How to write a virus, an old-school / real virus, not a trojan horse which mails itself around and seems to be called a virus these days. sigh.
1. Find a random.exe file upon the computer.
2. Append a copy of yourself to it.
3. Adjust the entrypoint of the code to jump to your newly appended code, so your virus gets executed when the.exe is run.
4. Redirect control back to the "original" entry point.
Job done.
There were a lot more things you could do back in the day, when you could have TSR-like components to your virus, and etc. But mostly it came down to writing a big of code that was relocatable and knowing how big it was. Then you could append it to a.com file and replace the first three bytes of the.com file to jump to it, infecting another file, then jumping back to the previous entry point.
I used to do it for fun, because it gets interesting when you can infect multiple file types,.com,.sys,.exe, and you can play around with self-modification. Still not something I've had much time for after around 1996.
We've found it useful for all those kind of automatic mails to go to root@company.com - and have that be a mailing list.
That way all IT people can read the messages, and reply to them.
My personal opinion is that I want to see absolutely no non-error messages getting sent there. I don't want to read through 500+ automated messages saying "All is well", and risk missing the one that says "RAID controller died".
I'm on XP Pro and I have absolutely no desire or see any reason to upgrade to Vista. And from what I've seen so far about Vista, my next hardware purchase will not have Vista on it.
That is how I felt about Windows 2000, when I was working with it.
It is amazing how much it feels like history repeating itself. Windows 2000 was one of the better releases of Windows, and certainly the only one I'd use now if I had to use windows at all. (Assuming hardware support.)
If there are only a few available right now they'll be expensive. But by the time hundreds/thousands are washing up on our shores the price will plummet.
My suggestion: Start selling fakes for the next month or two;)
That might be true for you, but not for other people.
I run Debian unstable upon my desktop, but if I want to build Debian packages suitable our the Stable release, or even CentOS5 RPMs and SuSE RPMs, what should I do? I could use chroot(), or I could use virtualisation. That latter is what I do, because it is more "real" and allows me to run X, etc.
There are many times when it is useful to run distinct copies of Linux upon one host, for example a hosting company giving user's their own "real" system, to build packages for multiple distributions, to test software without messing up your development system, automated testing systems, and more.
Yes you can do that without virtualisation, but sometimes it isn't as neat.
If you have VT-capable hardware then you can run Windows under Xen. You do need the hardware to support it though, and that is a problem for some home users. Recent AMD and Intel chips have slightly differing VT support but both work.
I run Xen at home along with xen-tools (which I wrote) to easily create new Debian guests on demand. These are used for software testing, hacking, and general service isolation.
I think Xen is just now reaching "mainstream" in the sense that you don't have to be an early adoptor or major tinkerer to get it working. Now that distributions are including Xen kernels in their newer releases it really us available for all.
I've spotted many security issues, and the fact that we see more reported every week is proof enough that people do look at the source. If nobody looked we'd have no new reports, right?
It would be nice if all drivers were open sourced, but reality says it will never ever happen. So Linux is either faced with being continually several years behind the curve, or getting pragmatic. It's hard to see how it will ever conquer the desktop or even become mainstream when it passes up one easy way to win a lot of converts.
Here's the thing though; "Linux" doesn't care.
I've been using Linux on my desktop for the past few years (more than that really!) and I couldn't care less if it takes over the world or becomes mainstream. So long as I can run it on my system(s) and on the servers at work I'm happy.
Thats probably how a lot of people feel.
Too often people say things like "Linux isn't ready for the mainstream/desktop because of XXXX" - and each time XXXX is something that is usually very niche orientated, or something that is personally important to the speaker.
3d graphics? I couldn't care less. I can watch full-screen movies with Xine with no lag, more than that I don't care.
I'm not suggesting you're wrong, and I'm not suggesting that people wouldn't switch more easily if such features were available. But I'm saying that not everybody has the same needs as you.
Similar "fixit" work would be as a plumber, or a locksmith. You could even be on-call for those for rediculous salaries.
Personally I'd not be interested in locksmithary, but people will always need plumbers. Especially at random hours of the day. Dealing with water is very simple if you can gain the appropriate certifications for your locale.
That is one approach - writing documentation for games/software, and trying to get it included in the future releases.
Another approach is to start writing guides on how to use software, configure it, etc. Then submit that documentation to the appropriate forums and wikis.
I started a site aimed at documentation useful for Debian, which is nothing more than a collection of individual articles on a few topics. Despite that it has been very useful to myself and others. I'm not suggesting you setup your own site and fragment things further, but I'm sure there are markets for many beginner-level (and more advanced) introductions to particular software applications and packages.)
"sudo nano/etc/sudoers" - then give yourself the ability to sudo svn;)
On a more serious not it is scary how easily people can leak permissions in setups like this. Any editor which can invoke a shell shouldn't be added to a sudoers file, since that allows them to shellout to root. Similarly allowing people to install packages is usually equivilent to root access - even "make install" can be dangerous..
I don't work for an ISP, just a small hosting company. But we respond to each and every incoming SPAM/abuse report. It eats up valuable time, but ignoring it just isn't something we should do.
