[pt] RISCOS E VULNERABILIDADES SOCIAIS: UMA ANÁLISE DAS POLÍTICAS PÚBLICAS URBANAS NA FAVELA DA ROCINHA, RIO DE JANEIRO, BRASIL (2006 – 2014) / [en] SOCIAL RISKS AND VULNERABILITIES: AN ANALYSIS OF URBAN PUBLIC POLICIES IN THE FAVELA OF ROCINHA, RIO DE JANEIRO, BRAZIL (2006-2014)

MILENA ZAINOTTE MAGALHAES

21 March 2022

[pt] Esse trabalho tem como objetivo contribuir para a reflexão das políticas públicas urbanas com foco nos riscos e vulnerabilidades sociais em assentamentos precários. A pesquisa se desenvolve a partir do objeto de estudo riscos e vulnerabilidades sociais, analisado através de um recorte temporal das políticas públicas urbanas implementadas na favela da Rocinha, na cidade do Rio de Janeiro, de 2006 a 2014. A escolha da Rocinha como estudo de caso se justifica pelas características de precariedade urbanística e edilícia, bem como pelos diversos problemas de riscos e vulnerabilidades sociais. Essa dissertação busca analisar os fatores que produzem as desigualdades sociais no espaço urbano, que configuram em parte a ausência do direito à cidade, trabalhando com os conceitos de riscos endógenos e exógenos. A metodologia se desenvolve por meio de três categorias de análise: risco e vulnerabilidade, desigualdade social e direito à cidade, a partir de pesquisa documental, visita a campo e entrevistas semiestruturadas com lideranças comunitárias. A pesquisa conclui que a vulnerabilidade na Rocinha está diretamente relacionada com a desigualdade social e a ausência do direito à cidade, tanto em comparação a bairros privilegiados da cidade, quanto internamente, devido à negligência ainda maior sobre os sub-bairros mais precários, que recebem menor atenção do poder público. Os principais riscos endógenos identificados foram segurança pública e precariedade de moradias e de infraestrutura. E os riscos exógenos, inundação e deslizamento. As entrevistas apontaram como principais vulnerabilidades a violência, insegurança alimentar, saneamento básico e pobreza. / [en] This thesis aims to contribute to the reflection of urban public policies focusing on social risks and vulnerabilities in precarious settlements. To achieve such goal the research will analyze urban public policies developed in the squatter settlement known as Favela Rocinha in the city of Rio de Janeiro, Brazil, from 2006 to 2014. The choice of Rocinha as a case study is justified by the characteristics of urban and building precariousness as well as the various problems of social risks and vulnerabilities. Therefore, this thesis will analyze the aspects that produce social inequalities in the urban space, which partially configure the absence of the right to the city, using the concepts of endogenous and exogenous risks. The methodology is developed through three categories of analysis: risk and vulnerability, social inequality, and the right to the city, based on documentary research, field research and semi-structured interviews with community leaders. The research concludes that vulnerability in Rocinha is directly related to social inequality and the absence of the right to the city, both in comparison to privileged neighborhoods of the city, and internally, due to the greater neglect of the most precarious sub-neighborhoods, which receive less attention from the government. The mais endogenous risks identified were public security and precariouness of housing and infrastructure. And exogenous risks were flooding and landslides. The interviews pointed out as main vulnerabilities violence, food insecurity, basic sanitation and poverty.

