DOCSLIB.ORG

A Primer on Cracking: Part 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Primer on Cracking: Part 2 82-03-08 DATA SECURITY MANAGEMENT A PRIMER ON CRACKING: PART 2 Edward Skoudis INSIDE Stack-based Buffer Overflows; The Art and Science of Password Cracking; Backdoors; Trojan Horses and RootKits; Overall Defenses — Intrusion Detection and Incident Response Procedures INTRODUCTION Part 1 of this article (82-03-07) discussed network mapping and port scanning, vulnerability scanning, wardialing, network exploits, and deni- al-of-service attacks. Part 2 discusses stack-based buffer overflows, pass- word cracking, backdoors, Trojan horses and rootkits, and defenses — intrusion detection and incident response procedures. STACK-BASED BUFFER OVERFLOWS Stack-based buffer overflow attacks are commonly used by an attacker to take over a system remotely across a network. Additionally, buffer over- flows can be employed by local malicious users to elevate their privileges and gain superuser access to a system. Stack-based buffer overflow attacks exploit the way many operating systems handle their stack, an internal data structure used by running programs to store data temporarily. When a func- tion call is made, the current state of the executing program and variables to be passed to the function are pushed on the stack. New local variables used by the function are also allocated space on the stack. Additionally, the stack stores the return address of the code calling the function. This return address will be accessed from the stack once the function call is com- plete. The system uses this address to PAYOFF IDEA With the rise of powerful, easy-to-use, and widely resume execution of the calling pro- distributed hacker tools, many in the security in- gram at the appropriate place. Exhibit dustry have observed that today is the golden age 1 shows how a stack is constructed. of hacking. The purpose of this article is to de- Most UNIX and all Windows sys- scribe the tools in widespread use today for com- promising computer and network security. Addi- tems have a stack that can hold data tionally, for each tool and technique described, and executable code. Because local the article presents practical advice on defending variables are stored on the stack against each type of attack. Auerbach Publications © 2001 CRC Press LLC DATA SECURITY MANAGEMENT EXHIBIT 1 — A Normal Stack and a Stack with a Buffer Overflow when a function is called, poor code can be exploited to overrun the boundaries of these variables on the stack. If user input length is not ex- amined by the code, a particular variable on the stack may exceed the memory allocated to it on the stack, overwriting all variables and even the return address for where execution should resume after the function is complete. This operation, called “smashing” the stack, allows an attacker to overflow the local variables to insert executable code and another return address on the stack. Exhibit 1 also shows a stack that has been smashed with a buffer overflow. The attacker will overflow the buffer on the stack with machine-spe- cific bytecodes that consist of executable commands (usually a shell rou- tine), and a return pointer to begin execution of these inserted commands. Therefore, with very carefully constructed binary code, the attacker can actually enter information as a user into a program that con- sists of executable code and a new return address. The buggy program will not analyze the length of this input, but will place it on the stack, and actually begin to execute the attacker’s code. Such vulnerabilities allow an attacker to break out of the application code and access any system components with the permissions of the broken program. If the broken program is running with superuser privileges (e.g., SUID root on a UNIX system), the attacker has taken over the machine with a buffer overflow. Stack-based Buffer Overflow Defenses The most thorough defense against buffer overflow attacks is to properly code software so that it cannot be used to smash the stack. All programs should validate all input from users and other programs, ensuring that it Auerbach Publications © 2001 CRC Press LLC A PRIMER ON CRACKING: PART 2 fits into allocated memory structures. Each variable should be checked (including user input, variables from other functions, input from other programs, and even environment variables) to ensure that allocated buff- ers are adequate to hold the data. Unfortunately, this ultimate solution is only available to individuals who write the programs and those with source code. Additionally, security practitioners and system administrators should carefully control and minimize the number of SUID programs on a sys- tem that users can run and have permissions of other users (such as root). Only SUID programs with an explicit business need should be in- stalled on sensitive systems. Finally, many stack-based buffer overflow attacks can be avoided by configuring the systems to not execute code from the stack. Notably, So- laris and Linux offer this option. For example, to secure a Solaris system against stack-based buffer overflows, the following lines should be add- ed to /etc/system: set noexec_user_stack=1 set noexec_user_stack_log=1 The first line will prevent execution on a stack, and the second line will log any attempt to do so. Unfortunately, some programs legitimately try to run code off the stack. Such programs will crash if this option is im- plemented. Generally, if the system is single purpose and needs to be se- cure (e.g., a Web server), this option should be used to prevent stack- based buffer overflow. THE ART AND SCIENCE OF PASSWORD CRACKING The vast majority of systems today authenticate users with a static pass- word. When a user logs in, the password is transmitted to the system, which checks the password to make the decision whether or not to let the user login. To make this decision, the system must have a mechanism to compare the user’s