Posts Tagged ‘hacking’

It is amazing that after so maany years linux being actively developed, the buffer overflow exploit remains one of the top security vulnerabilities in 2011. Buffer overflow was first detailed in Smashing The Stack For Fun and Profit by Alphe One. Nevertheless, here is my first successful attempt in creating a buffer flow in my code.

The code is a simple one. Yet it forms the basis of a stack-based buffer overflow. Mystically, the program below prints a result of zero. The instruction ‘x = 1’ is skipped due to the buffer overflow exploit.

void function(int a, int b, int c) {
    int *ret;
    ret = (int*) &a - 1;
    (*ret) += 8;
}

void main() {
    int x;
    x = 0;
    function(1,2,3);
    x = 1;
    printf("%d\n",x);
}
Advertisements

Microsoft recently updated an article on the ten immutable laws of security (version 2.0), which it published back in ten years ago. It is really an interesting article on security and remains quite relevant until today.

These are the ten immutable laws of security, according to Microsoft:

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as its decryption key.
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law #9: Absolute anonymity isn’t practically achievable, online or offline.
Law #10: Technology is not a panacea.

Everything can be hacked, except for perhaps, this!

It is about the unidirectional networks. According to Wikipedia:

A unidirectional network (also referred to as a unidirectional security gateway or data diode) is a network appliance or device allowing data to travel only in one direction, used in guaranteeing information security.

Here’s a video from the manufacturer explaining it all.