[pt] URBANISMO

[pt] FAVELA DA ROCINHA

[pt] POLITICAS PUBLICAS

[pt] ASSENTAMENTOS PRECARIOS

[pt] RISCOS E VULNERABILIDADES SOCIAIS

[en] URBANISM

[en] SQUATTER SETTLEMENT ROCINHA

[en] PUBLIC POLICY

[en] PRECARIOUS SETTLEMENTS

[en] SOCIAL RISKS AND VULNERABILITIES

INVESTIGATING OFFENDER TYPOLOGIES AND VICTIM VULNERABILITIES IN ONLINE CHILD GROOMING

Siva sahitya Simhadri (17522730)

02 December 2023

<p dir="ltr">One of the issues on social media that is expanding the fastest is children being exposed to predators online [ 1 ]. Due to the ease with which a larger segment of the younger population may now access the Internet, online grooming activity on social media has grown to be a significant social concern. Child grooming, in which adults and minors exchange sexually explicit text and media via social media platforms, is a typical component of online child exploitation. An estimated 500,000 predators operate online every day. According to estimates, Internet chat rooms and instant messaging are where 89% of sexual approaches against children take place. The child may face a variety of unpleasant consequences following a grooming event, including shame, anger, anxiety, tension, despair, and substance abuse which make it more difficult for them to report the exploitation. A substantial amount of research in this domain has focused on identifying certain vulnerabilities of the victims of grooming. These vulnerabilities include specific age groups, gender, psychological factors, no family support, and lack of good social relations which make young people more vulnerable to grooming. So far no technical work has been done to apply statistical analysis on these vulnerability profiles and observe how these patterns change between different victim types and offender types. This work presents a detailed analysis of the effect of Offender type (contact and fantasy) and victim type (Law Enforcement Officers, Real Victims and Decoys (Perverted Justice)) on representation of different vulnerabilities in grooming conversations. Comparison of different victim groups would provide insights into creating the right training material for LEOs and decoys and help in the training process for online sting operations. Moreover, comparison of different offender types would help create targeted prevention strategies to tackle online child grooming and help the victims.</p>

Data engineering and data science

Statistics not elsewhere classified

Online grooming

Child sexual abuse -- Investigation

Chat rooms

ANOVA statistics analysis

Post-hoc analysis

vulnerabilities ---

Säkerheten i webbapplikationer mot SQL- injektionsattacker : En studie av tekniker, säkerhetspåverkan och förekommande skyddslösningar

Hanna Malko, Ranim

January 2023

Web applications constitute an essential part of our daily lives, providing us access to significant online services and information. Despite their advantages, they are also vulnerable to security threats, particularly SQL injection attacks. SQL injection is a vulnerability that arises when an attacker inserts malicious SQL queries through user input parameters in a web application. This attack can have severe consequences, such as exposing sensitive information. The purpose of this study is to investigate and analyze the security of web applications against SQL injection attacks. This is achieved by examining SQL injection techniques, their impact on security and integrity, as well as the most common protective solutions. The goal of the study is to enhance and improve the security of applications and protect users from potential security risks. To achieve this, a combination of literature study and practical investigations is conducted. A literature review is performed to identify SQL injection techniques, security risks, and the most prevalent protective solutions. Subsequently, these factors are evaluated and analyzed to determine the effectiveness of the techniques using the penetration testing tool SQLmap. The results of the study indicate that the most common and effective attack techniques are Inband SQL injection and Inferential SQL injection. These techniques can have severe implications for users, businesses, and society at large, such as unauthorized access to protected data, data manipulation in databases, and the compromise of confidentiality and data integrity. To safeguard against such attacks, it is crucial to employ defensive coding practices, including the use of prepared statements with parameterized queries and input validation. However, manual implementation remains challenging. A combination of automated prevention techniques and best coding practices should be employed to ensure a reliable database protected against SQL injections, even concerning stored procedures that are difficult to prevent with existing automated prevention techniques. / Webbapplikationer utgör en viktig del av vårt dagliga liv och ger oss tillgång till betydelsefulla onlinetjänster och information. Trots deras fördelar är de också sårbara för säkerhetshot, särskilt SQL-injektionsattacker. SQL-injektion är en sårbarhet som uppstår när en angripare infogar skadliga SQL-frågor genom användarens inmatningsparametrar i en webbapplikation. Attacken medför allvarliga konsekvenser, såsom exponering av känslig information. Syftet med denna studie är att undersöka och analysera säkerheten i webbapplikationer mot SQL-injektionsattacker. Detta genomförs genom att undersöka SQL-injektionstekniker, deras påverkan på säkerhet och integritet, samt de vanligaste skyddslösningarna. Målet med studien är att öka och förbättra säkerheten hos applikationer samt skydda användarna från potentiella säkerhetsrisker. För att åstadkomma detta genomförs en kombination av litteraturstudier och praktiska undersökningar. En litteraturstudie genomförs för att identifiera SQL-injektionstekniker, säkerhetsrisker och de vanligast förekommande skyddslösningarna. Därefter utvärderas och analyseras dessa faktorer för att kunna fastställa effektiviteten hos teknikerna genom användning av penetrationstestningsverktyget SQLmap. Resultaten av studien visar att de vanligaste och mest effektiva attackteknikerna är Inband SQL-injektion och Inferential SQL-injektion. Dessa tekniker kan få allvarliga konsekvenser för användare, företag och samhället i stort, såsom åtkomst till skyddade data, manipulering av data i databasen och förlust av sekretess och dataintegritet. För att skydda mot sådana attacker är det avgörande att använda defensiva kodningsmetoder, inklusive användning av förberedda satser med parametriserade frågor och indatavalidering. Trots detta utgör manuell implementering en utmaning. En kombination av automatiserade förebyggande tekniker och bästa kod-praxis bör användas för att säkerställa en pålitlig databas som är skyddade mot SQL-injektioner, även när det gäller lagrade procedurer som är svåra att förhindra med befintliga automatiserade förebyggande tekniker.