input with the actual password. Of course, the sys- tem could just store all of the passwords locally and compare from this file. Such a file of cleartext passwords, however, would provide a very juicy target for an attacker. To make the target less useful for attackers, most modern operating systems use a one-way hash or encryption mech- anism to protect the stored passswords. When a user types in a password, the system hashes the user’s entry and compares it to the stored hash. If the two hashes match, the password is correct and the user can login. Password cracking tools are used to attack this method of password protection. An attacker will use some exploit (often a buffer overflow) to gather the encrypted or hashed password file from a system (on a UNIX system without password shadowing, any user can read the hashed pass- Auerbach Publications © 2001 CRC Press LLC DATA SECURITY MANAGEMENT word file). After downloading the hashed password file, the attacker uses a password cracking tool to determine users’ passwords. The cracking tool operates using a loop: it guesses a password, hashes or encrypts the password, and compares it to the hashed password from the stolen file. If the hashes match, the attacker has the password. If the hashes do not match, the loop begins again with another password guess. Password cracking tools base their password guesses on a dictionary or a complete brute-force attack, attempting every possible password. Dozens of dictionaries are available online, in a multitude of languages including English, French, German, Klingon, etc. Numerous password cracking tools are available. The most popular and full-functional password crackers include: • John-the-Ripper, by Solar Designer, focuses on cracking UNIX pass- words; available at http://www.openwall.com/john/. • L0phtCrack, used to crack Windows NT passwords, is available at ht- tp://www.l0pht.com. Password Cracking Defenses The first defense against password cracking is to minimize the exposure of the encrypted/hashed password file. On UNIX systems, shadow pass- word files should be used, which allow only the superuser to read the password file. On Windows NT systems, the SYSKEY feature available in NT 4.0 SP 3 and later should be installed and enabled. Furthermore, all backups and system recovery disks should be stored in physically se- cured locations and possibly even encrypted. A strong password policy is a crucial element in ensuring a secure net- work. A password policy should require password lengths greater than eight characters and the use of alphanumeric and special characters in every password, and force users to have passwords with mixed-case let- ters. Users must be aware of the issue of weak passwords and be trained in creating memorable, yet difficult-to-guess passwords. To ensure that passwords are secure and to identify weak passwords, security practitioners should check system passwords on a periodic basis using password cracking tools. When weak passwords are discovered, the security group should have a defined procedure for interacting with users whose passwords can be easily guessed. Finally, several software packages are available that prevent users from setting their passwords to easily guessed values. When a user estab- lishes a new password, these filtering programs check the password to make sure that it is sufficiently complex and is not just a variation of the user name or a dictionary word. With this kind of tool, users are simply unable to create passwords that are easily guessed, eliminating a signifi- cant security issue. For filtering software to be effective, it must be in- stalled on all servers where users establish passwords, including UNIX Auerbach Publications © 2001 CRC Press LLC A PRIMER ON CRACKING: PART 2 servers, Windows NT primary and backup domain controllers, and Nov- ell servers. (Jonathan Held, “Password Security,” Data Security Manage- ment, April 2000, 83-01-11.) BACKDOORS Backdoors are programs that bypass traditional security checks on a sys- tem, allowing an attacker to gain access to a machine without providing a system password and getting logged.
Load more

Recommended publications
  • Cross-Platform Analysis of Indirect File Leaks in Android and Ios Applications
    Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications Daoyuan Wu and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University fcsdwu, [email protected] This paper was published in IEEE Mobile Security Technologies 2015 [47] with the original title of “Indirect File Leaks in Mobile Applications”. Victim App Abstract—Today, much of our sensitive information is stored inside mobile applications (apps), such as the browsing histories and chatting logs. To safeguard these privacy files, modern mobile Other systems, notably Android and iOS, use sandboxes to isolate apps’ components file zones from one another. However, we show in this paper that these private files can still be leaked by indirectly exploiting components that are trusted by the victim apps. In particular, Adversary Deputy Trusted we devise new indirect file leak (IFL) attacks that exploit browser (a) (d) parties interfaces, command interpreters, and embedded app servers to leak data from very popular apps, such as Evernote and QQ. Unlike the previous attacks, we demonstrate that these IFLs can Private files affect both Android and iOS. Moreover, our IFL methods allow (s) an adversary to launch the attacks remotely, without implanting malicious apps in victim’s smartphones. We finally compare the impacts of four different types of IFL attacks on Android and Fig. 1. A high-level IFL model. iOS, and propose several mitigation methods. four IFL attacks affect both Android and iOS. We summarize these attacks below. I. INTRODUCTION • sopIFL attacks bypass the same-origin policy (SOP), Mobile applications (apps) are gaining significant popularity which is enforced to protect resources originating from in today’s mobile cloud computing era [3], [4].
