DOCSLIB.ORG

DETECTING BUFFER OVERFLOWS USING TESTCASE SYNTHESIS and CODE INSTRUMENTATION by MICHAEL A

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
DETECTING BUFFER OVERFLOWS USING TESTCASE SYNTHESIS and CODE INSTRUMENTATION by MICHAEL A DETECTING BUFFER OVERFLOWS USING TESTCASE SYNTHESIS AND CODE INSTRUMENTATION by MICHAEL A. ZHIVICH S.B., Electrical Engineering and Computer Science (2004) Massachusetts Institute of Technology SUBMITTED TO THE DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF ENGINEERING IN ELECTRICAL ENGINEERING AND COMPUTER SCIENCE at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2005 c Massachusetts Institute of Technology 2005. All rights reserved. Author............................................................................ Department of Electrical Engineering and Computer Science May 19, 2005 Certified by........................................................................ Richard Lippmann Senior Scientist, MIT Lincoln Laboratory Thesis Supervisor Accepted by....................................................................... Arthur C. Smith Chairman, Department Committee on Graduate Students 2 Detecting Buffer Overflows Using Testcase Synthesis and Code Instrumentation by Michael A. Zhivich Submitted to the Department of Electrical Engineering and Computer Science on May 19, 2005, in partial fulfillment of the requirements for the degree of Master of Engineering in Electrical Engineering and Computer Science Abstract The research presented in this thesis aims to improve existing approaches to dynamic buffer overflow detection by developing a system that utilizes code instrumentation and adap- tive test case synthesis to find buffer overflows and corresponding failure-inducing inputs automatically. An evaluation of seven modern dynamic buffer overflow detection tools de- termined that C Range Error Detector (CRED) is capable of providing fine-grained buffer access information necessary for the creation of this system. CRED was also selected be- cause of its ability to provide comprehensive error reports and compile complex programs with reasonable performance overhead. CRED was extended to provide appropriate code instrumentation for the adaptive testing system, which also includes a test case synthe- sizer that uses data perturbation techniques on legal inputs to produce new test cases, and an analytical module that evaluates the effectiveness of these test cases. Using informa- tion provided by code instrumentation in further test case generation creates a feedback loop that enables a focused exploration of the input space and faster buffer overflow detec- tion. Applying the adaptive testing system to jabberd, a Jabber Instant Messaging server, demonstrates its effectiveness in finding buffer overflows and its advantages over existing dynamic testing systems. Adaptive test case synthesis using CRED to provide buffer access information for feedback discovered 6 buffer overflows in jabberd using only 53 messages, while dynamic testing using random messages generated from a protocol description found only 4 overflows after sending 10,000 messages. Thesis Supervisor: Richard Lippmann Title: Senior Scientist, MIT Lincoln Laboratory Acknowledgments I am indebted to many people without whom this work would not be possible. First and foremost, I would like to thank my advisor, Richard Lippmann, for his guidance, suggestions and constructive criticism throughout this project. I would also like to thank Tim Leek for all his contributions to this work, including the real exploit evaluation of dynamic buffer overflow detection tools and modifications to the PCFG random message generator and CRED-HW compiler. Without Tim’s contributions and technical expertise, building an adaptive testing system would have been very difficult. I would like to thank Misha Zitser for developing a thorough classification of buffer overflows and providing the test corpus from his thesis, which was an invaluable part of the evaluation of dynamic buffer overflow detection tools. I would also like to thank Rob Cunningham, Graham Baker, Kendra Kratkiewicz, Chris Scott and all the folks in Group 62 at the Lincoln Laboratory, with whom I have had many interesting discussions, and who have made my experience at Lincoln so rewarding. Last, but certainly not least, I would like to thank my family and friends for their encouragement and support throughout this time — I would not have made it here without you, and I give you my heartfelt thanks. Contents 1 Introduction 13 1.1 Cost of Software Failures . 