SQL injection attack

security vulnerabilities

data integrity

web applications

prevention techniques

SQL-injektionsattack

säkerhetssårbarheter

dataintegritet

webbapplikationer

förebyggande tekniker

Software Engineering

Programvaruteknik

Ethical Hacking of an IoT-device: Threat Assessment and Penetration Testing : A Survey on Security of a Smart Refrigerator

Radholm, Fredrik, Abefelt, Niklas

January 2020

Internet of things (IoT) devices are becoming more prevalent. Due to a rapidly growing market of these appliances, improper security measures lead to an expanding range of attacks. There is a devoir of testing and securing these devices to contribute to a more sustainable society. This thesis has evaluated the security of an IoT-refrigerator by using ethical hacking, where a threat model was produced to identify vulnerabilities. Penetration tests were performed based on the threat model. The results from the penetration tests did not find any exploitable vulnerabilities. The conclusion from evaluating the security of this Samsung refrigerator can say the product is secure and contributes to a connected, secure, and sustainable society. / Internet of Things (IoT) enheter blir mer allmänt förekommande. På grund av en snabbt expanderande marknad av dessa apparater, har bristfälliga säkerhetsåtgärder resulterat till en mängd olika attacker. Det finns ett behov att testa dessa enheter for att bidra till ett mer säkert och hållbart samhälle. Denna avhandling har utvärderat säkerheten av ett IoT-kylskåp genom att producera en hot modell för att identifiera sårbarheter. Penetrationstester har utförts på enheten, baserade på hot modellen. Resultatet av penetrationstesterna hittade inga utnyttjningsbara sårbarheter. Slutsatsen från utvärderingen av säkerheten på Samsung-kylskåpet är att produkten är säker och bidrar till ett uppkopplat, säkert, och hållbart samhälle.

