Skip to main content

Enhancing Indoor Air Quality: A Guide to Better Health and Comfort

In today's world, where we spend a significant amount of our time indoors, the quality of the air we breathe inside our homes and workplaces is crucial for our health and well-being. Poor indoor air quality (IAQ) can lead to various health issues, including allergies, respiratory problems, and even long-term conditions. This blog post explores effective strategies for managing and improving indoor air quality. Understanding Indoor Air Pollutants Indoor air pollutants can originate from various sources: Biological Pollutants: Mold, dust mites, and pet dander. Chemical Pollutants: Volatile organic compounds (VOCs) from paints, cleaners, and furnishings. Particulate Matter: Dust, pollen, and smoke particles. Strategies for Improving Indoor Air Quality Ventilation: Natural Ventilation: Open windows and doors regularly to allow fresh air circulation. Mechanical Ventilation: Use exhaust fans in kitchens and bathrooms to remove pollutants directly at the source. Air Purifiers: HEPA Filt

Program threads

Program Threats
* There are many familiar threats to modern systems. Only a few are discussed here.

Trojan Horse
* A Trojan Horse is a program that secretly performs some maliciousness in extra to its visible actions.
* Some Trojan horses are deliberately written as such, and others are the result of legitimate programs that have become infected with viruses, (see below.)
* One dangerous opening for Trojan horses is long search paths, and in specific paths which include the current directory (“.”) as part of the path. If a dangerous program having the same name as a authorized program (or a common mis-spelling, such as "sl" instead of "ls”) is placed anywhere on the path, then an unsuspecting user may be fooled 
into running the wrong program by mistake.
* Another classic Trojan Horse is a login imitator, which records a users account name and password, problems a "password incorrect" message, and then logs off the system. The user then tries again (with a proper login prompt), logs in successfully, and doesn't realize that their information has been stolen.
* Two solutions to Trojan Horses are to have the system print usage statistics on logouts, and to require the typing of non-trappable key sequences such as Control-Alt-Delete in order to log in. (This is why modern Windows systems needs the Control-Alt-Delete sequence to commence logging in, which cannot be emulated or caught by ordinary programs. I.e. that key series always transfers control over to the operating system. )
* Spy ware is a version of a Trojan Horse that is often included in "free" software 
downloaded off the Internet. Spy ware programs generate pop-up browser windows, and may also accumulate information about the user and deliver it to some central site. (This is an example of convert channels, in which secret communications occur.) Another common task of spyware is to send out spam e-mail messages, which then purportedly come from the infected user.

Trap Door
* A Trap Door is when a designer or a programmer (or hacker) intensionly 
adds a security hole that they can use later to access the system.
* Because of the chances of trap doors, once a system has been in an untrustworthy state, that system can never be trusted again. Even the backup tapes may contain a duplicate of some cleverly hidden back door.
* A clever trap door could be added into a compiler, so that any programs compiled with that compiler would contain a security hole. This is specially dangerous, because inspection of the code being compiled would not reveal any problems.

Logic Bomb
* A Logic Bomb is code that is not constructed to cause havoc all the time, but only when a certain set of circumstances occurs, such as when a particular date or time is extented or some other noticeable event.
* A classic example is the Dead-Man Switch, which is constructed to check 
whether a certain person (e.g. the author) is logging in every day, and if they don't log in for a long time (privately because they've been fired), then the logic bomb goes off and either opens up security holes or causes some problems.

Stack and Buffer Overflow
* This is a basic method of attack, which exploits bugs in system code that allows buffers to overflow. Consider what happens in the following code, for example, if argv[ 1 ] limits 256 characters:
• The strcpy command will exceeds the buffer, overwriting adjacent areas of memory.
• (The problem could be avoided using strncpy, with a limit of 255 characters copied plus room for the null byte.)
C program with buffer-overflow condition.
 #include 
 #define BUFFER_SIZE 256
  int main( int argc, char * argv[ ] )
 {
 char buffer[ BUFFER_SIZE ];
  if( argc < 2 )
 return -1;
 else {
 strcpy( buffer, argv[ 1 ] );
 return 0;
 }
 }
* So how does overflowing the buffer cause a security violation? Well the first step is to realize the structure of the stack in memory:
• The "bottom" of the stack is literally at a high memory address, and the stack grows towards lower addresses.
• However the address of an array is the lowest address of the array, and higher array elements expand to higher addresses. (I.e. an array "grows" towards the bottom of the stack.)
• In particular, writing past the top of an array, as occurs when a buffer overflows with too much input data, can eventually overwrite the return address, effectively changing where the program jumps to when it returns.
* Now that we know how to modify where the program returns to by overflowing the 
buffer, the second step is to insert some nefarious code, and then get the program to jump to our inserted code.
* Our only chance to enter code is via the input into the buffer, which means there isn't room for very much. One of the simplest and most obvious approaches is to insert the code for "exec ( /bin/sh )". To do this needs compiling a program that contains this instruction, and then using an assembler or debugging tool to extract the minimum extent that includes the necessary instructions.
* The bad code is then padded with as many additional bytes as are needed to overflow the buffer to the correct extent, and the address of the buffer inserted into the return address location. ( Note, however, that neither the bad code nor the padding can contain null bytes, which would terminate the strcpy. )
* The resulting block of information is given as "input", duplicate into the buffer by the original program, and then the return statement causes control to jump to the location of the buffer and start executing the code to launch a shell.

