Leaderboard

A couple weeks ago an organization called intigriti had a hacking challenge where people were to exploit an XSS vulnerability in this page: https://challenge.intigriti.io/ Unfortunately the competition is over and it has been solved in numerous different ways, but they left the page up, so you can still go test your skills! In case they ever take that down you can still access the code for the challenge, as well as multiple solutions and explanations, here: https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/

https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/ The article notes the history of collision vulnerabilities in Sha-1 dating back to 2005 when it was broken only in theory, and in 2017 when a successful attack was done by researchers at Google and CWI Amsterdam at the expense of $110,000. Only this month, however, is when this chosen prefix attack was developed by Gaëtan Leurent and Thomas Peyrin. They detailed their multi-phase attack more specifically in this paper (direct pdf link) https://eprint.iacr.org/2019/459.pdf The news article makes the conclusion that Sha-1 should be considered completely and entirely dead and provides a list of alternatives to switch to in order of preference.

So for my mathematical modeling class, we had to do a final project where we created a probabilistic model in one of a few different available topics. Mine was for the "rush hour" of an office lobby when all the employees arrive in the morning. All I was given were some basic immutable conditions, and the rest was up to me! Those conditions were: The time between employee arrivals varies between 0 and 30 seconds in a probabilistic manner. There are 4 elevators for 12 floors. Elevators wait 15 seconds after a person enters them before closing doors (this resets after every entry) I'm going to walk you through my though process and my formulation of what I consider to be a pretty snazzy model! So the first question on my mind and immediately what I interpreted to be the most important issue was the probabilistic arrival time of the employees. I could easily just make people equally as likely to arrive at any time in that 30 second interval, but that's very uninspired and boring. Instead I thought for a minute and decided that I wanted to start with a parabolic distribution like this: Where "α" is a normalizing constant to make sure that the cumulative probability for the relevant domain is 1. The reason being that I felt arrivals in the real world would likely be semi-grouped. This is because of things like traffic lights, carpools, public transport, cross walk signals, etc... People are forced to wait at various checkpoints in their commutes, and then all given the green light at the same time. Therefore after any given person's arrival, it's more likely that the next person is either going to arrive very shortly, or a while afterward. I then tried to see how I could improve it. I didn't like that the probability for an arrival after 15 seconds was 0 because not only does that mean we'll never have a 15 second wait period, but we also will probably never have any that are between 10-20 seconds because the probabilities are so low. For that reason I needed a base probability constant to add to the equation. Additionally, I also wanted to experiment with the idea of a variable shift value. Instead of having the parabola constantly centered at 15 seconds, I could have its global minimum vary. It could be centered at 13 when arrivals should be more sparse, and at 17 when things are busier. This is a better model for an actual rush hour because in the middle of a rush hour it's busier than the beginning or end. So I made the following changes: This is just the graph of T(t) not of P(x). "a" is another normalizing constant that I solved for by setting T(0) to 0 so that it would accurately span the entire duration of the simulation. The shift value was 2400 on T(t) because the simulation will run for 80 minutes and that's 4800 seconds. "c2" is the maximum value of the time variable shift. For P(x) "mi" is a constant which represents the minimum shift value and "c" is the base probability value. From there I just needed to substitute the finished T(t) function into P(x), assign values to my constants, and solve for "α" and when you graph that final equation you get: Where any ZX slice of the surface represents the probability distribution for arrival interval at any given point in the simulation. Finally, I also had the idea to include an option for employees to take the stairs with roughly a flipped exponential distribution for the probabilities that any given employee will use them (e.g. 66% chance if on floor 2, 43% for floor 3, 27% for floor 4, etc...) Finally I had to write a program for a Monte Carlo simulation to actually implement the model: Main.Java Person.Java Elevator.Java Parts of the code might be slightly ham-fisted because I needed to just get it to work, but it works perfectly fine. And these were the results after running the simulation 5000 times: What's quite interesting is that you can actually see the time variable shift in these results. Only about 0.1% of people actually had to wait in line for an elevator, but the average amount of time that people spent in line if they did have to wait was 23 seconds rather than something inconsequential. This implies that the model did its job and toward the middle of the simulation a line formed, and then it dispersed when the rush hour died down.

