Domain: w00w00.org
Stories and comments across the archive that link to w00w00.org.
Comments · 15
-
Re:4 bytes IS ENOUGH
As an Introduction to exploiting heap overflow, I'd recommend the following papers:
An article from heise security and a tutorial by w00w00. -
been here before
-
been here before
-
Re:Napster and Shawn Fanning
-
Re:How does a buffer overflow allow code execution
I agree.
Smashing the Stack for Fun and Profit is certainly a classic.
Also, if you want to know about more obscure heap based overflows, look at http://www.w00w00.org/files/articles/heaptut.txt -
Re:More viri on MS- why?
let's do a quick analysis of the ways to get a virus in MS OSes vs. linux..
In MS you have a plethora of options for contracting virii, you can read your email, you can visit a web site, you can use AIM.. not to mention that it is routine in MS OSes to download and execute unknown binaries.. all of these are tasks performed every single day by most windows users.
Contrast this to linux where you have only a single option: execute an unknown binary as root, a very rare task indeed.
The inherent difficulty in contracting a virus in linux has little or nothing to do with any of the things you mentioned. It comes down essentially to the file systems. On linux, or most any other multi-user operating system it is a very rare occurance that normal users have the ability to introduce a virus into the system.
-
More essence of woo...
-
More essence of woo...
-
More essence of woo...
-
More essence of woo...
-
Re:The w00w00 folks...
Here is his girlfriend's pic. Nice couple
;). -
The w00w00 folks......look like a freak show!
Check out this guy , for instance. Doesn't he look dreadful?!
I'm sure he'll regret this look someday.
-
Here's an idea!
I hope this get moded as "funny" or "I didn't read the article and I'm simply replying because I hate everything that's not linux". This article shows that AOL intends to fix the problem on the server-side.
-
Better Link
http://www.w00w00.org/advisories/aim.html is a better link.
Hey, if you guys want open-source IM, check out http://www.jabber.org The server is open-source and it's a distributed XML-based network. Lots of different, cool clients too. JabberIM for Windows, and Gabber for Linux are the most mature ones though. There are bridges to the AIM and ICQ networks available on some servers, but the ones on Jabber.org have been blocked by AOL... nice huh? -
Re:buffer overflows and script kiddiesYes, the return address is modified to return to your evil code which you inserted in the buffer you overflowed. That code generally does something useful like give you a shell. See Smashing The Stack For Fun And Profit for a much better explanation. Different architectures do grow the stack in different directions but that doesn't prevent the exploitation of overflows.
Heap based overflows are very similar but they occur in the data (bss) segment of a program. w00w00 on Heap Overflows has a pretty good explanation.