a single linked list. But this kind of sentinels must be used in a very secured way so that it won't be easily accessible. When we want to print a string or data from a linked list from a piece of code, it always checks with the NULL character as the termination point. So addition of a sentinel in an undesired position may always truncate the data. Deletion of a sentinel too cause serious problems in program logic. So vulnerabilities related to integrity often depends on these factors. Secure programming must take care of it. 

Prevent Buffer Overflow attack

Buffer Overflow attack happens when more data sent to a system than it's designed to handle. This kind of attack may happen through unsecured programming , say if a program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer it may cause a buffer overflow. When buffer overflow attack happens , if it overwrites the allocated memory from the stack area then it's a stack based buffer overflow and when it overwrites the heap area then it's heap based buffer overflow. This kind of attack may lead to a system crash.
There are several preventive measures to be taken against this attack. They are discussed below:

i) Disallowing executable code by adding a line like 'set noexec_user_stack=1' to the /etc/system file. Now if a program attempts to execute code on their stack it will be aborted with a core dump and a warning message will be displayed with the process name, PID and UID. This message can be logged by syslog. Enable it by adding another to the /etc/system file , 'set noexec_user_stack_log=1'. A reboot is necessary to make it work.
ii) Removing unnecessary compilers.
iii) Unknown programs must NOT be executed.
iv) Disabling unnecessary ports and services by commenting lines in /etc/inetd.conf file.
v) Applying patches from Sun website.
vi) Using ASET (Aotomated Security Enhancement Tool) in high mode. (Check out 'man aset').

Vulnerability through file upload

If you have a website which allows anonymous remote users to upload data onto your website , you must be very careful about the vulnerability issues in file uploading. First , check out the Path traversal Vulnerabilities . The file name of an uploaded stuff may be something like '../../' , be sure  to take necessary precautions. Same named file may already exist in the destination directory which may cause data overwriting , so an automatic renaming algorithm must be there. A file extension may give you wrong impression about the file content , you must check the file header to be sure about the content type. Before opening a file a virus detecting software must be used to avoid virus attacks. File size must be restricted to avoid storage exhaustion. Extra care for compressed files ( like a \*.zip) is required as self referencing directory may consume valuable system resources.

Reference :


I am Ritwik Ghoshal, I work as a Security Analyst. This blog is all about security vulnerabilities, prevention mechanism from common attacks, latest technologies, open source software and few other fun topics.


« July 2016