Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)

We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find

IMPROVED SOFTWARE ACTIVATION USING MULTITHREADING

Software activation is an anti-piracy technology designed to verify that software products have been legitimately licensed [1]. It is supposed to be quick and simple while simultaneously protecting customer privacy. The most common form of software activation is through the entering of legitimate product serial numbers by users, which sometimes are also known as product keys. This technique is employed by various software, from small shareware programs to large commercial programs such as Microsoft Office. However, software activation based on a serial number appears to be weak, as various cracks for a majority of programs are available and can be found easily on the Internet. Users can use such cracks to bypass the software activation. Generally, the verification logic for checking a serial number executes sequentially in a single thread. Such an approach is weak because attackers can effectively trace this thread from the beginning to the end to understand how the verification logic works. In this paper, we develop a practical multi-threaded verification design. We breakdown the checking logic into smaller pieces and run each piece within a separate thread. Our results show that the amount of traceable code in a debugger is reduced to a low percentage of the code -- especially when junk threads with deadlocks are used -- and the traceable code in each run can differ as well. This makes it more difficult for an attacker to reverse engineer the code and bypass any security check. Finally, we attempt to quantify the increased effort necessary to break out verification logic

Wittgensteinian Quietism

One can't help but be struck by the range of incompatible positions that Wittgenstein's philosophy, his rule-following considerations in particular, have been taken to support. For instance, according to one very popular interpretation of the rule-following considerations, Wittgenstein proves that claims about the meanings of words aren't objectively true. On another interpretation, Wittgenstein shows that discourse about meaning, though without foundation, is as capable of robust truth as any. Still others argue that the Wittgenstein of the Investigations was neither a realist nor an antirealist with respect to discourse about meaning. On the contrary, according to proponents of this last interpretation, Wittgenstein rejected as "nonsense" both the questions that the rule-following considerations seem to pose and the answers that realists and antirealists have tried to give to these questions.This third, quietist interpretation of Wittgenstein has received increased critical attention of late. Some commentators have suggested that there is no textual basis for the quietist interpretation of the early Wittgenstein. Less has been written that purports to assess the arguments that quietists have found in Wittgenstein, early or late. In this dissertation, I assess the philosophical credentials of the quietist interpretation of Wittgenstein. In the first part, I argue that the material from Frege that inspired the Tractatus doesn't support quietism in the way that proponents of the quietist interpretation of Wittgenstein suppose. In the second part, I argue that the rule-following considerations support a position that's closely related to, but in important respects different from the one that the proponents of the quietist interpretation of Wittgenstein endorse

Aristotle’s Treatment of Fallacious Reasoning in Sophistical Refutations and Prior Analytics

Aristotle studies syllogistic argumentation in Sophistical Refutations and Prior Analytics. In the latter he focuses on the formal and syntactic character of arguments and treats the sullogismoi and non-sullogismoi as argument patterns with valid or invalid instances. In the former Aristotle focuses on semantics and rhetoric to study apparent sullogismoi as object language arguments. Interpreters usually take Sophistical Refutations as considerably less mature than Prior Analytics. Our interpretation holds that the two works are more of a piece than previously believed and, indeed, that Aristotle\u27s treatment of fallacious reasoning presupposes the results of the formal theory

Wittgenstein and the Nonsense Predicament

A single philosophical problem is developed, which will be called the nonsense predicament. The predicament arises because an argument from nonsense—which is an argument that aims to establish that some, or all, philosophical sentences are nonsense—cannot establish its conclusion, because of what will be called the nonsense paradox. This paradox has three parts, which establish that the argument from nonsense leads to (i) a regress, (ii) a contradiction, and (iii) the ineffability of nonsense. Insisting on the argument in the face of this paradox leads to the fallacy that one insists on the sense of nonsense. It is argued that this predicament is solvable only by rejecting the argument in the first place

Wittgenstein and the Grammar of Physics: A Study of Ludwig Wittgenstein\u27s 1929-1930 Manuscripts and the Roots of His Later Philosophy

