• Title/Summary/Keyword: web vulnerability

Search Result 146, Processing Time 0.02 seconds

A Study on IP Camera Security Issues and Mitigation Strategies (IP 카메라 보안의 문제점 분석 및 보완 방안 연구)

  • Seungjin Shin;Jungheum Park;Sangjin Lee
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.12 no.3
    • /
    • pp.111-118
    • /
    • 2023
  • Cyber attacks are increasing worldwide, and attacks on personal privacy such as CCTV and IP camera hacking are also increasing. If you search for IP camera hacking methods in spaces such as YouTube, SNS, and the dark web, you can easily get data and hacking programs are also on sale. If you use an IP camera that has vulnerabilities used by hacking programs, you easily get hacked even if you change your password regularly or use a complex password including special characters, uppercase and lowercase letters, and numbers. Although news and media have raised concerns about the security of IP cameras and suggested measures to prevent damage, hacking incidents continue to occur. In order to prevent such hacking damage, it is necessary to identify the cause of the hacking incident and take concrete measures. First, we analyzed weak account settings and web server vulnerabilities of IP cameras, which are the causes of IP camera hacking, and suggested solutions. In addition, as a specific countermeasure against hacking, it is proposed to add a function to receive a notification when an IP camera is connected and a function to save the connection history. If there is such a function, the fact of damage can be recognized immediately, and important data can be left in arresting criminals. Therefore, in this paper, we propose a method to increase the safety from hacking by using the connection notification function and logging function of the IP camera.

GIS-based Disaster Management System for a Private Insurance Company in Case of Typhoons(I) (지리정보기반의 재해 관리시스템 구축(I) -민간 보험사의 사례, 태풍의 경우-)

  • Chang Eun-Mi
    • Journal of the Korean Geographical Society
    • /
    • v.41 no.1 s.112
    • /
    • pp.106-120
    • /
    • 2006
  • Natural or man-made disaster has been expected to be one of the potential themes that can integrate human geography and physical geography. Typhoons like Rusa and Maemi caused great loss to insurance companies as well as public sectors. We have implemented a natural disaster management system for a private insurance company to produce better estimation of hazards from high wind as well as calculate vulnerability of damage. Climatic gauge sites and addresses of contract's objects were geo-coded and the pressure values along all the typhoon tracks were vectorized into line objects. National GIS topog raphic maps with scale of 1: 5,000 were updated into base maps and digital elevation model with 30 meter space and land cover maps were used for reflecting roughness of land to wind velocity. All the data are converted to grid coverage with $1km{\times}1km$. Vulnerability curve of Munich Re was ad opted, and preprocessor and postprocessor of wind velocity model was implemented. Overlapping the location of contracts on the grid value coverage can show the relative risk, with given scenario. The wind velocities calculated by the model were compared with observed value (average $R^2=0.68$). The calibration of wind speed models was done by dropping two climatic gauge data, which enhanced $R^2$ values. The comparison of calculated loss with actual historical loss of the insurance company showed both underestimation and overestimation. This system enables the company to have quantitative data for optimizing the re-insurance ratio, to have a plan to allocate enterprise resources and to upgrade the international creditability of the company. A flood model, storm surge model and flash flood model are being added, at last, combined disaster vulnerability will be calculated for a total disaster management system.

Efficient Coverage Guided IoT Firmware Fuzzing Technique Using Combined Emulation (복합 에뮬레이션을 이용한 효율적인 커버리지 가이드 IoT 펌웨어 퍼징 기법)

  • Kim, Hyun-Wook;Kim, Ju-Hwan;Yun, Joobeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.5
    • /
    • pp.847-857
    • /
    • 2020
  • As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.

Study on Availability Guarantee Mechanism on Smart Grid Networks: Detection of Attack and Anomaly Node Using Signal Information (스마트그리드 네트워크에서 가용성 보장 메커니즘에 관한 연구: 신호정보를 이용한 공격 및 공격노드 검출)

  • Kim, Mihui
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.279-286
    • /
    • 2013
  • The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.

An Analysis of the Vulnerability of SSL/TLS for Secure Web Services (안전한 웹 서비스를 위한 SSL/TLS 프로토콜 취약성 분석)

  • 조한진;이재광
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.10
    • /
    • pp.1269-1284
    • /
    • 2001
  • The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