13 1.2 Types of Vulnerabilities in Software . 15 1.3 Buffer Overflows — A Persistent Vulnerability . 16 1.4 Approaches to Buffer Overflow Prevention . 16 1.5 Goals of this Thesis . 19 2 Exploiting Buffer Overflows 21 2.1 Memory Layout of a Process . 21 2.2 Arbitrary Code Execution . 23 2.2.1 Injecting Code . 23 2.2.2 Changing Code Pointer Directly . 24 2.2.3 Changing Code Pointer Indirectly . 24 2.3 Logic-based Attacks . 25 2.4 Unauthorized Access to Information . 26 2.5 Classifying Buffer Overflows . 26 2.5.1 Access Pattern . 27 2.5.2 Access Type . 27 2.5.3 Size of Overflow . 27 2.5.4 Location . 28 3 Approaches to Buffer Overflow Detection 29 3.1 Security Policies and Code Reviews . 29 3.2 Language Approach . 30 3.3 Safe C Libraries . 31 5 3.4 Operating System Extensions . 32 3.5 Static Analysis . 32 3.6 Runtime Buffer Overflow Detection . 33 3.6.1 Compiler-based Code Instrumentation . 33 3.6.2 Executable Monitoring . 35 3.7 Software Fault Injection . 37 3.8 Mini-simulation with Random Messages . 37 3.9 An Adaptive Testing System . 38 4 Evaluating Dynamic Buffer Overflow Detection Tools 39 4.1 Dynamic Buffer Overflow Detection Tools . 40 4.1.1 Executable Monitoring Tools . 40 4.1.2 Compiler-based Tools . 41 4.1.3 Common Limitations of Compiler-based Tools . 44 4.2 Variable-overflow Testsuite Evaluation . 45 4.2.1 Test Procedure . 45 4.2.2 Sample Analysis . 46 4.2.3 Variable-overflow Testsuite Results . 50 4.3 Artificial Exploit Evaluation . 52 4.3.1 Test Procedure . 53 4.3.2 Artificial Exploit Results . 53 4.4 Real Exploit Evaluation . 53 4.4.1 Test Procedure . 54 4.4.2 Real Exploit Results . 55 4.5 Performance Overhead . 55 4.6 Discussion . 57 5 Dynamic Testing with Code Instrumentation 59 5.1 Dynamic Testing Architecture . 60 5.1.1 Code Instrumentation . 61 5.1.2 Tester and Random Message Generator . 61 5.1.3 Process Monitor . 62 5.2 Random Message Generation . 63 6 5.2.1 HMM Random Message Generator . 63 5.2.2 PCFG Random Message Generator . 64 5.3 Evaluating Dynamic Testing . 66 5.3.1 Jabber Instant Messaging Server . 66 5.3.2 Test Environment . 68 5.3.3 Test Procedure . 69 5.3.4 Test Results . 71 5.4 Discussion . 73 6 Adaptive Test Case Synthesis 75 6.1 Dynamic Testing with Feedback . 75 6.2 Message Database . 76 6.3 Test Case Generator . 78 6.3.1 Tokenizing Messages . 79 6.3.2 Mutating Tokens . 80 6.4 Feedback Loop . 81 6.4.1 CRED-HW Instrumentation . 81 6.4.2 Buffer Access Signature Analysis . 82 6.5 Static Analysis Module . 84 6.5.1 CIL: C Intermediate Language . 86 6.5.2 Source Analysis with CIL . 86 6.5.3 Literals in jabberd ............................ 87 6.6 Evaluating Adaptive Testing System . 87 6.6.1 Test Environment . 87 6.6.2 Test Procedure . 88 6.6.3 Sample Test Run . 90 6.6.4 Test Results . 93 6.7 Discussion . 96 7 Future Work 99 7.1 Tokenizing Messages . 99 7.2 Token Mutations . 100 7.3 Buffer Instances . 100 7 8 Conclusions 103 8.1 Required Instrumentation . 103 8.2 Generating Test Cases . 104 8.3 Advantages of the Adaptive Testing Approach . 105 A HMM Description 107 B PCFG Description 123 C CRED Error Messages 127 D PCFG Messages 129 E Feedback Messages 135 F Literals Found in jabberd 141 8 List of Figures 1-1 Cumulative Exploits in Commonly Used Server Software . 17 2-1 Memory Layout of a Process . 22 4-1 Example of Discrete Overflow Test Case . 46 4-2 Stack Layout for Discrete Buffer Overflow Example . 48 4-3 Results for Discrete Buffer Overflow Example . 48 4-4 Example of Continuous Overflow Test Case . 49 4-5 Stack Layout for Continuous Buffer Overflow Example . 51 4-6 Results for Continuous Buffer Overflow Example . 51 4-7 Summary of Results for Variable-overflow Testsuite . 52 5-1 System Architecture for Dynamic Testing with Code Instrumentation . 60 5-2 Typical Jabber Server Deployment . 67 5-3 Architecture of jabberd ............................. 69 5-4 A Typical Jabber IM Message . 70 6-1 System Architecture for Adaptive Testing . 77 6-2 Test Case Generator Architecture . 78 6-3 A Legal Jabber IM Message . ..
