Uneven key pre-distribution scheme for multi-phase wireless sensor networks

In multi-phase Wireless Sensor Networks (WSNs), sensor nodes are redeployed periodically to replace nodes whose batteries are depleted. In order to keep the network resilient against node capture attacks across different deployment epochs, called generations, it is necessary to refresh the key pools from which cryptographic keys are distributed. In this paper, we propose Uneven Key Pre-distribution (UKP) scheme that uses multiple different key pools at each generation. Our UKP scheme provides self healing that improves the resiliency of the network at a higher level as compared to an existing scheme in the literature. Moreover, our scheme provides perfect local and global connectivity. We conduct our simulations in mobile environment to see how our scheme performs under more realistic scenarios

Scraping Airlines Bots: Insights Obtained Studying Honeypot Data

Airline websites are the victims of unauthorised online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airlines' websites. In this work, we propose a deceptive approach to counter scraping bots. We present a platform capable of mimicking airlines' sites changing prices at will. We provide results on the case studies we performed with it. We have lured bots for almost 2 months, fed them with indistinguishable inaccurate information. Studying the collected requests, we have found behavioural patterns that could be used as complementary bot detection. Moreover, based on the gathered empirical pieces of evidence, we propose a method to investigate the claim commonly made that proxy services used by web scraping bots have millions of residential IPs at their disposal. Our mathematical models indicate that the amount of IPs is likely 2 to 3 orders of magnitude smaller than the one claimed. This finding suggests that an IP reputation-based blocking strategy could be effective, contrary to what operators of these websites think today

Uses and Abuses of Server-Side Requests

More and more web applications rely on server-side requests (SSRs) to fetch resources (such as images or even entire webpages) from user-provided URLs. As for many other web-related technologies, developers were very quick to adopt SSRs, even before their consequences for security were fully understood. In fact, while SSRs are simple to add from an engineering point of view, in this paper we show that—if not properly implemented—this technology can have several subtle consequences for security, posing severe threats to service providers, their users, and the Internet community as a whole. To shed some light on the risks of this communication pattern, we present the first extensive study of the security implication of SSRs. We propose a classification and four new attack scenarios that describe different ways in which SSRs can be abused to perform malicious activities. We then present an automated scanner we developed to probe web applications to identify possible SSR misuses. Using our tool, we tested 68 popular web applications and find that the majority can be abused to perform malicious activities, ranging from server-side code execution to amplification DoS attacks. Finally, we distill our findings into eight pitfalls and mitigations to help developers to implement SSRs in a more secure way

Treatment of saphetious vein graft lesions with paclilaxel- and sirolimus-eluting stews: comparison of short- and long-term clinical outcomes

WOS: 000262178300007PubMed ID: 19103539Objective: The purpose of this study was to compare treatment of saphenous vein graft (SVG) lesions with paclitaxel-eluting (PES) and sirolimus-eluting stents (SES) in daily practice with regard to short- and long-term clinical outcomes. Methods: Between August 2002 and September 2006, a total of 71 patients with SVG lesions who were implanted PES or SES with percutaneous coronary intervention in our center were evaluated retrospectively. Forty-six patients with PES (PES group) were compared to twenty-five patients treated with SES (SES group) in terms of in-hospital, 30-day, six-months and 1-year clinical outcomes. Statistical analyses were performed using Chi-Square statistics or Fisher's exact and independent sample t test. Survival analysis was done using Kaplan-Meier method and log-rank test. Results: Baseline clinical characteristics were similar in both groups except for a tendency toward a lower age in the SES group. No statistically significant difference was found between two groups by means of lesion and procedural characteristics. All clinical outcomes at 30-day, 6-month and 1-year after the interventions were similar in both groups. Early stent thrombosis was detected in one patient (2.2%) of PES group (p=0.65). Late stent thrombosis was not observed in both groups. The rate of major adverse cardiac events at 1-year was 8.7% in the PES group and 16% in the SES group (p=0.44). Conclusion: Short- and long-term clinical outcomes of PIES and SES in the treatment of SVG lesions are similar. The results of our study showed that both drug-eluting stents are effective and safe in real-world patient with diseased SVGs. (Anadolu Kardiyol Derg 2008; 8: 437-6