SQL Injection: The Longest Running Sequel in Programming History

One of the risks to a company operating a public-facing website with a Structure Query Language (SQL) database is an attacker exploiting the SQL injection vulnerability. An attacker can cause an SQL database to perform actions that the developer did not intend like revealing, modifying, or deleting sensitive data. This can cause a loss of confidentiality, integrity, and availability of information in a company’s database, and it can lead to severe costs of up to $196,000 per successful injection attack (NTT Group, 2014). This paper discusses the history of the SQL injection vulnerability, focusing on: How an attacker can exploit the SQL injection vulnerability When the SQL injection attack first appeared How the attack has changed over the years Current techniques to defend adequately against the attack The SQL injection vulnerability has been known for over seventeen (17) years, and the countermeasures are relatively simple compared to countermeasures for other threats like malware and viruses. The focus on security-minded programming can help prevent a successful SQL injection attack and avoid loss of competitive edge, regulatory fines and loss of reputation among an organization’s customers

Examining the Correlates of Failed DRDoS Attacks

Over the last decade, there has been a rise in cybercrime services offered on a feefor- service basis, enabling individuals to direct attacks against various targets. One of the recent services offered involves stresser or booter operators, who offer distributed reflected denial of service (DRDoS) attacks on an hourly or subscription basis. These attacks involve the use of malicious traffic reflected off of webservers to increase the volume of traffic, which is directed toward websites and servers rendering them unusable. Researchers have examined DRDoS attacks using realtime data, though few have considered the experience of their customers and the factors associated with the likelihood of successful attack outcomes. This study examines this issue using a binary logistic regression analysis of survey responses from a population of stresser clients. The implications of this study for our understanding of the social factors underlying cyberattacks is discussed in depth

A Survey of Botnet Detection Techniques by Command and Control Infrastructure

Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting peer-to-peer and other decentralized botnets. Furthermore, the detection techniques aimed at decentralized and peer-to-peer botnets focus on detecting communications between the infected bots. Recent research has shown hierarchical clustering of flow data and machine learning are effective techniques for detecting botnet peer-to-peer traffic

Analysis of the influence of under sleeper pads on the railway vehicle/track dynamic interaction in transition zones

[EN] Sharp changes in the vertical stiffness levels of a track can increase train and infrastructure deterioration to the point where there is a serious risk of a derailment. Major overloading and unloading forces are created between the different track and vehicle components. This phenomenon has grown in importance as the operational speeds of trains have increased with the expansion of high-speed lines. In order to solve this problem a method has to be found to smooth the changes in vertical stiffness levels along the track. In the present paper, the combination of transition regions and under- sleeper pads (USPs) has been studied. The research has been performed by means of a dynamic vehicle-track interaction model created by synthesizing a series of sub-models of individual effects. The analysed variables allow various track configurations, train travelling speeds and the stiffness of the USPs to be investigated. The obtained results show that combining transition zones with USPs pads allows more homogeneous vertical stiffness levels to be achieved along the tracks which results in improved dynamic behaviour of the vehicle-track system. © IMechE 2011.This work was supported by Ineco-Tifsa.Insa Franco, R.; Salvador Zuriaga, P.; Inarejos Mesa, J.; Roda Buch, A. (2012). Analysis of the influence of under sleeper pads on the railway vehicle/track dynamic interaction in transition zones. Proceedings of the Institution of Mechanical Engineers Part F Journal of Rail and Rapid Transit. 226(4):409-420. doi:10.1177/0954409711430174S409420226

Fractal analysis of track geometry data

ABSTRACT A Federal Railroad Administration sponsored research project has been ongoing to explore the use of Fractal Analysis of track geometry data for indication of track geometry roughness, maintenance planning and track substructure condition assessment. Fractal analysis provides unique numerical values (fractal dimensions) that characterize railway track geometry patterns. The fractal dimensions can be used for effective maintenance planning by providing meaningful parameters for geometry deterioration modeling, and by potentially providing information about the actual condition of the track by precise quantification of the geometry patterns. The paper will present a lucid discussion of fractal theory and will demonstrate its usefulness for quantifying railroad geometry data by highlighting key aspects of the research results. This paper also discusses the relationship between track structure conditions and fractal dimensions for use in maintenance planning and condition evaluation

