The concept is not new, it's called a honeypot. It allows you to trick the attacker into thinking he found a weakness.
There are many ways to respond after the attacker tries to exploit it. One of the more common is to log whatever info you can get and try to pursue him.
It's main usefulness with script kiddies lies in that the attacker will be off trying to figure out wtf is wrong with his shellcode while you have the FBI kick in his door.
However against more organized attacks from more powerful entities (governments, corporations) it can only serve as an obfuscator and an early warning system.
It is not sufficient, the poster wanted information that would stop attacks other than the currently known script kiddie methods. Hacking Exposed is an overview of current methods and tools. It does not go into necessary (code level) detail, that is nothing against the book which from what I have heard is excellent, you simply cannot fit all of the information into one 500 page book.
In fact, on further thought I should have included Applied Cryptography itself on that list because knowledge of how to break and detect weak cryptosystems is necessary.
Hacking Exposed is probably a good start but it certainly cannot cover all of the information at the level of detail he will need.
Well unfortunately there is no one book to sum up breaking into systems that is along the lines of Applied Cryptography.
Some books to get you on the right direction follow:
1. A good C book if you do not already know C. I personally learned with C Programming, A Modern Approach, it's a good book. Knowledge of C is essential because you will need it to write your test exploits and most of the following books assume knowledge of C.
2. Advanced Programming in the UNIX Environment and a good OS theory book such as Operating Systems by Stallings or "the dinosaur book". This is necessary so that you understand the both the nature and implementation of modern operating systems.
3. TCP/IP Illustrated Volumes 1 and 2. These are necessary so that you understand TCP/IP at a very low level. Most attacks involve a network and that network usually runs TCP/IP, a lower level network book covering such topics as Ethernet may be necessary as well.
4. The Tao of the Buffer Overflow by Aleph1. This can be found in the Bugtraq archives. Stack based overflows remain the most common method of compromise (besides social engineering). This article does an excellent job of explaining how to exploit and find them. Dildog wrote an NT version for the l0pht which you may also need.
5. w00w00 published an article on heap based overflows which you may need.
6. A general Internet + Systems security book, O'Reilly has one I have heard good things about, I can't recall it's title. Note however that a general security book is not enough.
7. Various academic pubications and thesis papers. These can be an invaluable resource for descriptions of more esoteric attacks not covered in published books. These also have the benefit of assuming a much higher level of knowledge than most papers/websites/books for dummies.
8. OS Specific docs and books. In order to secure or break an OS you need to know everything about that OS.
9. Mailing lists such as Bugtraq and OS specific security lists will provide a history of previous vulnerabilities and solutions.
Security is a very broad and difficult subject requiring its practitioners to be skilled in many different areas. I hope this is a good transition and you enjoy your new post.
Yes but I'm sure that is so long as Rob and Jeff work for Andover. They are nowhere near the top, Andover bought slashdot, they own it. Remember how they mentioned that they could only be fired for just cause? That's all Andover would need if Rob and Jeff no longer were beneficial.
Remember this next time you sign a contract, management will eventually try to fuck you, the best you can do is see it coming.
You don't get it, according to the stock market we have contributed millions. How much do you think they can make off ads. How do you think those ads are paid for? Maybe by our eyes grazing them (or the junkbuster denied logo...).
You call it whining and I call it consumer demand, we are far beyond the days of a couple kids writing shit while they weren't in class. They made millions off of our eyes.
No, it is clear that both you and the moderators who +3'd this do not understand open source.
Applying the GPL to a web application can be difficult because it can be confusing to determine when application is actually released. After that, enforcement of the GPL is straightforward. I think most reasonable people would agree that the web application is released when it is placed on a production server for consumption by the general public. As you can see slashdot is released, yet we have no code, this is certainly not open source.
Further if you had actually bothered to read the slash license... you will note that *gasp* it has an advertising clause.
Very well thought out argument except from one small thing.
