BACC 661 Final Exam
Internet protocal IP addressing rules
32-bitidentifier divided into 4chunks (8 bits each). 0-255
If we compile and run the following program, what output will we see? public class Idiot { public static void main (String [] argv) { for ( ; 0<3; ) { System.out.println ("I am an idiot."); } } }
I am an idiot (infinite)
If we compile and run the following program, what output will we see? public class Idiot { public static void main (String [] argv) { for ( ; true; ) { System.out.println ("I am an idiot."); } } }
I am an idiot (infinite)
Is there a way for hackers/spammers to scramble, or change their IP address so they cannot be tracked back to their original IP?
IP address spoofing may work for one-way communication. In two-way communication, the sender using a false IP address will be unable to receive responses, which are sent to the spoofed address. Machines connecting through TCP will perform a handshake before exchanging data. If any machine provides a false IP address, the handshake will fail and no data can be exchange.
Defense against password attack
Make sure users do not select passwords that can be easily guessed by an automated tool. Set minimum password length Prohibit dictionary words Require alphanumeric & special characters salting Use one-time password tokens or smart cards for access. Multifactor authentication. Conduct regular password-crackingtests using John the Ripper or Cain
What does the following program output? public class GoodMorning { public static void main (String [] argv) { for (int i=0; i>3; i=i+1 ) { System.out.println ("Good Morning"); } } }
No output. Program exits the for-loop without outputting anything.
Where should raw password be stored?
No where. Should never be stored.
If we compile and run the following program, what output will we see? import java.lang.*; public class Idiot { public static void main (String [] argv) { for (int i=0; i>3; i=i+1 ) { System.out.println ("I am an idiot."); } } }
Nothing
What is a protocol?
Protocols define format, order of messages sent and received between communicating parties
What does SMTP specify?
Simple Mail Transfer Protocol. It is a communication protocol used for sending and receiving email messages over the Internet.
In password-based user validation, the first two steps are (1) user inputting userID and (2) user inputting password. What are the next three steps?
Step 3: System hashes password input by user Step 4: System looks up hashed password corresponding to userID from user Step 5: Check if hashed passwords from #3 and #4 are identical.
In our discussion of TCP/IP, how are loopholes and protocols related?
If you know the protocol of the system you can make the machine do whatever you want it to do. Loopholes are protocols?
Finding ualbany's mail server name
nslookup
What is a rainbow table
password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
Convert the sentence below to a java comment: This program consolidates parent and subsidiary accounts.
// This program consolidates parent and subsidiary accounts. OR /*This program consolidates parent and subsidiary accounts.*/
In regards to Java, can you explain/ how do you change your password in Java via hash
//convert word into an array of bytes. //digest() method hashes/encrypts input to produce an array of bytes. byte [] ba1 = md1.digest(word.getBytes()); //convert the arrays of bytes into strings. store in hash1, hash2, and hash3 hash1 = DatatypeConverter.printHexBinary(ba1);
The last line of the following program currently prints nothing. How should you change that line to print the balance of land? import java.util.*; public class AccountBalance { public static HashMap<String, Integer> hm = new HashMap<String, Integer>(); public static void main(String[] args) throws Exception { hm.put("computerEquipment", 60); hm.put("land", 50); hm.put("building", 90); System.out.println( ); } }
System.out.println( hm.get("land") );
What is the output from the following java code section? String son = "land 50,computerEquipment 25"; String [] accBal = son.split(","); System.out.println(accBal[0]); a. land 50,computerEquipment 25 b. land 50 c. computerEquipment 25 d. land e. computerEquipment f. 50 g. 25 h. None of the above
b. land 50
How many lines of output will the following program produce? public class GoodMorning { public static void main (String [] argv) { for (int i=1; i<3; i=i+1 ) { System.out.println ("Good Morning"); } } } a. 0 b. 1 c. 2 d. 3 e. infinitely many
c. 2
Which of the following passwords is least likely cracked by dictionary attack? a. butter b. holiday c. cat d. topsecret e. birthday
d. topsecret
Which of the following is a valid IP address in IPV4 format and dot decimal notation? a. 225.225.225.225.22 b. 126.127.128.129.130 c. 126.127.128 d. 125.126.127 e. 2266.2266.2266.2266 f. 0.1.2.3 g. None of the above
f. 0.1.2.3
How does the java compiler differ from the java interpreter?
javac is java compiler, which creates machine code from the text file.java is java interpreting, which run the machine code
How is System.out.print() different from System.out.println();?
println will display the message on a new line, while the print statement will print the message on the same line.
