Getting Hacked Through Your Terminal

hdm writes "My company recently published a paper on security issues with common terminal emulator applications. The interesting thing about these vulnerabiltiies is that many of them only require the victim to be running tail on their log files (apache, syslog, etc) for the attack to be successful. The paper (TXT) can be found here."

BBS ANSI Bombs

[Leeji]

Back in the day, "Ansi Bombs" were considered an art form. With the art scene so active, you could usually embed some evil escape string in a good looking graphic and know that you were going to get people.

The problem was DOS' overly-powerful ANSI.SYS interpreter. It let you remap any key to an arbitrary set of keys, making keyboard macros pretty easy. However, it also let evildoers remap "Space" to, for example, "del *.*, enter, y, enter." Luckily, there were third party ANSI interpreters that didn't suffer this vulnerability.

One time, when I was about to reformat my HD, I even wrote an ANSI bomb to do it. Crazy stuff. There's an interesting (and of course, old) paper about it here.

Re:Unstable xterm

[NewWazoo]

I'm feeling artistic, so I'll write.

This, in a nutshell, is why you'll never be a Great Hacker. I'm most likely projecting my own insecurities upon you, but I'm writing and you're not, so there.

I tend to notice little things like you noticed - that catting a binary file will crash my terminal. And then in a fit of boredom, I might even do as you've done and start trimming away sections of the file to find the offending string. I might even write a one-liner that will parse through it for me, automating what would otherwise be a tedious task. I'll eventually end up with a file that is 23 bytes long, and when catted, crashes the terminal.

But I won't ever find out why. That file will remain a curiosity in my $HOME/misc/, to be pondered at until I find that it no longer crashes whatever terminal program I'm using. It might even remain for a while, until one day I have a directory purging session and delete it, wondering "What the hell is this?".

And that, in my opinion, is what separates Great Hackers from the myriad of wannabes. I'm definitely a wannabe. I'm proficient at everything I do, but I'll never spend the (quite possibly small number of) hours actually finding out why that string crashes xterm, and maybe doing something useful with it. The rewards are definitely there, and I've tasted their sweetness in flashes of inspiration, but I just don't have it.

What is it? I don't know. I don't suspect that I ever will, in this particular field. I think that I might just have it in another field (racing cars), but I think it's likely that I'll be Just Proficient at that, too, much as I have been at most everything for my whole life. And that's a pretty depressing thought.

Great Hackers have it, I think. They must. In fact, part of me wants to disbelieve that it exists; that if I'd just push myself a little bit harder, that if I'd just concentrate a little more, that if I would simultaneously dig deeper into and maintain a broader view/mindset of whatever it is that I'm doing, that suddenly I'd become a Great Hacker. I'd know the formula of self-motivation, and from then on it'd be easy. But it just doesn't seem to work that way - I read the exploits of Great Hackers, and marvel at how they do their work, just knowing that I could never do that! Knowing that given the same set of curiosities, my interest or drive or whatever would sputter out, and at best I'd end up with something nifty, that I might be able to make use of in my next bout of Adequate Hacking.

I'm sitting here thinking that I want to type some sort of sage-like advice to you (whoever you are) about forcing yourself to go the extra mile, or don't be lazy, or to eat your Wheaties before you start hacking. Fact is, I know that I've missed the opportunity to grab it. I also know that I've no clue what I did "wrong", and wouldn't know what to do differently, even could I go back in time and change something. I wish that I could have it, but I know that I never will.

I'm still pretty young (19)... maybe I'll figure out how to grab it between here and there.