If the risk of software competition is that great, if a system similar to slashdot but with a few, straightfoward enhancements could steal a multimillion dollar market... There are thousands of companies that could take it, with no need for slash. Put bluntly slash is not that hard to reinvent, it's simply a matter of motivating capable people and giving them the time to do it. I sincerely hope their business plan is not resting in no one having equally powerful software. Next time you use a medium sized commercial application, think how hard that would be to reimplement, then compare it to slashdot, see what I mean?
Some excellent points but one other reason for not releasing I've always considered likely is the security angle.
I would not be surprised if right now there is all sorts of security through obscurity hidden in the code. I think that is their major concern because the arrogance and lack of understanding of open source principles does not fit well with what I have seen of them.
The rather angry response from Rob to these sorts of questions is uncalled for. Due to their (well deserved) success and the commercial nature of Andover, their lack of true participation in the open source community will become more and more controversial.
Not necessarily, the best disaster weapon is whatever the user is most comfortable and best trained with, period.
However if the user is proficient with both a shotgun and a handgun, the shotgun would normally be the better weapon to have when cvilization collapses.
Since their website is unresponsive here is an activation key:
For the JBuilder Foundation download, please use:
Serial Number: xa33-?5t58-kqmn3
Installation Key: n75-ek2
I'll never understand why these companies force users to click through pages of bullshit just to try a product. Don't they realize we just lie to screw their data?
Farily decent? IIRC level 5 is their super duper continously optimizing process. It is laughed at by most as vast overkill in nearly all situations.
Unfortunately the problem faced when trying to impose these extreme restrictions is that the SQA people work with the coders. We all know based upon human nature that reports will get fudged and the idea that the SQA people can remain at all independent is laughable. In working closely with the coders, friendships are formed and exceptions are made.
Also if you actually wanted contact info it might help to provide a private email address. I doubt anyone would want to provide it on a publically accessible and very well known bulletin board.
This works for small projects but only for small projects. This is the kind of shit my buddies and I did for our CS courses where the longest projects lasted a month or two.
This is not an appropriate forum for this question. The idea that someone could convey how to implement good software design in a 100 word post is ludicrous. This is something that someone who is serious would have to invest a great deal of time into.
Oh and as far as algorithmic proofs, they may not be right for you but there are some projects where a simple "Uhhh geee well it looks like it should werk" won't cut it. Sorry that plane just crashed, I guess the logic in that algorithm was flawed....
If you are serious about implementing good software design you need a helluva lot more that an Ask Slashdot.
There are a multitude of books written on the subject of software design including a whole field of software engineering. The fact that the documents are written in Word but Word is not available on Linux seemed to be a major focus of your question. As many will tell you, the document format you use is of course irrelevant, your goal should be to insure that those documents have the required information so that not only will any future employees be able to understand what the author has done but the author himself will also be able to review them to re-focus himself. As anyone who has ever worked on a large software project will tell you, you WILL lose track of your original goal, you WILL get distracted by relatively minor issues. Hell it even happens on small projects.
I personally lean towards Object Oriented Analysis and Design (probably because a certain professor pounded it into my head). There is a whole series of books cropping up around the Unified Modeling Language which you may want to read if you are serious. It provides a way for you to represent you system because let's face it, words are not sufficient and MS Clip Art while better than some OOAD packages *cough* Paradigm Minus *cough* just won't do.
I'd learn the concepts before worrying about what packages are out there and what platforms they happen to run on. In the end it won't be nearly as important as you think.
It is exceedingly unlikely that a lack of memory would change the system's state in such a way as to allow you to gain any elevated priviledges. In other words a waste of your time if you want to crack it. However if you merely want to keep their web server down, go to rootshell and download something like syn4k.c or whatever the hell the latest / greatest is. This way you probably won't get your account canceled and it may actually deny service. Hint, if they know your real ip they can simply block it. Further hint, using a raw socket, you can build your own packet including the source ip. Congrats you are well on your way to becoming a script kiddie.
Of course if you were using FreeBSD with it's securelevel properly set as well as immutable flags properly set, rm -rf / would not completely destroy the system.