This is part of a homework assignment I had to code, figured I would share it since it might be some good code to read for anyone who hasn't dabbled in C. We also had to implement this same program in java and c++. Premise of the program: Using structures and pointers, create a gameboard and game pieces. Be able to create game pieces, place them on the board and move them around. Pieces can not be placed into an already occupied space, and can not move into an occupied space. This program takes board locations as elements of array. So 0, 0 is a a place on the board. If there are 5 rows and columns, rows ranged from [0 - 4] and columns ranges from [0 - 4].

For one of my classes this semester, we had a week where we took a quick look into PROLOG. This language is probably not what most people are used to working with. It follows the logic paradigm, unlike LISP that is functional or C that is imperative. The logic paradigm is an interesting one with much of their uses being in artificial intelligence. As my instructor said, the point is to get rid of programming all together. The mechanics of the language are simple. It is written using three main parts that comprise of a program; facts, rules, and queries. The programmer writes a set of facts and rules. When interpreted, the interpreter will construct a deductive database. From that database, a user will submit queries and the computer will respond with an answer. Essentially, based off of the deductive database, the computer will "figure out" the answer to the query on it's own. Before sharing some sample code, I will provide a few resources. For computers of all platforms, a popular interpreter for PROLOG is swi-prolog. WIth a quick google search, swi-prolog also provides a website where it can be used in browser. If installing the interpreter on one own's computer, a prolog file that constructs the deductive database ends in a ".pl" extension. Also, on my linux system, once swi-prolog is installed, the interpreter is started by typing "prolog" into the terminal. To be able to invoke the interpreter with a ".pl" file, start the prolog interpreter, then submit a query of "consult(FileNameWithoutExtension)." Statements in prolog are based around predicates and are to be thought about in english. An example of a fact would be a dog is a pet. Predicates have a relationships to objects. In prolog terms, dog is an object. Stating this fact in prolog would look like this: pet(dog). When this file is user in the interpreter and we submit a query asking if a dog is a pet, this is what it will look like. ?- consult(ex1). true. ?- pet(dog). true. To exit the interpreter, input the following line into the interpreter. halt. Now, rules are based around if-statements. If statements in prolog are represented as ":-". Look at the following example. pet(dog). dog(sparky). owner(tux). owns(tux, sparky) :- dog(sparky), pet(dog), owner(tux). We have defined three facts. The last line is stating a rule. We are saying, tux owns sparky IF sparky is a dog AND a dog is a pet AND owner is tux. Commas (,) in prolog are representative of AND. Running this in an interpreter with some queries. ?- consult(ex2). true. ?- owns(tux, sparky). true. ?- owns(me, sparky). false. If we ask if tux owns sparky, we get true as the output. However, if we ask if me owns sparky, is returns false. Now to make it a little more complex. father(tom). mother(lisa). boy(chandler). girl(mila). father_of(X, Y) :- father(X), boy(Y); girl(Y). mother_of(X, Y) :- mother(X), boy(Y); girl(Y). This this script, a mother, father, boy and are defined. We are setting rules asking who is the father of who and who is the mother of who. We can query this and get responses. A quick not is that the semi-colon (;) represent OR. So we are saying, X is the Father_of Y if x is a father and y is a boy or y is a girl. Variables in PROLOG start with captical letters. ?- consult(ex3). true. ?- father_of(tom, lisa). false. ?- father_of(tom, mila). true. ?- mother_of(lisa, tom). false. Now, we can also make some queries that will return something interesting. ?- father_of(tom, WHO). WHO = chandler ; WHO = mila. ?- mother_of(who, mila). false. ?- mother_of(WHO, mila). WHO = lisa. By using WHO as a parameter in a query, it will show who all are the children of tom. This is the conclusion of just a quick showing of PROLOG. I was eager to post this becuase it doesn't seem like a whole lot of people are too familiar with the logic paradigm.