Internet of things (IoT)

device

security

penetration testing

threat assessment

vulnerabilities

Internet of things (IoT)

enhet

säkerhet

penetrationstester

hotbedömning

sårbarheter

Computer and Information Sciences

Data- och informationsvetenskap

Övervakning och analys av blåtandstrafik för att säkerställa integritet och säkerhet / Montioring and analysis of Bluetooth traffic to ensure integrity and security

Sulehria, Ibrahim, Haddad, Noor

January 2024

I dagens samhälle används Bluetooth Low Energy (BLE) alltmer, särskilt inom IoT-enheter (Internet of Things). Detta ökar behovet av säker kommunikation och att identifiera samt åtgärda potentiella sårbarheter. Problemet som denna studie adresserar är risken för passiv avlyssning och säkerhetsbrister i BLE-kommunikation, vilket kan leda till datamissbruk och integritetsintrång. Detta arbete fokuserar på att undersöka säkerheten inom BLE-signalering och presenterar även en praktisk laboration för att öka kunskapsnivån inom analys och hantering av blåtandstrafik. Säkerhetsbrister utvärderas genom att analysera trafiken mellan BLE-enheter, med specifik fokus på passiv avlyssning och de potentiella riskerna med detta. Genom praktiska experiment med tre olika blåtandsenheter, inklusive smarta LED-lister och ett smart hopprep, undersöktes hur signaleringsdata kan extraheras och missbrukas. Resultaten visar att även om nyare versioner av blåtand tillhandahåller förbättrade säkerhetsmekanismer, utnyttjas dessa inte alltid korrekt i produkter med lägre säkerhetskrav. Arbetet ger insikter i hur befintliga säkerhetsmekanismer kan förbättras och betonar vikten av kontinuerliga säkerhetsuppdateringar från tillverkare. / Today, Bluetooth Low Energy (BLE) is increasingly used, particularly in IoT devices (Internet of Things). This increase raises the need for secure communication and identifying as well as addressing potential vulnerabilities. The problem addressed by this study is the risk of passive eavesdropping and security flaws in BLE communication, which can lead to data misuse and privacy breaches. This work focuses on examining the security of BLE signaling and also presents a practical lab to enhance knowledge in analyzing and managing Bluetooth traffic. Security vulnerabilities are evaluated by analyzing the traffic between BLE devices, with a specific focus on passive eavesdropping and its potential risks. Through practical experiments with three different Bluetooth devices, including smart LED strips and a smart jump rope, the study investigated how signaling data can be extracted and misused. The results show that although newer versions of Bluetooth provide improved security mechanisms, these are not always correctly implemented in products with lower security requirements. The study provides insights into how existing security mechanisms can be improved and emphasizes the importance of continuous security updates from manufacturers.

Bluetooth Low Energy

security

passive eavesdropping

signaling

security vulnerabilities

Bluetooth

sniffing

Bluetooth Low Energy

säkerhet

passiv avlyssning

signalering

säkerhetsbrister

blåtand

sniffing

Communication Systems

Kommunikationssystem

Strengthening Cyber Defense : A Comparative Study of Smart Home Infrastructure for Penetration Testing and National Cyber Ranges / Stärkning av cyberförsvar : En jämförande studie av smarta heminfrastrukturer för penetrationstestning och nationella cyberanläggningar