In the past (for UNIX systems at least) it had been widely regarded that obtaining root meant that it was game over. I think it is important to realize that this may not always be the case. I have noticed a maturation of UNIX systems with respect to security. A possible next step is to use cryptography to ensure that 'root' really is the person authorized to replace the kernel. Unfortunately I also believe that some of this will be done with new hardware devices and I am not confident that they will support a BSD or even Linux.
What's worse, you can drive at 16, I think we have our responsibilities slightly screwed.:)
I do not equate free with liberal but that is a very different thread (yes, I'm a card carrying libertarian (and nra member)).
If you play it cool, you probably won't have any trouble. I assume you are about 18 and look it, if you are 13, sorry but you may as well not even try. Then again I've seen some stiff enforcement so it's always a crapshoot. Here's a good example, I was at Woodstock and on the roof of their Beer Gardens (only place they sold beer) were two NY state troopers making sure no one underage got in. This is a strange country indeed.
Yes, the return address is modified to return to your evil code which you inserted in the buffer you overflowed. That code generally does something useful like give you a shell. See Smashing The Stack For Fun And Profit for a much better explanation. Different architectures do grow the stack in different directions but that doesn't prevent the exploitation of overflows.
Heap based overflows are very similar but they occur in the data (bss) segment of a program. w00w00 on Heap Overflows has a pretty good explanation.
Yes some operating systems do have non-executable stacks, I am unsure if Digital UNIX is one of them but it wouldn't surprise me. I do know Solaris has this feature (though there are/were some flaws, search bugtraq archives for more info). Linux does as well through Solar Designer's secure-linux patches (http://www.false.com/security/linux/ index.html ). This may only work with Intel Linux, I haven't used it elsewhere. Gory details of how it works are include with the patches. Beware however that these are not perfect and can be defeated. Also note that there are good uses for executable stacks, search on "gcc trampolining" for some examples and discussion.
Slashdot Mirror
Sure and if the admin is smart, those 2000 odd subnets are dropped at the border router :)
The concept is not new, it's called a honeypot. It allows you to trick the attacker into thinking he found a weakness.
There are many ways to respond after the attacker tries to exploit it. One of the more common is to log whatever info you can get and try to pursue him.
It's main usefulness with script kiddies lies in that the attacker will be off trying to figure out wtf is wrong with his shellcode while you have the FBI kick in his door.
However against more organized attacks from more powerful entities (governments, corporations) it can only serve as an obfuscator and an early warning system.
It is not sufficient, the poster wanted information that would stop attacks other than the currently known script kiddie methods. Hacking Exposed is an overview of current methods and tools. It does not go into necessary (code level) detail, that is nothing against the book which from what I have heard is excellent, you simply cannot fit all of the information into one 500 page book.
In fact, on further thought I should have included Applied Cryptography itself on that list because knowledge of how to break and detect weak cryptosystems is necessary.
Hacking Exposed is probably a good start but it certainly cannot cover all of the information at the level of detail he will need.
I think they do it so that the UNIX people can get a good chuckle out of MS' continuous errors. A sort of comic relief.
Well unfortunately there is no one book to sum up breaking into systems that is along the lines of Applied Cryptography.
Some books to get you on the right direction follow:
1. A good C book if you do not already know C. I personally learned with C Programming, A Modern Approach, it's a good book. Knowledge of C is essential because you will need it to write your test exploits and most of the following books assume knowledge of C.
2. Advanced Programming in the UNIX Environment and a good OS theory book such as Operating Systems by Stallings or "the dinosaur book". This is necessary so that you understand the both the nature and implementation of modern operating systems.
3. TCP/IP Illustrated Volumes 1 and 2. These are necessary so that you understand TCP/IP at a very low level. Most attacks involve a network and that network usually runs TCP/IP, a lower level network book covering such topics as Ethernet may be necessary as well.
4. The Tao of the Buffer Overflow by Aleph1. This can be found in the Bugtraq archives. Stack based overflows remain the most common method of compromise (besides social engineering). This article does an excellent job of explaining how to exploit and find them. Dildog wrote an NT version for the l0pht which you may also need.