Password cracking involves stealing and downloading the encrypted/hashed password file
From system backup disk From administrator's recovery disk Stealing /etc/passwd
What is a rainbow table?
A table of the hashed value of each dictionary word
Our BigData.java program currently cannot handle all state name variations. Can you think of ways to improve it? public class BigData { public static void main (String [] argv) { // name, city, state, balance // [0] [1] [2] [3] String [] customer = {"adam,Troy,NY,80", "alice,albany,ny,900", "bob,albany,New York,75", "Nick,boston,ma,110", "serena,syracuse,N.Y.,230", "luca,hudson,n.y.,190", "jake,latham,NewYork,190", "natalie,middletown,rhode island,630", "gianna,newark,New Jersey,3800", "emily,Willmantic,Connecticut,330"}; for (int i=0; i<customer.length; i++) { String [] field = customer[i].split(","); String state = field[2].replaceAll("\\.",""); if (state.length()!=2) { state = state.replaceAll("[^A-Z]",""); } state = state.toUpperCase(); System.out.println(field[0]+"\t"+field[1]+"\t"+state+"\t"+field[3]); } } }
Add a line of code that changes C for Connecticut to CT
What is salting? Explain in no more than 10 words.
Adding extra characters to user-selected password before hashing
Protocol layering and data
Application layer is close to human language. Physical layer deals with electronic signaling across a network. Adds header information to create new data unit Passes new data unit to the layer below.
What are the conditions under which dictionary attack will work?
Hacker must have password file. Users use passwords from dictionary.
If we compile and run the following program, what output will we see? import java.lang.*; public class ChangeCar { public static void main (String [] argv) { String[] cars = {"Volvo", "BMW", "Ford", "Mazda"}; System.out.println(cars[4]); } }
Error Array index out of bound
If we compile and run the following program, what output will we see? public class Idiot { public static void main (String [] argv) { for ( ; 0>3; ) { System.out.println ("I am an idiot."); } } }
The above program produces no output. Because (0>3) is always false, the body of the for-loop should never be executed, In fact, the java compiler sees the (0>3) condition as an error, and stops the compilation. In contrast, the following compiles and runs without problem: import java.lang.*; public class Idiot { public static void main (String [] argv) { int i=0; for ( ; i>3; ) { System.out.println ("HelloWorld!"); } } }
Suppose you issued the nslookup command below C:\>nslookup 169.226.22.24 and obtained the following response: Server: dnsres2.albany.edu Address: 169.226.1.103 Name: bacc661-sp24.its.albany.edu Address: 169.226.22.24 What is the "Server: dnsres2.albany.edu" line about?
The identity of the server answering your query.
How does the java compiler differ from the java interpreter?
The java compiler scans the entire program first and then translates it into machine code, whereas the java interpreter scans the program line by line and translates it into machine code. Additionally, the interpreter shows one error at a time while the compiler shows all errors at the same time.
Given that user validation systems test user credentials by comparing hashed passwords. Why can't hackers directly use stolen password files which contain both userID and hashed passwords to gain entry to targeted system?
Validation system hashes password input by user, causing double hashing.
If hashing is irreversible, can hashed passwords still be cracked?
Yes, it can be reverse engineered with a rainbow table
String arrays
a collection of elements
What is the output from the following java code section? String accBal = "truck 40"; String accInfo = accBal.replaceAll("[^0-9]", ""); System.out.println(accInfo.length()); a. 2 b. 3 c. 4 d. 5 e. 6 f. truck g. 40 h. None of the above
a. 2
What is the output of the following java code section? for (int i=0; i<3; i++) System.out.print('*'); a. Three stars on a horizontal line b. Four stars on a horizontal line c. Three stars stacked vertically d. Four stars stacked vertically e. None of the above
a. Three stars on a horizontal line