Shamaya, Nina, Tarcheh, Gergo

January 2024

This thesis addresses the critical issue of security vulnerabilities within the Internet of Things (IoT) ecosystem, with a particular emphasis on everyday devices such as refrigerators, vacuum cleaners, and cameras. The widespread adoption of IoT devices across various sectors has raised significant concerns regarding their security, underscoring the need for more effective penetration testing methods to mitigate potential cyberattacks. In response to this need, the first part of this thesis presents an approach to creating a penetration testing environment specifically tailored for IoT devices. Unlike existing studies that primarily focus on isolated or specific device testing, this work integrates various common household IoT appliances into a single testbed, enabling the testing of a complex system. This setup not only reflects a more realistic usage scenario but also allows for a comprehensive analysis of network traffic and interactions between different devices, thereby potentially identifying new, complex security vulnerabilities. The second part of the thesis undertakes a comparative study of cyber range infrastructures and architectures, an area relatively unexplored in existing literature. This study aims to provide nuanced insights and practical recommendations for developing robust, scalable cyber range infrastructures at a national level. By examining different frameworks, this research contributes to the foundational knowledge necessary for advancing national cybersecurity defenses. Overall, the findings from this research aim to contribute to improving IoT security and guiding the development of robust national cyber range frameworks. / Denna avhandling tar upp de säkerhetsbrister som finns inom det ekosystem som omfattar Internet of Things (IoT) enheter, med särskilt fokus på vardagliga apparater som kylskåp, dammsugare och kameror. Den stora spridningen av IoT-enheter inom olika sektorer har väckt många säkerhetsfrågor, vilka betonar behovet av effektivare metoder för penetrationstestning för att förhindra möjliga cyberattacker. För att möta detta behov presenterar den första delen av avhandlingen en metod för att skapa en penetrationstestningsmiljö särskilt anpassad för IoT-enheter. Till skillnad från tidigare studier, vilka främst fokuserar på enskilda eller specifika enhetstestningar, kombinerar detta arbete olika hushållsapparater i en enda testbädd, vilket möjliggör testningen av ett komplext system. Detta upplägg speglar inte bara en mer realistisk användningssituation, utan tillåter också en mer omfattande analys av nätverkstrafik och interaktioner mellan olika enheter, vilket potentiellt kan identifiera nya, komplexa säkerhetsbrister. Den andra delen av avhandlingen genomför en jämförande studie av cyberanläggningars infrastrukturer och arkitekturer, ett område som är relativt outforskat i befintlig litteratur. Denna studie syftar till att ge insikter och praktiska rekommendationer för att utveckla robusta, skalbara infrastrukturer för cyberanläggningar på nationell nivå. Genom att undersöka olika ramverk bidrar denna forskning till den grundläggande kunskap som behövs för att förbättra nationella cybersäkerhetsförsvar. Sammanfattningsvis syftar resultaten från denna forskning till att förbättra IoT-säkerheten och vägleda utvecklingen av robusta nationella ramverk för cyberanläggningar.

IoT Devices

Penetration Testing

Network Traffic Analysis

Cyber Range

Infrastructure

Architecture

National Development

Security Vulnerabilities

IoT-enheter

Penetrationstestning

Nätverkstrafikanalys

Cyberanläggning

Infrastruktur

Arkitektur

Nationell utveckling

Säkerhetssårbarheter

Computer Engineering

Datorteknik

The requirements for the development of a spatial information system for the Tlokwe Local Municipality water catchments area / Sydney Peter Riekert

Riekert

January 2014

The problem facing the Tlokwe Local Municipality is that it is Constitutional and legislatively obliged to avoid and/or mitigate the impact of potential disasters within its boundaries, through the effective management of potential disaster risks and disasters. The lack of effective risk management tools is especially concerning in the context of the water catchment management of the Mooi River, which is the main water supply of the Tlokwe local Municipality. The Mooi River is exposed to many potential catchment related hazards that could affect the municipality of which the origins are both anthropogenic and natural. Although, many of the impacts on the catchment arise beyond the boundaries and the control of the municipality, this does not relieve the municipality from the responsibility to develop tools to manage the risks. The aim of the study is to assist in addressing the above stated problem through establishing the requirements for a conceptual model for an effective spatial information system that will assist the municipality in effectively managing the potential disaster risks and disasters that may arise in the Mooi River Catchment area that could impact on the Tlokwe Local Municiaplity. The aim gives rise to three-research questions that are formulated as research objectives that are used to identify the conceptual model requirements. The first is to identify and conceptualise the constitutional and legislative obligations in respect of disaster risk management in general and specifically those governing the disaster disk management in the water catchment area for the Mooi River. The study of this objective not only highlight the constitutional and legal obligations that the local municipality is subject to, but provides legislatives remedies that the local municipality can utilise to assist with disaster risks reduction. The second is to identify and conceptualise the generic hazards that are related to water catchment areas (including the related groundwater compartments) and those specific in the Mooi River catchment area. In this section, potential anthropogenic and natural hazards are listed, a methodology for risk and vulnerability analyses is provided, and a concise study of quaternary catchment C23D is provided. The third is to identify and conceptualize the requirements for an effective conceptual model of GIS for Disaster Risk Management in the Tlokwe Local Municipality. An overview of a GIS is provided. The essential components of a generic information system namely, people, software, hardware, procedures and processes, data and telecommunications or networks are discussed. The information and system requirements cumulating from the analyses of the three research questions, serve as the drivers of the goal, outcomes and transformation process of the system as well as the requirements for the conceptual model. In this section: a comparison of the Systems Development Life Cycle (SDLC), Framework for Applied Systems Thinking (FAST), problem solving and the phases addressed in this study; the identification of the conceptual model requirements; and a concise systems conceptualisation of an effective GIS is provided. As the, mini-dissertation focuses on the needs for a conceptual model, the additional activities required before the system can be implemented are identified and formulated as recommendation that provide the opportunity for future research. / M Development and Management, North-West University, Potchefstroom Campus, 2014