In 1929 Wittgenstein began to work on the first philosophical manuscripts he had kept since completing the Tractatus Logico-Philosophicus (TLP) in 1918. The impetus for this was his conviction that the logic of the TLP was flawed: it was unable to account for the fact that a proposition that assigns a single value on a continuum to a simple object thereby excludes all assignments of different values to the object (the color exclusion problem). Consequently Wittgenstein\u27s atomic propositions could not be logically independent of one another. Initially he thought he could replace the logically perfect language of the TLP with a phenomenological language in which experiential propositions about various spaces (e.g., visual space ) would form systems. The system described by a phenomenological language would be independent of the one described by ordinary physicalistic language; the physical world was known only by inference from the phenomenological. But he soon realized there was a fundamental error in this conception: phenomenology has to describe the same world as physics or it fails to provide a foundation for it. This suggests that there is only one world, and one language with two different modes of expression. Wittgenstein\u27s now comes to his fundamental insight: ordinary language is biased towards the description of physical objects and their relations, but it is our only method of expressing phenomenological or abstract concepts. Failure to recognize this difficulty leads to the misapplication of physicalistic concepts, i.e., to grammatical errors. This insight had the following impact: (a) the task of philosophy is not to invent logical or phenomenological languages, but to understand the grammar of ordinary language; (b) the notion of a language of pure experience was itself connected with a false, physicalistic idea of the soul as an observer of a private world; (c) the conception of analysis that had guided philosophy since Frege was based on a misused metaphor taken from the grammar of physics: the analysis of an object into its parts or chemical constituents. These ideas reach their ultimate expression in Wittgenstein\u27s Philosophical Investigations. Thus his later work actually begins with these 1929–30 manuscripts

Structure and Interpretation of Computer Programs

Structure and Interpretation of Computer Programs has had a dramatic impact on computer science curricula over the past decade. This long-awaited revision contains changes throughout the text. There are new implementations of most of the major programming systems in the book, including the interpreters and compilers, and the authors have incorporated many small changes that reflect their experience teaching the course at MIT since the first edition was published. A new theme has been introduced that emphasizes the central role played by different approaches to dealing with time in computational models: objects with state, concurrent programming, functional programming and lazy evaluation, and nondeterministic programming. There are new example sections on higher-order procedures in graphics and on applications of stream processing in numerical programming, and many new exercises. In addition, all the programs have been reworked to run in any Scheme implementation that adheres to the IEEE standard

Advice on the Fast-paced World of Electronics

Work reported herein was conducted at the Artificial Intelligence Laboratory, a Massachusetts Institute of Technology research program supported in part by the Advanced Research Projects Agency of the Department of Defense and monitored by the Office of Naval Research under Contract Number N00014-70-A-0362-0005.This paper is a reprint of a sketch of an electronic-circuit-designing program, submitted a a Ph.D. proposal. It describes the electronic design problem with respect to the classic trade-off between expertise and generality. The essence of the proposal is to approach the electronics domain indirectly, by writing an "advice-taking" program (in McCarthy's sense) which can be told about electronics, including heuristic knowledge about the use of specific electronics expertise. The core of this advice taker is a deductive program capable of deducing what its strategies should be.MIT Artificial Intelligence Laborator

La Crypto Nostra: How Organized Crime Thrives in the Era of Cryptocurrency

The advent of Bitcoin and other forms of cryptocurrency has left a permanent mark on the world as we know it, regardless of what percentage of the populace will ever touch or comprehend cryptocurrency in its lifetime. Thanks to the advent of blockchain technology, cryptocurrency has given rise to expedited international exchanges, increased protection of consumer identity, and secured methods for logging transactions. But cryptocurrency’s nebulous nature makes it inherently vulnerable to a slew of hacks, cyberattacks, and run-of-the-mill theft. Moreover, its indeterminate qualities make cryptocurrency incredibly difficult for federal law to wrangle. But, perhaps most chillingly, the rise of cryptocurrency has given organized crime a new look, swapping society’s Kuklinskis1 and Capones2 for pseudonymous sleuths and computer-clad criminals, and underground operations for “dark web” schemes that transcend international borders at the click of a button. This Recent Development will examine how organized crime leverages cryptocurrency, and how U.S. federal law can adapt to stop it