New Transition Wedge Design Composed by Prefabricated Reinforced Concrete Slabs

[EN] Important track degradation occurs in structure-embankment transitions, in which an abrupt change in track vertical stiffness arises, leading to a reduction in passengers comfort and safety. Although granular wedges are suggested by different railroad administrations as a solution to avoid these problems, they present some disadvantages which may affect track long-term performance. In this paper, a new solution designed with prefabricated reinforced concrete slabs is proposed. The aim of this solution is to guarantee a continuous and gradual track vertical stiffness transition in the vicinity of structures, overcoming granular wedges disadvantages. The aim of this study is to assess the performance of the novel wedge design by means of a 3-D FEM model and to compare it with the current solution.Real Herráiz, JI.; Zamorano-Martín, C.; Real-Herraiz, TP.; Morales-Ivorra, S. (2016). New Transition Wedge Design Composed by Prefabricated Reinforced Concrete Slabs. Latin American Journal of Solids and Structures. 13(8):1431-1449. doi:10.1590/1679-78252556S14311449138Gallego Giner, I., & López Pita, A. (2009). Numerical simulation of embankment—structure transition design. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 223(4), 331-343. doi:10.1243/09544097jrrt234Gallego, I., Muñoz, J., Rivas, A., & Sánchez-Cambronero, S. (2011). Vertical Track Stiffness as a New Parameter Involved in Designing High-Speed Railway Infrastructure. Journal of Transportation Engineering, 137(12), 971-979. doi:10.1061/(asce)te.1943-5436.0000288Insa, R., Salvador, P., Inarejos, J., & Roda, A. (2011). Analysis of the influence of under sleeper pads on the railway vehicle/track dynamic interaction in transition zones. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 226(4), 409-420. doi:10.1177/0954409711430174Li, D., & Davis, D. (2005). Transition of Railroad Bridge Approaches. Journal of Geotechnical and Geoenvironmental Engineering, 131(11), 1392-1398. doi:10.1061/(asce)1090-0241(2005)131:11(1392)Pita, A. L., Teixeira, P. F., & Robuste, F. (2004). High speed and track deterioration: The role of vertical stiffness of the track. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 218(1), 31-40. doi:10.1243/095440904322804411Molatefi, H., & Izadbakhsh, S. (2013). Continous rail absorber design using decay rate calculation in FEM. Structural Engineering and Mechanics, 48(4), 455-466. doi:10.12989/sem.2013.48.4.455Montalbán, L., Real, J., & Real, T. (2012). Mechanical characterization of railway structures based on vertical stiffness analysis and railway substructure stress state. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 227(1), 74-85. doi:10.1177/0954409712452348Montalbán Domingo, L., Real Herraiz, J. I., Zamorano, C., & Real Herraiz, T. (2014). Design of a new high lateral resistance sleeper and performance comparison with conventional sleepers in a curved railway track by means of finite element models. Latin American Journal of Solids and Structures, 11(7), 1238-1250. doi:10.1590/s1679-78252014000700009Montalbán Domingo, L., Zamorano Martín, C., Palenzuela Avilés, C., & Real Herráiz, J. I. (2014). Analysis of the Influence of Cracked Sleepers under Static Loading on Ballasted Railway Tracks. The Scientific World Journal, 2014, 1-10. doi:10.1155/2014/363547Real, J. I., Gómez, L., Montalbán, L., & Real, T. (2012). Study of the influence of geometrical and mechanical parameters on ballasted railway tracks design. Journal of Mechanical Science and Technology, 26(9), 2837-2844. doi:10.1007/s12206-012-0734-7Shan, Y., Albers, B., & Savidis, S. A. (2013). Influence of different transition zones on the dynamic response of track–subgrade systems. Computers and Geotechnics, 48, 21-28. doi:10.1016/j.compgeo.2012.09.006Shi, J., Burrow, M. P. N., Chan, A. H., & Wang, Y. J. (2012). Measurements and simulation of the dynamic responses of a bridge–embankment transition zone below a heavy haul railway line. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 227(3), 254-268. doi:10.1177/095440971246097

Analysis of the performance of under-sleeper pads in highspeed line transition zones