* Unfortunately famous hacks such as the buffer overflow attack are well published and well known, and it doesn't take a lot of skill to observe the instructions and start attacking lots of systems until the law of averages eventually works out. ( Script Kiddies are those hackers with only rudimentary skills of their own but the ability to copy the efforts of others. )
* Fortunately modern hardware now adds a bit in the page tables to mark certain pages as non-executable. In this case the buffer-overflow attack would work up to a point, but as soon as it "returns" to an address in the data space and tries executing statements there, 
an exception would be thrown crashing the program.

Viruses
* A virus is a fragment of code embedded in an otherwise legitimate program, designed to replicate itself (by infecting other programs), and (eventually) wreaking havoc.
* Viruses are more likely to infect PCs than UNIX or other multi-user systems,because 
programs in the latter systems have limited authority to modify other programs or to access critical system structures (such as the boot block.)
* Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e-mail or unsafe downloads.
* Viruses take many forms (see below.) Figure shows typical operation of a boot 
sector virus:
* Some of the forms of viruses include:
File - A file virus attaches itself to an executable file, causing it to run the virus code first and then jump to the start of the original program. These viruses are termed parasitic, because they do not leave any new files on the system, and the original program is still fully functional.
Boot - A boot virus occupies the boot sector, and runs before the OS is loaded. These are also known as memory viruses, because in operation they reside in memory, and do not appear in the file system.
Macro - These viruses exist as a macro (script) that is run automatically by certain macro-capable programs such as MS Word or Excel. These viruses can exist in word processing documents or spreadsheet files.
Source code viruses look for source code and infect it in order to spread.
Polymorphic viruses change every time they spread - Not their underlying 
functionality, but just their signature, by which virus checkers recognize them.
Encrypted viruses travel in encrypted form to escape detection. In practice they are self-decrypting, which then allows them to infect other files.
Stealth viruses try to avoid detection by modifying parts of the system that could be used to detect it. For example the read() system call could be modified so that if an infected file is read the infected part gets skipped and the reader would see the original unadulterated file.
Tunneling viruses attempt to avoid detection by inserting themselves into the interrupt handler chain, or into device drivers.
Multipartite viruses attack multiple parts of the system, such as files, boot sector, and memory.
Armoured viruses are coded to make them hard for anti-virus researchers to decode and understand. In addition many files associated with viruses are hidden, protected, or given innocuous looking names such as "...".
* In 2004 a virus exploited three bugs in Microsoft products to infect hundreds of Windows servers ( including many trusted sites ) running Microsoft Internet Information Server, which in turn infected any Microsoft Internet Explorer web browser that visited any of the infected server sites. One of the back-door programs it installed was a keystroke 
logger, which records user’s keystrokes, including passwords and other sensitive 
information.
* There is some debate in the computing community as to whether a monoculture, in which nearly all systems run the same hardware, operating system, and applications, increases the threat of viruses and the potential for harm caused by them.

Labels:

Popular posts from this blog

FIRM

          A firm is an organisation which converts inputs into outputs and it sells. Input includes the factors of production (FOP). Such as land, labour, capital and organisation. The output of the firm consists of goods and services they produce.           The firm's are also classified into categories like private sector firms, public sector firms, joint sector firms and not for profit firms. Group of firms include Universities, public libraries, hospitals, museums, churches, voluntary organisations, labour unions, professional societies etc. Firm's Objectives:            The objectives of the firm includes the following 1. Profit Maximization:           The traditional theory of firms objective is to maximize the amount of shortrun profits. The public and business community define profit as an accounting concept, it is the difference between total receipts and total profit. 2. Firm's value Maximization:           Firm's are expected to operate for a long period, the
Read more

Human Factors in Designing User-Centric Engineering Solutions

Human factors play a pivotal role in the design and development of user-centric engineering solutions. The integration of human-centered design principles ensures that technology not only meets functional requirements but also aligns seamlessly with users' needs, abilities, and preferences. This approach recognizes the diversity among users and aims to create products and systems that are intuitive, efficient, and enjoyable to use. In this exploration, we will delve into the key aspects of human factors in designing user-centric engineering solutions, examining the importance of user research, usability, accessibility, and the overall user experience. User Research: Unveiling User Needs and Behaviors At the core of human-centered design lies comprehensive user research. Understanding the target audience is fundamental to creating solutions that resonate with users. This involves studying user needs, behaviors, and preferences through various methodologies such as surveys, interview
Read more

Introduction to C Programs

INTRODUCTION The programming language ‘C’ was developed by Dennis Ritchie in the early 1970s at Bell Laboratories. Although C was first developed for writing system software, today it has become such a famous language that a various of software programs are written using this language. The main advantage of using C for programming is that it can be easily used on different types of computers. Many other programming languages such as C++ and Java are also based on C which means that you will be able to learn them easily in the future. Today, C is mostly used with the UNIX operating system. Structure of a C program A C program contains one or more functions, where a function is defined as a group of statements that perform a well-defined task.The program defines the structure of a C program. The statements in a function are written in a logical series to perform a particular task. The most important function is the main() function and is a part of every C program. Rather, the execution o
Read more