    [Show full text]
  • UPLC™ Universal Power-Line Carrier
    UPLC™ Universal Power-Line Carrier CU4I-VER02 Installation Guide AMETEK Power Instruments 4050 N.W. 121st Avenue Coral Springs, FL 33065 1–800–785–7274 www.pulsartech.com THE BRIGHT STAR IN UTILITY COMMUNICATIONS March 2006 Trademarks All terms mentioned in this book that are known to be trademarks or service marks are listed below. In addition, terms suspected of being trademarks or service marks have been appropriately capital- ized. Ametek cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. This publication includes fonts and/or images from CorelDRAW which are protected by the copyright laws of the U.S., Canada and elsewhere. Used under license. IBM and PC are registered trademarks of the International Business Machines Corporation. ST is a registered trademark of AT&T Windows is a registered trademark of Microsoft Corp. Universal Power-Line Carrier Installation Guide ESD WARNING! YOU MUST BE PROPERLY GROUNDED, TO PREVENT DAMAGE FROM STATIC ELECTRICITY, BEFORE HANDLING ANY AND ALL MODULES OR EQUIPMENT FROM AMETEK. All semiconductor components used, are sensitive to and can be damaged by the discharge of static electricity. Be sure to observe all Electrostatic Discharge (ESD) precautions when handling modules or individual components. March 2006 Page i Important Change Notification This document supercedes the preliminary version of the UPLC Installation Guide. The following list shows the most recent publication date for the new information. A publication date in bold type indicates changes to that information since the previous publication.
    [Show full text]
  • SMM Rootkits
    SMM Rootkits: A New Breed of OS Independent Malware Shawn Embleton Sherri Sparks Cliff Zou University of Central Florida University of Central Florida University of Central Florida [email protected] [email protected] [email protected] ABSTRACT 1. INTRODUCTION The emergence of hardware virtualization technology has led to A rootkit consists of a set of programs that work to subvert the development of OS independent malware such as the Virtual control of an Operating System from its legitimate users [16]. If Machine based rootkits (VMBRs). In this paper, we draw one were asked to classify viruses and worms by a single defining attention to a different but related threat that exists on many characteristic, the first word to come to mind would probably be commodity systems in operation today: The System Management replication. In contrast, the single defining characteristic of a Mode based rootkit (SMBR). System Management Mode (SMM) rootkit is stealth. Viruses reproduce, but rootkits hide. They hide is a relatively obscure mode on Intel processors used for low-level by compromising the communication conduit between an hardware control. It has its own private memory space and Operating System and its users. Secondary to hiding themselves, execution environment which is generally invisible to code rootkits are generally capable of gathering and manipulating running outside (e.g., the Operating System). Furthermore, SMM information on the target machine. They may, for example, log a code is completely non-preemptible, lacks any concept of victim user’s keystrokes to obtain passwords or manipulate the privilege level, and is immune to memory protection mechanisms.
    [Show full text]
  • Nujj University of California, Berkeley School of Information Karen Hsu
    Nujj University of California, Berkeley School of Information Karen Hsu Kesava Mallela Alana Pechon Nujj • Table of Contents Abstract 1 Introduction 2 Problem Statement 2 Objective 2 Literature Review 3 Competitive Analysis 4 Comparison matrix 4 Competition 5 Hypothesis 6 Use Case Scenarios 7 Overall System Design 10 Server-side 12 Design 12 Implementation 12 Twitter and Nujj 14 Client-side 15 Design 17 Implementation 17 Future Work 18 Extended Functionality in Future Implementations 18 Acknowledgements 19 Abstract Nujj is a location based service for mobile device users that enables users to tie electronic notes to physical locations. It is intended as an initial exploration into some of the many scenarios made possible by the rapidly increasing ubiquity of location-aware mobile devices. It should be noted that this does not limit the user to a device with a GPS embedded; location data can now also be gleaned through methods such as cell tower triangulation and WiFi IP address lookup. Within this report, both social and technical considerations associated with exposing a user’s location are discussed. The system envisioned addresses privacy concerns, as well as attempts to overcome the poor rate of adoption of current location based services already competing in the marketplace. Although several possible use cases are offered, it is the authors’ firm belief that a well-designed location- based service should not attempt to anticipate all, or even most, of the potential ways that users will find to take advantage of it. Rather, the service should be focused on building a system that is sufficiently robust yet flexible to allow users to pursue their own ideas.