Anthropogenic Hazards

Disaster Management

Disaster Management Related Legislation

Disaster Risk Management

Disaster Risks

Dolomite Compartment

GIS and Disaster Management

Mining Hazards

Mooi River Catchment

Natural Hazards

Vulnerabilities

Water Catchment Area

Water Resource Related Legislation

Waterborne Hazards

The requirements for the development of a spatial information system for the Tlokwe Local Municipality water catchments area / Sydney Peter Riekert

Riekert

January 2014

The problem facing the Tlokwe Local Municipality is that it is Constitutional and legislatively obliged to avoid and/or mitigate the impact of potential disasters within its boundaries, through the effective management of potential disaster risks and disasters. The lack of effective risk management tools is especially concerning in the context of the water catchment management of the Mooi River, which is the main water supply of the Tlokwe local Municipality. The Mooi River is exposed to many potential catchment related hazards that could affect the municipality of which the origins are both anthropogenic and natural. Although, many of the impacts on the catchment arise beyond the boundaries and the control of the municipality, this does not relieve the municipality from the responsibility to develop tools to manage the risks. The aim of the study is to assist in addressing the above stated problem through establishing the requirements for a conceptual model for an effective spatial information system that will assist the municipality in effectively managing the potential disaster risks and disasters that may arise in the Mooi River Catchment area that could impact on the Tlokwe Local Municiaplity. The aim gives rise to three-research questions that are formulated as research objectives that are used to identify the conceptual model requirements. The first is to identify and conceptualise the constitutional and legislative obligations in respect of disaster risk management in general and specifically those governing the disaster disk management in the water catchment area for the Mooi River. The study of this objective not only highlight the constitutional and legal obligations that the local municipality is subject to, but provides legislatives remedies that the local municipality can utilise to assist with disaster risks reduction. The second is to identify and conceptualise the generic hazards that are related to water catchment areas (including the related groundwater compartments) and those specific in the Mooi River catchment area. In this section, potential anthropogenic and natural hazards are listed, a methodology for risk and vulnerability analyses is provided, and a concise study of quaternary catchment C23D is provided. The third is to identify and conceptualize the requirements for an effective conceptual model of GIS for Disaster Risk Management in the Tlokwe Local Municipality. An overview of a GIS is provided. The essential components of a generic information system namely, people, software, hardware, procedures and processes, data and telecommunications or networks are discussed. The information and system requirements cumulating from the analyses of the three research questions, serve as the drivers of the goal, outcomes and transformation process of the system as well as the requirements for the conceptual model. In this section: a comparison of the Systems Development Life Cycle (SDLC), Framework for Applied Systems Thinking (FAST), problem solving and the phases addressed in this study; the identification of the conceptual model requirements; and a concise systems conceptualisation of an effective GIS is provided. As the, mini-dissertation focuses on the needs for a conceptual model, the additional activities required before the system can be implemented are identified and formulated as recommendation that provide the opportunity for future research. / M Development and Management, North-West University, Potchefstroom Campus, 2014

Anthropogenic Hazards

Disaster Management

Disaster Management Related Legislation

Disaster Risk Management

Disaster Risks

Dolomite Compartment

GIS and Disaster Management

Mining Hazards

Mooi River Catchment

Natural Hazards

Vulnerabilities

Water Catchment Area

Water Resource Related Legislation

Waterborne Hazards

VULNERABILIDADES E SUPERAÇÃO DA DESIGUALDADE EDUCACIONAL NO BRASIL: GOIÁS EM ANÁLISE.

