短篇小说《我是一名黑客》讨论

valentine

原帖由 colddawn 于 2006-4-24 09:54 发表
关于溢出，确实应该是有从用户态安全上下文溢出到root权限的可能的，楼上那位说人buffer overflow没学过的人难免有点诽谤的嫌疑了，作者这篇文章既然是小说了，不可能每个技术细节都符合现实状况，可以允许稍微夸 ...

Yes, it's easy to say what a buffer overflow is. But never say unix/linux is unsafe because there's buffer overflow, that sounds extremly ridiculous and miss leading.

Be advised, if you want to talk about BO, you should say something about a specially unknown/unpatched BO vuln exist in a speical application on the certain system.

valentine

原帖由 skipjack 于 2006-4-24 09:42 发表


现在看你到是有种“的感觉了。
哈哈...
如果你感觉好，就贴出来吧。
就算我看不懂，也会存档的。

"怀才不遇”?
Don't really know why you said this.

I'm doing very well and I love my security related job , IMO, I'm doing  one of the most exciting job in this  world, seriously.

What I don't like this article is that  the author is trying to make him a genuis while he sounds like an idiot.

One book is really good for those who care about security and hacking:
"The shellcoder's Handbook", by Jack Koziol, David Litchfield, Dave Aitel...

[ 本帖最后由 valentine 于 2006-4-24 22:47 编辑 ]

skipjack

原帖由 valentine 于 2006-4-24 22:26 发表


Most of IE vulnerabilities come from COM/Activex. A COM object can be initialized even it is not masked as safe for scripting, this has been proved to be very dangerous. Lots of memory corrupti ...

没关系，我知道你现在上班了。呵呵...有时差
http应该属于那种一问一答式的交互协议，浏览器在没有发送request请求时，不应该对response做出反应。但我发现IE和mozilla在协议实现上有很大的不同。当mozilla和http server建立TCP三次握手后，如果这时server返回response信息，mozilla会无条件的去响应它。
我测试的环境是这样的，当我在局域网中截获mozilla与sever的TCP三次握手ack包时，迅速给它发送一个重定向页面（这个包太好构造了，不是吗？），mozilla就会被我吸引过来，但IE不会。
我知道你的工作是漏洞挖掘，在这方面应该会比我有造诣，测试环境也比我这里好。我感觉这是一个不正常的协议实现，你觉的呢？

valentine

原帖由 skipjack 于 2006-4-24 22:47 发表


没关系，我知道你现在上班了。呵呵...有时差
http应该属于那种一问一答式的交互协议，浏览器在没有发送request请求时，不应该对response做出反应。但我发现IE和mozilla在协议实现上有很大的不同。当mozilla和 ...

Yes, you really got a good point there. That's an improper protocol implentation and a security flaw.

One mitigating factor of this flaw is that TCP hijacking and Man-in-the-Middle attack is not available to a normal user, and in order to control the victim, you nead to exploit another vulnerability which can lead to code execution.

[ 本帖最后由 valentine 于 2006-4-24 23:32 编辑 ]

skipjack

原帖由 valentine 于 2006-4-24 22:46 发表

"怀才不遇”?
Don't really know why you said this.

I'm doing very well and I love my security related job , IMO, I'm doing  one of the most exciting job in this  world, seriously.

Wh ...

"怀才不遇”－－> 玩笑 <－－，我只是说你写小说在写法上不如作者而己。
我知道你的工作性质，也看过你的求职经历。
呵呵...每个人都有可取的地方不是吗？如果我说“漏洞挖掘”不就是“软件测试”吗，你觉的中听吗？
你也看到了，贴这个贴子在这里，并没有你预想的那二个结果。

valentine

原帖由 skipjack 于 2006-4-24 22:56 发表


"怀才不遇”－－> 玩笑 <－－，我只是说你写小说在写法上不如作者而己。
我知道你的工作性质，也看过你的求职经历。
呵呵...每个人都有可取的地方不是吗？如果我说“漏洞挖掘”不就是“软件测试 ...

If a security researcher is a QA tester, a hacker is nothing but a programmer


[ 本帖最后由 valentine 于 2006-4-24 23:09 编辑 ]

skipjack

原帖由 valentine 于 2006-4-24 23:04 发表


If a security researcher is a QA tester, a hacker is nothing but an programmer

这话是你说的，可不是我说的。哈哈...
为金钱工作容易累
为理想工作可奈风寒
security researcher与hacker都属于后者吧，所以有用不完的动力驱使着。

valentine

原帖由 skipjack 于 2006-4-24 23:09 发表


这话是你说的，可不是我说的。哈哈...
为金钱工作容易累
为理想工作可奈风寒
security researcher与hacker都属于后者吧，所以有用不完的动力驱使着。

Currently I'm working for both, "Money does not bring you happiness but freedom", and all man enjoy freedom.

skipjack

原帖由 valentine 于 2006-4-24 23:15 发表



Currently I'm working for both, "Money does not bring you happiness but freedom", and all man enjoy freedom.

有开源支持，我不担心中国的软件会差到那去，关键还是硬件。硬件有后门，软件在安全管屁股用啊？
只要你在我的机器上输入过敏感密码，机器没有接入网络，你最后为了安全把硬盘格了、拆了、毁了后还给我，但我还是得到了我想要的密码。在你印象中这用什么方法来实现？

valentine

原帖由 skipjack 于 2006-4-24 23:36 发表


有开源支持，我不担心中国的软件会差到那去，关键还是硬件。硬件有后门，软件在安全管屁股用啊？
只要你在我的机器上输入过敏感密码，机器没有接入网络，你最后为了安全把硬盘格了、拆了、毁了后还给我，但我 ...

1. IMO,the most serious security hole resides in routers, firmware of the mainframe computers, etc.

2. Want to write a novel?
I have no experience in doing this, but just to answer your very closed question, as no access to the network, the sniffed password(got by a keylogger) may only  be saved into CMOS-like space if it allows you to write,  and if the hard disk is not destroyed but only soft formatted, some data may still be recoverred.