    [Show full text]
  • The Myth of the Superuser: Fear, Risk, and Harm Online
    The Myth of the Superuser: Fear, Risk, and Harm Online ∗ Paul Ohm Fear of the powerful computer user, the “Superuser,” dominates debates about online conflict. He is a mythic figure: difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact by passing overbroad, ambiguous laws intended to ensnare the Superuser but which are instead used against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated. The exaggerated focus on the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and ∗ Associate Professor of Law and Telecommunications, University of Colorado Law School. Thanks to Tim Wu, Orin Kerr, Phil Weiser, Julie Cohen, Pierre Schlag, Brett Frischmann, Victor Fleischer, Miranda Fleischer, Viva Moffat, and Jean Camp for their helpful comments. Thanks also for suggestions and support from participants in the University of Colorado Law School Faculty Workshop, including Clare Huntington, Nestor Davidson, Scott Peppett, Mimi Wesson, Amy Schmitz, Sarah Krakoff, and Brad Bernthal; the Intellectual Property Scholars Conference; and the Telecommunications Policy Research Conference. Thanks also to Todd Blair and Michael Beylkin for outstanding research assistance. 1327 1328 University of California, Davis [Vol. 41:1327 standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as laypeople to exaggerate the power of the Superuser.
    [Show full text]
  • Free, Functional, and Secure
    Free, Functional, and Secure Dante Catalfamo What is OpenBSD? Not Linux? ● Unix-like ● Similar layout ● Similar tools ● POSIX ● NOT the same History ● Originated at AT&T, who were unable to compete in the industry (1970s) ● Given to Universities for educational purposes ● Universities improved the code under the BSD license The License The license: ● Retain the copyright notice ● No warranty ● Don’t use the author's name to promote the product History Cont’d ● After 15 years, the partnership ended ● Almost the entire OS had been rewritten ● The university released the (now mostly BSD licensed) code for free History Cont’d ● AT&T launching Unix System Labories (USL) ● Sued UC Berkeley ● Berkeley fought back, claiming the code didn’t belong to AT&T ● 2 year lawsuit ● AT&T lost, and was found guilty of violating the BSD license History Cont’d ● BSD4.4-Lite released ● The only operating system ever released incomplete ● This became the base of FreeBSD and NetBSD, and eventually OpenBSD and MacOS History Cont’d ● Theo DeRaadt ○ Originally a NetBSD developer ○ Forked NetBSD into OpenBSD after disagreement the direction of the project *fork* Innovations W^X ● Pioneered by the OpenBSD project in 3.3 in 2002, strictly enforced in 6.0 ● Memory can either be write or execute, but but both (XOR) ● Similar to PaX Linux kernel extension (developed later) AnonCVS ● First project with a public source tree featuring version control (1995) ● Now an extremely popular model of software development anonymous anonymous anonymous anonymous anonymous IPSec ● First free operating system to implement an IPSec VPN stack Privilege Separation ● First implemented in 3.2 ● Split a program into processes performing different sub-functions ● Now used in almost all privileged programs in OpenBSD like httpd, bgpd, dhcpd, syslog, sndio, etc.