Load more

Recommended publications
  • Daniel Nashed "CSI Domino" Diagnostic Collection & NSD Analysis
    "CSI Domino" Diagnostic Collection & NSD Analysis Daniel Nashed AdminCamp 2016 – Sept. 19-21 in Gelsenkirchen About the presenter ● Nash!Com – German IBM® Business Partner/ISV – Member of The Penumbra group -- an international consortium of selected Business Partners pooling their talent and resources ● Focused on Cross-Platform C-API, IBM® Domino® Infrastructure, Administration, Integration, Troubleshooting and IBM® Traveler – Platform Focus: Microsoft® Windows® 32/64, Linux® and IBM AIX® ● Author of the Domino on Linux®/UNIX® Start Script – Note: Working on RHEL7 + SLES 12 “systemd” support Agenda ● Introduction – What is „Serviceability“ ● Automatic Data Collection (ADC), Configuration Collector ● NSD, Memcheck – Server Crashes, Hangs, Annotation of NSDs ● Memory Management ● Advanced Methods – Semaphore Debugging – Memory Dumps ● Performance Troubleshooting ● Q&A – Any time Useful Software & Tools ● Software – Notes Peek – Lotus Notes Diagnostics (LND) – 7Zip – open source ZIP tool – Ultraedit (commerical but great) or Notepad++ (free) – NashCom Tools ● nshcrash ● Nshmem ● C-API Toolkit – Great source of information What is Serviceability? ● RAS = Reliability Availability Serviceability ● RAS is the effort to improve the Domino Product suite so that: – Client/Server doesn’t crash or hang as often (Reliability) – Client/Server performs well, Server is available to clients (Availability) – The ability to quickly pin-point and fix problems (Serviceability) ● Ongoing effort in each incremental release – Some features are even back-ported
    [Show full text]
  • HALO: Post-Link Heap-Layout Optimisation
    HALO: Post-Link Heap-Layout Optimisation Joe Savage Timothy M. Jones University of Cambridge, UK University of Cambridge, UK [email protected] [email protected] Abstract 1 Introduction Today, general-purpose memory allocators dominate the As the gap between memory and processor speeds continues landscape of dynamic memory management. While these so- to widen, efficient cache utilisation is more important than lutions can provide reasonably good behaviour across a wide ever. While compilers have long employed techniques like range of workloads, it is an unfortunate reality that their basic-block reordering, loop fission and tiling, and intelligent behaviour for any particular workload can be highly subop- register allocation to improve the cache behaviour of pro- timal. By catering primarily to average and worst-case usage grams, the layout of dynamically allocated memory remains patterns, these allocators deny programs the advantages of largely beyond the reach of static tools. domain-specific optimisations, and thus may inadvertently Today, when a C++ program calls new, or a C program place data in a manner that hinders performance, generating malloc, its request is satisfied by a general-purpose allocator unnecessary cache misses and load stalls. with no intimate knowledge of what the program does or To help alleviate these issues, we propose HALO: a post- how its data objects are used. Allocations are made through link profile-guided optimisation tool that can improve the fixed, lifeless interfaces, and fulfilled by
    [Show full text]
  • Architectural Support for Scripting Languages