5. w00w00 published an article on heap based overflows which you may need.
6. A general Internet + Systems security book, O'Reilly has one I have heard good things about, I can't recall it's title. Note however that a general security book is not enough.
7. Various academic pubications and thesis papers. These can be an invaluable resource for descriptions of more esoteric attacks not covered in published books. These also have the benefit of assuming a much higher level of knowledge than most papers/websites/books for dummies.
8. OS Specific docs and books. In order to secure or break an OS you need to know everything about that OS.
9. Mailing lists such as Bugtraq and OS specific security lists will provide a history of previous vulnerabilities and solutions.
Security is a very broad and difficult subject requiring its practitioners to be skilled in many different areas. I hope this is a good transition and you enjoy your new post.
Cheers
For exceedingly large values of soon I guess....
Yes but I'm sure that is so long as Rob and Jeff work for Andover. They are nowhere near the top, Andover bought slashdot, they own it. Remember how they mentioned that they could only be fired for just cause? That's all Andover would need if Rob and Jeff no longer were beneficial.
Remember this next time you sign a contract, management will eventually try to fuck you, the best you can do is see it coming.
You don't get it, according to the stock market we have contributed millions. How much do you think they can make off ads. How do you think those ads are paid for? Maybe by our eyes grazing them (or the junkbuster denied logo...).
You call it whining and I call it consumer demand, we are far beyond the days of a couple kids writing shit while they weren't in class. They made millions off of our eyes.
No, it is clear that both you and the moderators who +3'd this do not understand open source.
Applying the GPL to a web application can be difficult because it can be confusing to determine when application is actually released. After that, enforcement of the GPL is straightforward. I think most reasonable people would agree that the web application is released when it is placed on a production server for consumption by the general public. As you can see slashdot is released, yet we have no code, this is certainly not open source.
Further if you had actually bothered to read the slash license... you will note that *gasp* it has an advertising clause.
Very well thought out argument except from one small thing.
If the risk of software competition is that great, if a system similar to slashdot but with a few, straightfoward enhancements could steal a multimillion dollar market... There are thousands of companies that could take it, with no need for slash. Put bluntly slash is not that hard to reinvent, it's simply a matter of motivating capable people and giving them the time to do it. I sincerely hope their business plan is not resting in no one having equally powerful software. Next time you use a medium sized commercial application, think how hard that would be to reimplement, then compare it to slashdot, see what I mean?
Some excellent points but one other reason for not releasing I've always considered likely is the security angle.
I would not be surprised if right now there is all sorts of security through obscurity hidden in the code. I think that is their major concern because the arrogance and lack of understanding of open source principles does not fit well with what I have seen of them.
The rather angry response from Rob to these sorts of questions is uncalled for. Due to their (well deserved) success and the commercial nature of Andover, their lack of true participation in the open source community will become more and more controversial.
Not necessarily, the best disaster weapon is whatever the user is most comfortable and best trained with, period.
However if the user is proficient with both a shotgun and a handgun, the shotgun would normally be the better weapon to have when cvilization collapses.
Since their website is unresponsive here is an activation key:
For the JBuilder Foundation download, please use:
Serial Number: xa33-?5t58-kqmn3
Installation Key: n75-ek2
I'll never understand why these companies force users to click through pages of bullshit just to try a product. Don't they realize we just lie to screw their data?
Not nearly as much as a Java or C++. VB is also generally for simple or poorly managed projects leaving it at the bottom of the pay scale.
Referring to women as chicks is perfectly acceptable among the teenage and 20 something groups.
Farily decent? IIRC level 5 is their super duper continously optimizing process. It is laughed at by most as vast overkill in nearly all situations.
Unfortunately the problem faced when trying to impose these extreme restrictions is that the SQA people work with the coders. We all know based upon human nature that reports will get fudged and the idea that the SQA people can remain at all independent is laughable. In working closely with the coders, friendships are formed and exceptions are made.
Also if you actually wanted contact info it might help to provide a private email address. I doubt anyone would want to provide it on a publically accessible and very well known bulletin board.