    [Show full text]
  • Jasperreports Server Administrator Guide
    TIBCO JASPERREPORTS® SERVER ADMINISTRATOR GUIDE RELEASE 6.1 http://www.jaspersoft.com Copyright ©2005-2015, TIBCO Software Inc. All rights reserved. Printed in the U.S.A. TIBCO, the TIBCO logo, TIBCO Jaspersoft, the TIBCO Jaspersoft logo, TIBCO Jaspersoft iReport Designer, TIBCO JasperReports Library, TIBCO JasperReports Server, TIBCO Jaspersoft OLAP, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft ETL are trademarks and/or registered trademarks of TIBCO Software Inc. in the United States and in jurisdictions throughout the world. All other company and product names are or may be trade names or trademarks of their respective owners. This is version 0915-JSP61-24 of the JasperReports Server Administrator Guide. TABLE OF CONTENTS Chapter 1 Overview of JasperReports Server Administration 11 1.1 Overview of Organizations 12 1.1.1 Single Default Organization 12 1.1.2 Multiple Organizations 13 1.1.3 Levels of Administrators 13 1.2 Overview of the Repository 14 1.2.1 Folder Structure 14 1.2.2 Resources 14 1.2.3 Sample Data 15 1.2.4 Browsing and Searching 16 1.3 Overview of Users and Roles 17 1.3.1 Administering Users and Roles 17 1.3.2 Delegated Administration 17 1.4 Overview of Security 18 1.5 Administrator Login 20 1.5.1 JasperReports Server Heartbeat 20 1.5.2 Administrator Email 20 1.6 Administrator Pages 21 Chapter 2 Organization, User, and Role Management 23 2.1 Managing Organizations 24 2.1.1 Viewing Organization Properties 25 2.1.2 Creating an Organization 25 2.1.3 Default Folders for Organizations 26 2.1.4 Editing an Organization 27 2.1.5 Deleting an Organization 28 2.2 Managing Users 28 2.2.1 Viewing User Properties 29 2.2.2 Creating a User 30 2.2.3 Editing a User 31 2.2.4 Enabling or Disabling Multiple Users 32 2.2.5 Deleting One or More Users 32 2.3 Managing Roles 32 TIBCO Software Inc.
    [Show full text]
  • Download Rooted Apps Andrpid Download Rooted Apps Andrpid
    download rooted apps andrpid Download rooted apps andrpid. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 67da3c732955c3d9 • Your IP : 188.246.226.140 • Performance & security by Cloudflare. 10 Best Rooting Apps For Android in 2021. Rooting apps are the best way to root any android device in One Click. There are lots of rooting apps for android that are available on the internet. Rooting Android devices helps in increasing the capabilities of the device. Rooting apps are very handy for getting Root access, allow users to get superuser privileges on the Android operating system, or run actions that require system privileges and get more control over it. In other words, When you root your Android phone you can control how it works and improve its functionality. There was a time when performing root was a complicated business but today the process has smoothened a lot due to a lot of rooting apps are available with great features.
    [Show full text]
  • EDB Postgres Advanced Server Installation Guide
    EDB Postgres™ Advanced Server Installation Guide EDB Postgres™ Advanced Server 10 February 15, 2021 EDB Postgres™ Advanced Server Installation Guide by EnterpriseDB® Corporation Copyright © 2009 – 2021 EnterpriseDB Corporation. All rights reserved. EnterpriseDB Corporation, 34 Crosby Drive Suite 100, Bedford, MA 01730, USA T +1 781 357 3390 F +1 978 589 5701 E [email protected] www.enterprisedb.com Copyright © 2009 - 2021 EnterpriseDB Corporation. All rights reserved. 2 EDB Postgres Advanced Server Installation Guide Table of Contents 1 Introduction ........................................................................................................................................... 5 1.1 Typographical Conventions Used in this Guide ............................................................................... 6 2 Requirements Overview ........................................................................................................................ 7 2.1 Supported Platforms ......................................................................................................................... 7 2.2 RPM Installation Pre-Requisites ...................................................................................................... 7 3 Using a Package Manager to Install Advanced Server ......................................................................... 8 3.1 Installing Advanced Server on a CentOS Host ................................................................................ 9 3.2 Installing Advanced Server
    [Show full text]
  • A Critical Review of 7 Years of Mobile Device Forensics
    *Manuscript Click here to view linked References A critical review of 7 years of Mobile Device Forensics Konstantia Barmpatsaloua, Dimitrios Damopoulosa, Georgios Kambourakisa,∗, Vasilios Katosb, aInfo-Sec-Lab Laboratory of Information and Communications Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece bInformation Security and Incident Response Unit, Department of Electrical and Computer Engineering, Democritus University of Thrace, University Campus, Kimmeria, Xanthi,Greece Abstract T Mobile Device Forensics (MF) is an interdisciplinary field consisting of tech- niques applied to a wide range of computing devices, including smartphones and satellite navigation systems. Over the last fewF years, a significant amount of research has been conducted, concerning various mobile device platforms, data acquisition schemes, and information extraction methods. This work provides a comprehensive overview of theA field, by presenting a detailed as- sessment of the actions and methodologies taken throughout the last seven years. A multilevel chronological categorization of the most significant stud- ies is given in order to provide a quick but complete way of observing the trends within the field. ThisR categorization chart also serves as an ana- lytic progress report, with regards to the evolution of MF. Moreover, since standardization efforts in this area are still in their infancy, this synopsis of research helps set theD foundations for a common framework proposal. Fur- thermore, because technology related to mobile devices is evolving rapidly, disciplines in the MF ecosystem experience frequent changes. The rigorous and critical review of the state-of-the-art in this paper will serve as a resource to support efficient and effective reference and adaptation.