    Architectural Support for Scripting Languages By Dibakar Gope A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Electrical and Computer Engineering) at the UNIVERSITY OF WISCONSIN–MADISON 2017 Date of final oral examination: 6/7/2017 The dissertation is approved by the following members of the Final Oral Committee: Mikko H. Lipasti, Professor, Electrical and Computer Engineering Gurindar S. Sohi, Professor, Computer Sciences Parameswaran Ramanathan, Professor, Electrical and Computer Engineering Jing Li, Assistant Professor, Electrical and Computer Engineering Aws Albarghouthi, Assistant Professor, Computer Sciences © Copyright by Dibakar Gope 2017 All Rights Reserved i This thesis is dedicated to my parents, Monoranjan Gope and Sati Gope. ii acknowledgments First and foremost, I would like to thank my parents, Sri Monoranjan Gope, and Smt. Sati Gope for their unwavering support and encouragement throughout my doctoral studies which I believe to be the single most important contribution towards achieving my goal of receiving a Ph.D. Second, I would like to express my deepest gratitude to my advisor Prof. Mikko Lipasti for his mentorship and continuous support throughout the course of my graduate studies. I am extremely grateful to him for guiding me with such dedication and consideration and never failing to pay attention to any details of my work. His insights, encouragement, and overall optimism have been instrumental in organizing my otherwise vague ideas into some meaningful contributions in this thesis. This thesis would never have been accomplished without his technical and editorial advice. I find myself fortunate to have met and had the opportunity to work with such an all-around nice person in addition to being a great professor.
    [Show full text]
  • Sir Charles Poised for Comms Vision
    Bahman Rahimi: An Node4 channel chief entrepreneur with his outlines strategy for mind on growth p32 mid-market push p46 VOL 22 ISSUE 5 OCTOBER 2017 www.comms-dealer.com Call recording for PCI, FCA and MiFID ll compliance. oak.co.uk ADVERTISEMENT ADVERTISEMENT THE HEARTBEAT OF THE UK COMMS INDUSTRY THINK For Reliable & Scaleable Recording Solutions, MiFIDII, FCA & PCI Compliance e: [email protected] t: 020 3488 1498 w: www.vidicodeuk.com 3-22 Industry News Fully white labelled Catch up with hosted telephony events in comms solution from £2.75 Take Control of Your PBX Deploy24 on Windows, Linux or in the Cloud Business Matters Q3 dominated by fibre-fest and M&A CD_commcloud.pdf 1 24/04/2017 12:24 www.channeltelecom.com www.channeltelecom.com 26 Experience the Interview Sir Charles poisedC Thirkill and the rise M of3CX GCI People PhoneCloud System Y CM Communications Cloud • Easy to install & managefor Comms VisionMY 34 CY We get your • Inexpensive to buy and expand Case study SIR Charles Dunstone, one of the UK’s most successful ICT entrepreneurs, willCMY employees, outline his vision for the future of the industry at Gleneagles next month. • VirtualizeApprenticeships or run in and the cloud (Windows / Linux) K customers and why they matter apps talking • Halve your phone bill with SIPEXCLUSIVE Trunks ing a culture to drive growth’, In June 2012 Dunstone rec- TalkTalk Executive Chairman eived a Knighthood for his ser- • Increase48 mobility with smartphoneComms Vision Conference clients org- Sir Charles will take part in vices to the telecommunications aniser Comms Dealer has con- an exclusive conversation and industry and his charitable work.