[EN] In many high-speed railway lines, the zones between embankments and structures may present some discontinuities, in terms of track geometry and track stiffness, which may create discomfort for passengers, induce deterioration of track and vehicle materials and even raise the risk of derailment to dangerous levels. In the attempt to attenuate the consequences of such problems, some solutions pointing at progressively changing the vertical stiffness in the railway track have been tested, such as transition zones or pads placed either between the rails and the sleepers or under the sleepers. The contribution of under-sleeper pads in transition regions and their effect on the railway infrastructure is specifically analysed in the present paper. The results obtained are of interest since they provide useful information for railway managers on infrastructure design and justify the need to implement such transition ones.Insa Franco, R.; Salvador Zuriaga, P.; Inarejos Mesa, J.; Medina González, L. (2014). Analysis of the performance of under-sleeper pads in highspeed line transition zones. Proceedings of the Institution of Civil Engineers - Transport. 167(2):63-77. doi:10.1680/tran.11.00033S6377167

Complex conductivity of soils

The complex conductivity of soils remains poorly known despite the growing importance of this method in hydrogeophysics. In order to fill this gap of knowledge, we investigate the complex conductivity of 71 soils samples (including four peat samples) and one clean sand in the frequency range 0.1 Hz to 45 kHz. The soil samples are saturated with six different NaCl brines with conductivities (0.031, 0.53, 1.15, 5.7, 14.7, and 22 S m21, NaCl, 258C) in order to determine their intrinsic formation factor and surface conductivity. This data set is used to test the predictions of the dynamic Stern polarization model of porous media in terms of relationship between the quadrature conductivity and the surface conductivity. We also investigate the relationship between the normalized chargeability (the difference of in-phase conductivity between two frequencies) and the quadrature conductivity at the geometric mean frequency. This data set confirms the relationships between the surface conductivity, the quadrature conductivity, and the normalized chargeability. The normalized chargeability depends linearly on the cation exchange capacity and specific surface area while the chargeability shows no dependence on these parameters. These new data and the dynamic Stern layer polarization model are observed to be mutually consistent. Traditionally, in hydrogeophysics, surface conductivity is neglected in the analysis of resistivity data. The relationships we have developed can be used in field conditions to avoid neglecting surface conductivity in the interpretation of DC resistivity tomograms. We also investigate the effects of temperature and saturation and, here again, the dynamic Stern layer predictions and the experimental observations are mutually consistent

Source to sink zircon grain shape: Constraints on selective preservation and significance for Western Australian Proterozoic basin provenance

The effect of selective preservation during transportation of zircon grains on the detrital age spectrum is difficult to quantify and could potentially lead to systematic bias in provenance analysis. Here we investigate whether the shape of detrital zircon grains holds provenance information and if the grain shape can assist in understanding preservation. We applied multiple linear regression analysis to identify significant shape properties in detrital zircons from Proterozoic metasediments of the Capricorn and Amadeus basins and their Archean and Proterozoic sources in the Yilgarn Craton and the Musgrave Province in Western Australia. Digital images and isotopic data from 819 SIMS U-Pb dated zircons were examined for correlation between grain shape, age, U and Th content. Out of twelve shape descriptors measured, Minor Axis, the width of zircon grains perpendicular to the crystallographic c-axis, consistently shows the most significant correlation with isotopic age. In the studied population Archean grains are narrower than Proterozoic grains: the probability that grains wider than 75 µm are Archean is less than 30%.Calculations of the proportions of source material in sedimentary rocks relative to the proportions of source material in the overall catchment area (erosion parameter '. K' calculated based on age spectra) produced values typical for mature river systems, with K = 6 for the Yilgarn-Capricorn and K = 5.5 for the Musgrave-Amadeus source-sink system. For the Yilgarn-Capricorn system, we also calculated '. K' based on Minor Axis, to determine whether grain width can be linked to age populations. Results of the shape-based K of 5.3 suggest a similarity between age-based and shape-based '. K' values, demonstrating that zircon grain width may be a useful discriminator of provenance. Contrary to commonly applied qualitative shape classifications, we found no consistent correlations between shape descriptors of magmatic zircons and the composition of their host rock. While metamict zircons were preferentially removed during transport, the similarities in grain shape and age distribution of magmatic and detrital populations suggest that hydraulic sorting did not have a significant effect. We conclude that transport of zircon grains from magmatic source to sedimentary sink affects their width less than their length