    [Show full text]
  • That All Ultimiti
    THAT ALL US009753796B2ULTIMITI (12 ) United States Patent ( 10 ) Patent No. : US 9 , 753, 796 B2 Mahaffey et al. (45 ) Date of Patent: Sep . 5 , 2017 ( 54 ) DISTRIBUTED MONITORING , (58 ) Field of Classification Search EVALUATION , AND RESPONSE FOR CPC .. .. .. GO6F 11/ 0766 MULTIPLE DEVICES See application file for complete search history. ( 71 ) Applicant: LOOKOUT, INC ., San Francisco , CA ( 56 ) References Cited (US ) U . S . PATENT DOCUMENTS ( 72 ) Inventors : Kevin Patrick Mahaffey , San Francisco , CA (US ) ; Timothy Micheal 3 ,416 ,032 A 12/ 1968 Jahns, V . et al. Wyatt , San Francisco , CA (US ) ; Brian 4 ,553 ,257 A 11 / 1985 Mori et al. James Buck , Livermore , CA (US ) ; 5 ,319 ,776 A 6 / 1994 Hile et al . John Gunther Hering , San Francisco , (Continued ) CA (US ) ; Amit Gupta , San Francisco , CA (US ) ; Alex Cameron Abey , FOREIGN PATENT DOCUMENTS Livermore , CA (US ) GB 2430588 3 / 2007 wo 2005101789 10 / 2005 ( 73 ) Assignee : LOOKOUT, INC . , San Francisco , CA ( Continued ) (US ) ( * ) Notice : Subject to any disclaimer , the term of this OTHER PUBLICATIONS patent is extended or adjusted under 35 Notification of Transmittal of the Internatonal Search Report and the U . S . C . 154 ( b ) by 154 days . Written Opinion on the International Searching Authority , or the Declaration , International Application No . PCT/ US2014 /68915 , fil ( 21) Appl . No. : 14 /099 ,737 ing Dec . 5 , 2014 , mailing date Mar. 5 , 2015 . (22 ) Filed : Dec . 6 , 2013 (Continued ) (65 ) Prior Publication Data Primary Examiner — Syed Hasan US 2015 /0163121 A1 Jun . 11, 2015 (74 ) Attorney , Agent, or Firm — Dergosits & Noah LLP (51 ) Int. CI. (57 ) ABSTRACT G06F 1730 (2006 .
    [Show full text]
  • Trakpro Lite Secure Software User's Guide
    TRAKPRO™ LITE SECURE SOFTWARE VERSION 3.0 USER’S GUIDE TRAKPRO™ LITE SECURE SOFTWARE VERSION 3.0 USER’S GUIDE P/N 6004404, Revision E November 2012 SHIP TO/MAIL TO: E-mail address: TSI Incorporated [email protected] 500 Cardigan Road Shoreview, MN 55126-3996 Website: USA http://www.tsi.com U.S. INTERNATIONAL Technical Support: Technical Support: (800) 874-2811/(651) 490-2811 (001 651) 490-2811 Fax: Fax: (651) 490-3824 (001 651) 490-3824 Manual Histor y The following is a manual history of the TrakPro™ Lite Secure Software User’s Guide (P/N 6004404). Revision Date A June 2009 B July 2010 C September 2010 D October 2012 E November 2012 ii Warranty Part Number 6002796 / Revision E / November 2012 Copyright ©TSI Incorporated / 2010-2012 / All rights reserved. Address TSI Incorporated / 500 Cardigan Road / Shoreview, MN 55126 / USA E-mail Address [email protected] Limitation of Warranty (For country-specific terms and conditions outside of the USA, please visit www.tsi.com.) and Liability Seller warrants the goods sold hereunder, under normal use and service as described in the (effective June 2011) operator's manual, shall be free from defects in workmanship and material for 12 months, or if less, the length of time specified in the operator's manual, from the date of shipment to the customer. This warranty period is inclusive of any statutory warranty. This limited warranty is subject to the following exclusions and exceptions: a. Hot-wire or hot-film sensors used with research anemometers, and certain other components when indicated in specifications, are warranted for 90 days from the date of shipment; b.
    [Show full text]