    [Show full text]
  • Messages End-To-End Encryption Overview
    Messages End-to-End Encryption Overview Technical Paper Emad Omara Communications Security Lead November 2020 Version 1.0 A high-level technical overview of end-to-end encryption in Messages Introduction ​2 Background & RCS Ecosystem ​3 Threat Model ​3 Goals ​4 UI Changes ​4 SMS/MMS Fallback ​5 Identity Verification ​6 E2EE in Messages ​7 Signal Protocol ​7 Key Server ​8 Messages Encryption ​9 Attachment Encryption ​10 Session Recovery ​10 Web Client ​10 Storage & Access ​11 Android Messages Database ​11 Notifications ​11 Limitations ​11 Third Party RCS Client ​11 Conclusion ​12 Introduction Rich Communication Services (RCS) is designed to improve users’ experience and security over Short Message Service (SMS)/Multimedia Messaging Service (MMS), and we’ve invested in making Messages by Google a modern and globally available RCS & SMS/MMS messaging app for Android phones. While RCS messages are already a big security improvement over SMS/MMS, we wanted to take it a step further and add end-to-end encryption (E2EE) to Messages, so no one else – including 2 Messages E2EE Overview​ Google servers or third-party servers – can access your conversations as they travel between your phone and the phone you message. Background & RCS Ecosystem RCS uses a set of standard internet protocols like Session Initiation Protocol (SIP)​[1] ​ to establish a connection between two clients through a central messaging server. This connection is then used to exchange the messages using Message Session Relay Protocol (MSRP)​[2].​ In some RCS deployments this server is hosted by the carrier, and in other deployments the server is hosted by Jibe Mobile from Google.
    [Show full text]
  • Oracle® Beehive Oracle Beehive Standards-Based Clients Help Release 2 (2.0)
    Oracle® Beehive Oracle Beehive Standards-Based Clients Help Release 2 (2.0) November 2011 Last updated on November 4, 2011 This page contains configuration instructions and other related information for the following standards-based clients supported by Oracle Beehive: Hardware and Software Certification Managing your E-Mails ■ Apple Mail ■ Microsoft Outlook ■ Mozilla Thunderbird Managing Calendar and Task List ■ Apple iCal ■ Mozilla Lightning Using Instant Messaging ■ Apple iChat ■ Pidgin ■ Trillian Pro Accessing Documents (Web Clients and FTP Clients) ■ Browser-based Access ■ Desktop WebDAV Clients ■ Mac OS X Finder Web Access ■ Cadaver ■ Microsoft Windows Web Folders ■ Desktop FTP Clients ■ FileZilla ■ NCFTP ■ SmartFTP ■ Transmit RSS Clients Mobile Access Documentation Accessibility 1 Hardware and Software Certification The hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system software versions might be certified after this guide is published, review the certification matrix on the My Oracle Support Web site for the most up-to-date list of certified hardware platforms and operating system versions. My Oracle Support is available at the following URL: http://support.oracle.com/ You must register online before using My Oracle Support. Use the following steps to locate the certification information for your platform: 1. After logging in, click the Certifications tab. 2. In the Certification Search pane, on the Search tab, select the following information: ■ Product: Enter the product name or select from the drop-down list of Products. ■ Release: Select the release number of the product. ■ Platform: Select the target platform by choosing from the submenu list.