This works for small projects but only for small projects. This is the kind of shit my buddies and I did for our CS courses where the longest projects lasted a month or two.
This is not an appropriate forum for this question. The idea that someone could convey how to implement good software design in a 100 word post is ludicrous. This is something that someone who is serious would have to invest a great deal of time into.
Oh and as far as algorithmic proofs, they may not be right for you but there are some projects where a simple "Uhhh geee well it looks like it should werk" won't cut it. Sorry that plane just crashed, I guess the logic in that algorithm was flawed....
If you are serious about implementing good software design you need a helluva lot more that an Ask Slashdot.
There are a multitude of books written on the subject of software design including a whole field of software engineering. The fact that the documents are written in Word but Word is not available on Linux seemed to be a major focus of your question. As many will tell you, the document format you use is of course irrelevant, your goal should be to insure that those documents have the required information so that not only will any future employees be able to understand what the author has done but the author himself will also be able to review them to re-focus himself. As anyone who has ever worked on a large software project will tell you, you WILL lose track of your original goal, you WILL get distracted by relatively minor issues. Hell it even happens on small projects.
I personally lean towards Object Oriented Analysis and Design (probably because a certain professor pounded it into my head). There is a whole series of books cropping up around the Unified Modeling Language which you may want to read if you are serious. It provides a way for you to represent you system because let's face it, words are not sufficient and MS Clip Art while better than some OOAD packages *cough* Paradigm Minus *cough* just won't do.
I'd learn the concepts before worrying about what packages are out there and what platforms they happen to run on. In the end it won't be nearly as important as you think.
It is exceedingly unlikely that a lack of memory would change the system's state in such a way as to allow you to gain any elevated priviledges. In other words a waste of your time if you want to crack it. However if you merely want to keep their web server down, go to rootshell and download something like syn4k.c or whatever the hell the latest / greatest is. This way you probably won't get your account canceled and it may actually deny service. Hint, if they know your real ip they can simply block it. Further hint, using a raw socket, you can build your own packet including the source ip . Congrats you are well on your way to becoming a script kiddie.
Of course if you were using FreeBSD with it's securelevel properly set as well as immutable flags properly set, rm -rf / would not completely destroy the system.
In the past (for UNIX systems at least) it had been widely regarded that obtaining root meant that it was game over. I think it is important to realize that this may not always be the case. I have noticed a maturation of UNIX systems with respect to security. A possible next step is to use cryptography to ensure that 'root' really is the person authorized to replace the kernel. Unfortunately I also believe that some of this will be done with new hardware devices and I am not confident that they will support a BSD or even Linux.
What's worse, you can drive at 16, I think we have our responsibilities slightly screwed. :)
I do not equate free with liberal but that is a very different thread (yes, I'm a card carrying libertarian (and nra member)).
If you play it cool, you probably won't have any trouble. I assume you are about 18 and look it, if you are 13, sorry but you may as well not even try. Then again I've seen some stiff enforcement so it's always a crapshoot. Here's a good example, I was at Woodstock and on the roof of their Beer Gardens (only place they sold beer) were two NY state troopers making sure no one underage got in. This is a strange country indeed.
Sierra Nevada, Rogue, Dominion for a good local brew.
Most chicks I know refer to themselves as chicks. I guess some people are overly sensitive to perceived slights.
Heap based overflows are very similar but they occur in the data (bss) segment of a program. w00w00 on Heap Overflows has a pretty good explanation.
Yes some operating systems do have non-executable stacks, I am unsure if Digital UNIX is one of them but it wouldn't surprise me. I do know Solaris has this feature (though there are/were some flaws, search bugtraq archives for more info). Linux does as well through Solar Designer's secure-linux patches (http://www.false.com/security/linux/ index.html ). This may only work with Intel Linux, I haven't used it elsewhere. Gory details of how it works are include with the patches. Beware however that these are not perfect and can be defeated. Also note that there are good uses for executable stacks, search on "gcc trampolining" for some examples and discussion.