Wednesday, April 26, 2017

This is a continuation of the list of important software incidents in recent history as described here.   
17) Ping of death - Perhaps the ubiquity of computers and their networking protocols make it vulnerable to the attacks over the wire. In 1995/1996 the networking stack on the computers was not as hardened as they are today. Packet fragmentation and reassembly code were missing checks and error handling at the protocol level. In this case, a malformed ping packet could lead to a crash of the operating system. The Windows operating system showed a blue screen when they received these packets but the attacks and failures were not limited to Windows and affected other operating systems too. 
18) Stack of vulnerabilties - Since the networking stack other than TCP/IP such as the tunneling protocols were also not hardened prior to 2002, they were also vulnerable to malformed packets causing system crash. A variety of protcols were exploited but perhaps the point to point tunneling protocol manifested the most number of such vulnerabilities.  The size and format of the packets, the validity of the fields, the exchange sequence, the states of the state machine implemented by the protocols, the position on the stack for the protocol, the authentication and encryption mechanisms etc were all subsequently analyzed in a major security improvement. Today encryption and private key based authentication is widely used everywhere.
19) Random numbers - Many protocols and mechanisms rely on random number generation. However, the numbers generated can be random only when they are seeded properly. Even the authors of Kerberos  failed to safeguard against this bug. It was therefore possible to break into any computer that relies on Kerberos for authentication. However these vulnerabilities were not significantly exploited. Moreover, Kerberos had an elegant protocol design and the code was widely available making it hugely popular. 
20) Number crunching - In terms of public relations nightmare, perhaps the Intel Pentium floating point divide error stands out. The chip maker made mistakes when dividing floating point numbers that occur within a certain range. For example, dividing 4195835 by 3145727 resulted in 1.33374 instead of 1.33382 which was an error margin of over 6 percent. In scientific computing, this kind of mistakes may alter analysis and worse yet may even go unnoticed. Although, it was not clear how many users were affected, the company eventually agreed to replace each and every unit. This bug was over 475 million dollars in cost.
21) X-Ray - Perhaps the most well known of all bugs in the medical industry was the bug in the code controlling the Therac-25 radiation therapy which was responsible for at least five patient deaths in 1980 The defect was that a one byte counter in a testing routine frequently overflowed. when an operator provided the manual input to the machine at the time of an overflow, an interlock would fail. This interlock was the one that helped spread the electron beam by rotating a spreader plate. In its absence a lethal dose of radiation would hit the patient who described it as an intense electric shock. This would result in radiation burns, radiation poisoning and eventual death of the patient.
Courtesy: Internet sources, personal experience, Wired magazine, Bell Laboratories paper
#codingexercise
Yesterday we were describing how to find the length of the largest region in a boolean matrix. A region is a group of cells with value 1 such that each cell is adjacent to another cell also with value 1 and adjacency can be horizontal, vertical or diagonal.
The DFS is implemented here:
void DFS(int[,] A, int row, int col, int row, int col, ref int[,] visited, ref int  size)
{

var rd = { -1,-1,-1,0,0,1,1, 1};
var cd = { -1,0,1,-1,0,1,-1,0,1 };

visited[row,col] = true;
for (int k = 0; k < 8; k++)
    if (isSafe(A, row,col, row + rd[k], col +cd[k])){
           size++;
           DFS(A, row,col, row+rd[k], col+cd[k], ref visited, ref size);
}

}
DFS attempts all the eight adjacent cells a d only proceeds to recursion on that when it is safe to do that. Here safe means the cell is a valid position, has a 1 and has not been visited before. All the eight adjacent positions are tried.

No comments:

Post a Comment