    [Show full text]
  • Wschodnioeuropejskie Czasopismo Naukowe (East European Scientific Journal) #7(59), 2020 39 Osmak A
    Wschodnioeuropejskie Czasopismo Naukowe (East European Scientific Journal) #7(59), 2020 39 Osmak A. S. Ph.D. student in the Chair of Information Policy and Digital Technologies National Academy of Public Administration under the President of Ukraine, Arsenovich L. A. Ph.D. student in the Chair of Information Policy and Digital Technologies National Academy of Public Administration under the President of Ukraine Karpenko Y. V. Ph.D. student in the Chair of public administration and public service National Academy of Public Administration under the President of Ukraine INSTANT MESSAGE EXCHANGE SYSTEMS IN THE PRACTICE OF PUBLIC GOVERNANCE. CLASSIFICATION, SECURITY, INTEROPERABILITY AND REMOTE CYBER EDUCATION Осьмак Антон Сергійович, аспірант кафедри інформаційної політики та цифрових технологій Національної академії державного управління при Президентові України Арсенович Леонід Антонович, аспірант кафедри інформаційної політики та цифрових технологій Національної академії державного управління при Президентові України Карпенко Юлія Василівна, аспірантка кафедри публічного управління та публічної служби Національної академії державного управління при Президентові України СИСТЕМИ ОБМІНУ МИТТЄВИМИ ПОВІДОМЛЕННЯМИ У ПРАКТИЦІ ПУБЛІЧНОГО УПРАВЛІННІ. КЛАСИФІКАЦІЯ, БЕЗПЕКА, ІНТЕРОПЕРАБЕЛЬНІСТЬ ТА ДИСТАНЦІЙНА КІБЕРОСВІТА Abstract. The article scientifically considers the essence of modern digital communication systems. The factual analysis of modern means of digital communications and their use in the field of public administration and cyber education is carried out. The use of artificial intelligence in the digital communications of public authorities is considered. The definition of "Instant (digital) messages" and "сhatbot" is defined. The issue of cryptographic protection of digital messages and the impact of the COVID-19 pandemic on the development of digital communication systems are considered. The typology of instant messaging services by main functions is offered.
    [Show full text]
  • Runtime Detection of C-Style Errors in UPC Code
    Runtime Detection of C-Style Errors in UPC Code Peter Pirkelbauer Chunhua Liao Thomas Panas Lawrence Livermore National Lawrence Livermore National Microsoft Laboratory Laboratory Parallel Data Warehousing [email protected] [email protected] [email protected] Dan Quinlan Lawrence Livermore National Laboratory [email protected] Abstract Software frequently contains flaws, and the size and complexity Unified Parallel C (UPC) extends the C programming language of modern software makes the detection of such flaws difficult. Re- (ISO C 99) with explicit parallel programming support for the parti- ducing the number of software flaws is an effort that permeates tioned global address space (PGAS), which provides a global mem- all stages in software development. For example, adopting rigid ory space with localized partitions to each thread. Like its ancestor coding standards and restricting programming languages to a safe C, UPC is a low-level language that emphasizes code efficiency. subset can eliminate error-prone coding techniques. Static and dy- The absence of dynamic (and static) safety checks allows program- namic code analysis tools that operate on source or binary code mer oversights and software flaws that can be hard to spot. are also used to reduce software flaws. Static analysis tools uti- In this paper, we present an extension of a dynamic analysis lize source code (style) analysis or formal analysis techniques such tool, ROSE-Code Instrumentation and Runtime Monitor (ROSE- as dataflow analysis, abstract interpretation, and model checking. CIRM), for UPC to help programmers find C-style errors involving Static analysis tools do not influence the running programs but of- the global address space.
    [Show full text]
  • Wind River® Vxworks® 7 Third Party License Notices
    Wind River® VxWorks® 7 Third Party License Notices This document contains third party intellectual property (IP) notices for the BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY Wind River® VxWorks® 7 distribution. Certain licenses and license notices THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, may appear in other parts of the product distribution in accordance with the OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN license requirements. ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Trademarks All company, product and service names used in this software are for ACPICA identification purposes only. Version: 20170303 Component(s): Runtime Wind River and VxWorks are registered trademarks of Wind River Systems. Description: Provides code to implement ACPI specification in VxWorks. UNIX is a registered trademark of The Open Group. IBM and Bluemix are registered trademarks of the IBM Corporation. NOTICES: All other third-party trademarks are the property of their respective owners. 1. Copyright Notice Some or all of this work - Copyright (c) 1999 - 2016, Intel Corp. All rights reserved. Third Party Notices 2. License 2.1. This is your license from Intel Corp. under its intellectual property rights. You may have additional license terms from the party that provided you this software, covering your right to use that party's intellectual property rights. 64-Bit Dynamic Linker Version: 2.2. Intel grants, free of charge, to any person ("Licensee") obtaining a copy Component(s): Runtime of the source code appearing in this file ("Covered Code") an irrevocable, Description: The dynamic linker is used to load shared libraries.