  • PDF

Multimorbidity and Its Impact on Workers: A Review of Longitudinal Studies

  • Cabral, Giorgione G.;de Souza, Ana C. Dantas;Barbosa, Isabelle R.;Jerez-Roig, Javier;Souza, Dyego L.B.
    • Safety and Health at Work
    • /
    • v.10 no.4
    • /
    • pp.393-399
    • /
    • 2019
  • Objective: This study investigates the impact of multimorbidity on work through a literature review of longitudinal studies. Methods: A systematic review was carried out in the databases Lilacs, SciELO, PAHO, PubMed/Medline, Scopus, Web of Science, and Cochrane. There were no restrictions regarding the year of publication or language to maximize the identification of relevant literature. The quality of studies was assessed by the protocol STrengthening the Reporting of OBservational studies in Epidemiology (STROBE). Results: An initial database search identified 7522 registries, and at the end of the analysis, 7 manuscripts were included in the review. Several studies have demonstrated direct and indirect impacts of multimorbidity on the health of workers. For this, the number of missed days due to health-related issues was evaluated, as well as the reduction in work productivity of the unhealthy worker, vulnerability of the worker with multimorbidity regarding higher indices of dismissal and recruitment difficulties, and incidence of early retirement and/or receipt of benefits due to disabilities. Conclusions: Multimorbidity has a negative impact on work, with damages to quality of life and work productivity, worsening the absenteeism/presenteeism indices, enhancing the chances of temporary or permanent leaves, and lowering employability and admission of individuals with multimorbidity.

A Study on Security Measure of Step-Wise Project (단계별 프로젝트 보안 방안에 대한 연구)

  • Shin, Seong-Yoon;Jang, Dai-Hyun;Kim, Hyeong-Jin
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.16 no.11
    • /
    • pp.2459-2464
    • /
    • 2012
  • Many companies has led to the damage case being leaked to personal information by taking cyber attack. Also, planned hacking cases continues to increase for the purpose of acquiring monetary gain or causing social disruption induction, etc. Approximately 75% of the Web site attacks exploit the vulnerability of the application. Major security issue is to strengthen the S/W development security according to the legal basis. The members of the project team is the fact that the lack of recognition of application development security. In addition, passive response and security validation/testing, etc. throughout the SDLC to the entire area is insufficient. Therefore, rework due to the belated discovery of a defect has occurs. In this paper, we examine the case of the project step-by-step security activities by performing IT services companies. And, through this, we present security measures that can be applied to the step-wise real-world projects.

Cyclic testing of chevron braced steel frames with IPE shear panels

  • Zahrai, Seyed Mehdi
    • Steel and Composite Structures
    • /
    • v.19 no.5
    • /
    • pp.1167-1184
    • /
    • 2015
  • Despite considerable life casualty and financial loss resulting from past earthquakes, many existing steel buildings are still seismically vulnerable as they have no lateral resistance or at least need some sort of retrofitting. Passive control methods with decreasing seismic demand and increasing ductility reduce rate of vulnerability of structures against earthquakes. One of the most effective and practical passive control methods is to use a shear panel system working as a ductile fuse in the structure. The shear Panel System, SPS, is located vertically between apex of two chevron braces and the flange of the floor beam. Seismic energy is highly dissipated through shear yielding of shear panel web while other elements of the structure remain almost elastic. In this paper, lateral behavior and related benefits of this system with narrow-flange link beams is experimentally investigated in chevron braced simple steel frames. For this purpose, five specimens with IPE (narrow-flange I section) shear panels were examined. All of the specimens showed high ductility and dissipated almost all input energy imposed to the structure. For example, maximum SPS shear distortion of 0.128-0.156 rad, overall ductility of 5.3-7.2, response modification factor of 7.1-11.2, and finally maximum equivalent viscous damping ratio of 35.5-40.2% in the last loading cycle corresponding to an average damping ratio of 26.7-30.6% were obtained. It was also shown that the beam, columns and braces remained elastic as expected. Considering this fact, by just changing the probably damaged shear panel pieces after earthquake, the structure can still be continuously used as another benefit of this proposed retrofitting system without the need to change the floor beam.

Dynamic Analysis Framework for Cryptojacking Site Detection (크립토재킹 사이트 탐지를 위한 동적 분석 프레임워크)

  • Ko, DongHyun;Jung, InHyuk;Choi, Seok-Hwan;Choi, Yoon-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.4
    • /
    • pp.963-974
    • /
    • 2018
  • With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

A Study on Interface Security Enhancement (조직의 실시간 보안관리 체계 확립을 위한 '인터페이스 보안' 강화에 대한 연구)

  • Park, Joon-Jeong;Kim, Sora;Ahn, SooHyun;Lim, Chae-Ho;Kim, Kwangjo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.5
    • /
    • pp.171-176
    • /
    • 2015
  • Because the specific security technology alone can not cope with sophisticated attacks, various security management models are applied. But, they do not focus on the vulnerability of the highest part because they offer so many common security management criteria. By analyzing the main information and confidential leakage cases inflicting enormous damage to our society, we found that attackers are using mainly an interface vulnerabilities - the paths that connect the internal and external of the organization, such as e-mail, web server, portable devices, and subcontractor employees. Considering the reality that time and resources to invest in security domain are limited, we point out the interface security vulnerabilities the possibility of attackers to exploit and present a convergence method of security measures. Finally, based of ROI(Return on Investment), we propose the real-time security management system through the intensive and continuous management.