connecting Java to Erlang just because we can
In my distributed systems BCIT option, I learned Java Stripes web framework and Erlang functional language. Naturally, I was curious about ways to connect the two together.
The chat application uses the following components:
- to handle chat messages and send them to users, Erlang sevchat_server,
- to send and receive messages to/from Erlang server, java classes with OTP Erlang library,
- to create and store clients logins, Erlang node settings, etc; postgreSQL database.
The user are able to do the following:
- register themselves with their username, password, and name,
- log in with their username and password,
- view all connected users,
- chat with all connected users,
- and send private messages to selected users.
Finally, all messages are logged in PostgreSQL database.
The system works and is available on github. Also, check out Erlang server source and
client source. The full report is available
allowing pharmacy applications to securely exchange health data
Clients were double-entering same information into both their WinRx pharmacy management software and Assurance EMR system.
WinRx-Assurance communications software is a secure application written in .NET that exchanges pharmacy health data between WinRx pharmacy software and Assurance EMR system. Working application required
creating a communication framework between WinRx pharmacy software and Assurance system based on Assurance API data requirements and WinRx data model.
The software was deployed at several client sites, allowing quick and secure way to share application data between WinRx pharmacy management software and Assurance EMR system.
assisting nurses with scheduled medication procedures in a care home environment
Nursing procedures at many care homes are inefficient. For example, recording scheduled medications given out to patients, reporting, and other day-to-day repetitive tasks are done manually.
Furthermore, data exchanges between care homes and their dispensing pharmacies are often inaccurate due to human errors.
I wrote Medadmin System on pharmacy client’s request in order to assist nurses with giving out daily scheduled medications, recording patients’ pain and reactions, and reporting in a care home
environment. The online medadmin software is developed in .NET, and consists of the following components:
- SQL Server database,
- ASP.NET Web Services,
- .NET Web User Interface,
- and Crystal Reports.
The Medadmin system was deployed at a client site, but a decision was made to proceed with os-based software instead of this web-based product.
testing Linux systems for software firewall vulnerabilities
All companies face challenges of securing their electronic data. Software firewalls often have vulnerabilities which allow exfiltration of sensitive data by malicious software. During my time at BCIT,
we examined whether software firewall alone is sufficient to prevent and/or track loss of data if the target machine is compromised.
This project implements a complete covert application that allows a user to communicate with a disguised backdoor application on a compromised machine around the software firewall and issue commands
remotely. The backdoor application will accept commands and execute them; the results of the command execution will be sent back to the remote client application.
The system works as follows:
- Using libpcap at both the client and the compromised server, we bypass the software firewall.
- The packets will arrive to the covert collector on port 80 with certain parameters.
- The command packet will arrive to the backdoor on a random port with certain parameters.
- Backdoor has a separate thread that sends SYNs to the covert collector to let it know its ready to receive commands.
- The backdoor process is masked.
- The temporary files are shredded off the system after sending and the backdoor program shreds itself out upon receiving a certain command.
- Crafting custom TCP packets according to our covert channel design.
- Inotify is used to monitor a defined directory for new files, then send those files to the covert collector.
The covert collector and the backdoor application communicate through a covert channel that mimics HTTP protocol, thus possibly escaping notice by network admins. Furthermore, libpcap packet capture
library allows our channel to bypass software firewalls. If anything, the project demonstrated that software firewalls alone will not prevent the loss of data from a compromised system.