    [Show full text]
  • Green Tweets
    twitter_praise_page Page i Thursday, March 12, 2009 12:35 PM Praise for Twitter API: Up and Running “Twitter API: Up and Running is a friendly, accessible introduction to the Twitter API. Even beginning web developers can have a working Twitter project before they know it. Sit down with this book for a weekend and you’re on your way to Twitter API mastery.” — Alex Payne, Twitter API lead “This book rocks! I would have loved to have had this kind of support when I initially created TwitDir.” — Laurent Pantanacce, creator of TwitDir “Twitter API: Up and Running is a very comprehensive and useful resource—any developer will feel the urge to code a Twitter-related application right after finishing the book!” — The Lollicode team, creators of Twitscoop “A truly comprehensive resource for anyone who wants to get started with developing applications around the Twitter platform.” — David Troy, developer of Twittervision “An exceptionally detailed look at Twitter from the developer’s perspective, including useful and functional sample code!” — Damon Cortesi, creator of TweetStats, TweepSearch, and TweetSum “This book is more than just a great technical resource for the Twitter API. It also provides a ton of insight into the Twitter culture and the current landscape of apps. It’s perfect for anyone looking to start building web applications that integrate with Twitter.” — Matt Gillooly, lead developer of Twalala “A wonderful account of the rich ecosystem surrounding Twitter’s API. This book gives you the insight and techniques needed to craft your own tools for this rapidly expanding social network.” — Craig Hockenberry, developer of Twitterrific twitter_praise_page Page ii Thursday, March 12, 2009 12:35 PM Twitter API: Up and Running Twitter API: Up and Running Kevin Makice Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Twitter API: Up and Running by Kevin Makice Copyright © 2009 Kevin Makice.
    [Show full text]
  • Frequently Asked Questions (Faqs) Frequently Asked Questions (Faqs) P/N 82092502, Revision C Copyright © 2003 by Multi-Tech Systems, Inc
    Frequently Asked Questions (FAQs) Frequently Asked Questions (FAQs) P/N 82092502, Revision C Copyright © 2003 by Multi-Tech Systems, Inc. All rights reserved. This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representation or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc., to notify any person or organization of such revisions or changes. Revision Date Description A 10/15/98 Manual released. B 11/30/98 Manual Revised. C 7/22/03 Manual Revised. Removed discussion group url. Multi-Tech, CommPlete, and the Multi-Tech logo are trademarks of Multi-Tech Systems, Inc. Other trademarks and trade names mentioned in this publication belong to their respective owners. Multi-Tech Systems, Inc. 2205 Woodale Drive Mounds View, Minnesota 55112 (612) 785-3500 or (800) 328-9717 U.S. Fax (612) 785-9874 Technical Support (800) 972-2439 BBS (612) 785-3702 or (800) 392-2432 Fax Back (612) 717-5888 Internet Address: http://www.multitech.com Contents Frequently-Asked Questions .........................................................................4 General CommPlete System FAQs .........................................................5 3rd Party
    [Show full text]
  • Wireless Data Lans
    WIRELESS DATA DEMYSTIFIED THE McGRAW-HILL DEMYSTIFIED SERIES 3G Wireless Demystified 802.11 Demystified Bluetooth Demystified CEBus Demystified Computer Telephony Demystified Cryptography Demystified DVD Demystified GPRS Demystified MPEG-4 Demystified SIP Demystified SONET/SDH Demystified Streaming Media Demystified Video Compression Demystified Videoconferencing Demystified Wireless Data Demystified Wireless LANs Demystified Wireless Messaging Demystified Wireless Data Demystified John R. Vacca McGraw-Hill New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore Sydney • Toronto Copyright © 2003 by The McGraw-HIll Companies, Inc. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-142919-0 The material in this eBook also appears in the print version of this title: 0-07-139852-X. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occur- rence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069.
    [Show full text]