Oliveira, José Izecias de

29 May 2015

Made available in DSpace on 2016-07-27T13:44:59Z (GMT). No. of bitstreams: 1 JOSE IZECIAS DE OLIVEIRA.pdf: 5016288 bytes, checksum: 65a7aa0710780b5b94a16d6290d99206 (MD5) Previous issue date: 2015-05-29 / The object of the research is the educational inequality in Brazil, analyzed as human development measure in terms of social and economic components measured by longevity, education and income. It adopts the method of historical and dialectical materialism, in order to size the contradictions in the social construction of the inequalities, after the Federal Constitution of 1988. The thesis is linked to the research line: State, Educational institutions of the Program of Post-Graduation of PUC, Goiás, developed under the qualitative approach, of explanatory aspect, with documentary and statistical analyses, based on the last three censuses systematized by the consortiums UNDP, Ipea and FJP, published in 2012 and 2014. It chooses the Federative Unit of Goiás, in the simultaneous investigation of municipal spatiality and Human Development Units (HDU), which include the metropolitan areas of Goiânia and surrounding Federal District. The extreme twelfths are statistically used to encompass syntheses involving 246 municipalities and more than 400 HDU, which design dimensions of Educational Inequality rates (EIR) and Routes of Overcoming (RO). The analysis of the Brazilian concrete reality reveals how educational inequality of relief, for the last decade of the 20th century and first of the 21st, one schooling of only 55% of the graduating students from primary education. It demonstrates is a transmutation of this inequality in vulnerabilities education-income, involving social collective made unequal, sacrificed by poverty and indigence of children, elderly, mothers responsible for their homes, and workers without urban mobility. Education inequalities changing in vulnerabilities expose a refined quality of inequalities, not abstract. It is shown that the movement for overcoming the concrete reality passes by re-politicization of the State, from the popular collectives, constructing a new relation that overcomes the abstract plan to give way to the concrete. / O objeto da pesquisa é a desigualdade educacional no Brasil, analisado como medida de desenvolvimento humano, nos termos das componentes sociais e econômica aferidos pela longevidade, educação e renda. Adota-se o método do materialismo histórico e dialético, com vistas a apreender as contradições na construção social das desigualdades, após a Constituição Federal de 1988. A tese vincula-se à Linha de Pesquisa: Estado, Políticas e Instituições Educacionais do Programa de Pós-Graduação da PUC Goiás, desenvolvida sob a abordagem qualitativa, de caráter exploratório, com análise documental e estatística, com base nos três últimos censos sistematizados pelo consórcio PNUD, Ipea e FJP, publicados em 2012 e 2014. Escolhe-se a Unidade Federativa goiana, na investigação simultânea das espacialidades municipais e das Unidades de Desenvolvimento Humano (UDH), que englobam as Regiões Metropolitanas de Goiânia e do Entorno do Distrito Federal. Os duodécimos extremos são estatisticamente utilizados para abarcar sínteses que envolvem 246 municípios e mais de 400 UDH, que projetam dimensões de Taxas de Desigualdade Educacional (TdE) e Percursos de Superação (PeS). A análise da realidade concreta brasileira desvela como desigualdade educacional de relevo, para a última década do século XX e a primeira do XXI, uma escolarização de apenas 55% dos trabalhadores concluintes do ensino fundamental. Demonstra-se uma transmudação dessa desigualdade em vulnerabilidades educação-renda, envolvendo coletivos sociais feitos desiguais, sacrificados pela pobreza e indigência de crianças, idosos, mães chefes de domicílios e trabalhadores sem mobilidade urbana. Desigualdades educacionais transformando-se em vulnerabilidades expõem uma refinada qualidade das desigualdades, não mais abstratas. Mostra-se que o movimento para a superação da realidade concreta passa pela repolitização do Estado, a partir dos coletivos populares, construindo uma nova relação que supere o plano abstrato para dar lugar ao concreto.

Desigualdade educacional

Unidades de Desenvolvimento Humano

Vulnerabilidades educacionais

Percurso de superação

Repolitização do Estado

Educational Inequality

Human Development Units

Public Policies and adult education

educational Vulnerabilities

Route of overcoming

Re-politicization of the State

CNPQ::CIENCIAS HUMANAS::EDUCACAO

Graybox-baserade säkerhetstest : Att kostnadseffektivt simulera illasinnade angrepp

Linnér, Samuel

January 2008

<p>Att genomföra ett penetrationstest av en nätverksarkitektur är komplicerat, riskfyllt och omfattande. Denna rapport utforskar hur en konsult bäst genomför ett internt penetrationstest tidseffektivt, utan att utelämna viktiga delar. I ett internt penetrationstest får konsulten ofta ta del av systemdokumentation för att skaffa sig en bild av nätverksarkitekturen, på så sätt elimineras den tid det tar att kartlägga hela nätverket manuellt. Detta medför även att eventuella anomalier i systemdokumentationen kan identifieras. Kommunikation med driftansvariga under testets gång minskar risken för missförstånd och systemkrascher. Om allvarliga sårbarheter identifieras meddelas driftpersonalen omgå-ende. Ett annat sätt att effektivisera testet är att skippa tidskrävande uppgifter som kommer att lyckas förr eller senare, t.ex. lösenordsknäckning, och istället påpeka att orsaken till sårbarheten är att angriparen har möjlighet att testa lösenord obegränsat antal gånger. Därutöver är det lämpligt att simulera vissa attacker som annars kan störa produktionen om testet genomförs i en driftsatt miljö.</p><p>Resultatet av rapporten är en checklista som kan tolkas som en generell metodik för hur ett internt penetrationstest kan genomföras. Checklistans syfte är att underlätta vid genomförande av ett test. Processen består av sju steg: förberedelse och planering, in-formationsinsamling, sårbarhetsdetektering och analys, rättighetseskalering, penetrationstest samt summering och rapportering.</p> / <p>A network architecture penetration test is complicated, full of risks and extensive. This report explores how a consultant carries it out in the most time effective way, without overlook important parts. In an internal penetration test the consultant are often allowed to view the system documentation of the network architecture, which saves a lot of time since no total host discovery is needed. This is also good for discovering anomalies in the system documentation. Communication with system administrators during the test minimizes the risk of misunderstanding and system crashes. If serious vulnerabilities are discovered, the system administrators have to be informed immediately. Another way to make the test more effective is to skip time consuming tasks which will succeed sooner or later, e.g. password cracking, instead; point out that the reason of the vulnerability is the ability to brute force the password. It is also appropriate to simulate attacks which otherwise could infect the production of the organization.</p><p>The result of the report is a checklist by means of a general methodology of how in-ternal penetration tests could be implemented. The purpose of the checklist is to make it easier to do internal penetration tests. The process is divided in seven steps: Planning, information gathering, vulnerability detection and analysis, privilege escalation, pene-tration test and final reporting.</p>

Penetration test

black box

gray box

white box

vulnerabilities

exploit

methodology

checklist

nmap

metasploit

xss

sql-injection

security

Penetrationstest

internt

blackbox

graybox

whitebox

sårbarheter

exploit

metodik

checklista

nmap

metasploit

xss

sql-injection

säkerhet

Computer science

Datalogi