10 CLEAR 12345
30 FOR F=12345 TO 1E9: READ A
40 IF A<256 THEN POKE F,A: NEXT F
50 RANDOMIZE USR 12345
That way you could terminate your DATA with 999, or similar to break out.
I'm impressed (suprised?) that I can remember 201 == "ret" in z80 machine code, though it's been a long time since I touched it.
One of the nice things about starting with Z80 machine code is that x86 intel code was very similar. (I think Zilog, the makers of the Z80 chip were ex-intel?).
That isn't entirely true. Sure code might exist in the wild which uses old instructions, but it wouldn't need to be rewritten - just recompiled with a suitable compiler. (Ignoring people who hand-roll assembly of course!) (Of course whether the source still exists is an entirely separate issue!
However with all the microcode on board chips these days it should be possible to emulate older instructions, providing Intel can persuade compiler-writers to depreciate certain opcodes the situation should essentially resolve itself in a few years.
Reason #2 is g-cpan, and things like it. Ubuntu has to manually go and re-package CPAN libs, Gentoo can automagically generate them for things which don't require special care
Interesting, I didn't know that gentoo had special handling for that.
Debian, and by extension Ubuntu, can also automatically generate packages from CPAN using the dh-make-perl tool, as described here.
I find that 90% of the Perl packages I commonly use exist as packages in the official repositories, and the others I create myself. I don't like mixing packages and CPAN - and usually stick to only Debian packages on my machines.
You need somebody to write the comparisons. Somebody either unbiased, or capable of overlooking that.
You need somewhere to host the writeup(s).
The bigger problem is that very few people write documentation, and yet so many people seem to want it. I started some here, and have been lucky enough to get a reasonable number of submissions from external people. But the fact remains if you wait for people to volunteer to write documentation.. well you'll be a long time waiting.
Most people don't seem to realize that they can't just pop as many phones as they want on their line and still have everything ring. I would gauge 4 modern phones to be the limit for most households
Over here in the UK we have a measurement for this REN:
REN (Ringer Equivalence Number) measures the load a device places on the line when ringing. A normal BT line will support a REN of at least 4, in other words at least a total of 4 phones/fax/modems should work on any line so long as their REN figures added together don't exceed 4.
The REN is normally found on a label at the base of the machine (near the green approval symbol).
I've never seen a phone device with a number of higher than 1 upon it - which would support your four devices, but I'm sure it is possible.
Slashdot Mirror
How to write a virus, an old-school / real virus, not a trojan horse which mails itself around and seems to be called a virus these days. sigh.
Job done.
There were a lot more things you could do back in the day, when you could have TSR-like components to your virus, and etc. But mostly it came down to writing a big of code that was relocatable and knowing how big it was. Then you could append it to a .com file and replace the first three bytes of the .com file to jump to it, infecting another file, then jumping back to the previous entry point.
I used to do it for fun, because it gets interesting when you can infect multiple file types, .com, .sys, .exe, and you can play around with self-modification. Still not something I've had much time for after around 1996.
You're correct. Protected mode means something different in this context.
Nowhere near as much fun as handling triple faults in your assembly code!
We've found it useful for all those kind of automatic mails to go to root@company.com - and have that be a mailing list.
That way all IT people can read the messages, and reply to them.
My personal opinion is that I want to see absolutely no non-error messages getting sent there. I don't want to read through 500+ automated messages saying "All is well", and risk missing the one that says "RAID controller died".
That is how I felt about Windows 2000, when I was working with it.
It is amazing how much it feels like history repeating itself. Windows 2000 was one of the better releases of Windows, and certainly the only one I'd use now if I had to use windows at all. (Assuming hardware support.)
A better solution is to use mongrel running on localhost:3000, then use Apache's mod_proxy to proxy to it.
That loses the overhead of parsing .htacess for each request.
See here for a Debian-centric guide.
If there are only a few available right now they'll be expensive. But by the time hundreds/thousands are washing up on our shores the price will plummet.
My suggestion: Start selling fakes for the next month or two ;)
:)
That might be true for you, but not for other people.
I run Debian unstable upon my desktop, but if I want to build Debian packages suitable our the Stable release, or even CentOS5 RPMs and SuSE RPMs, what should I do? I could use chroot(), or I could use virtualisation. That latter is what I do, because it is more "real" and allows me to run X, etc.
There are many times when it is useful to run distinct copies of Linux upon one host, for example a hosting company giving user's their own "real" system, to build packages for multiple distributions, to test software without messing up your development system, automated testing systems, and more.
Yes you can do that without virtualisation, but sometimes it isn't as neat.
Using POST will help, but it doesn't solve the problem.
An attacker could still host a hidden FORM pointing at your local application, and use Javascript to submit it.
There is a simple example / introduction to CSRF attacks here.
Not true.
If you have VT-capable hardware then you can run Windows under Xen. You do need the hardware to support it though, and that is a problem for some home users. Recent AMD and Intel chips have slightly differing VT support but both work.
I run Xen at home along with xen-tools (which I wrote) to easily create new Debian guests on demand. These are used for software testing, hacking, and general service isolation.
I think Xen is just now reaching "mainstream" in the sense that you don't have to be an early adoptor or major tinkerer to get it working. Now that distributions are including Xen kernels in their newer releases it really us available for all.
People do though, thats the thing.
I've spotted many security issues, and the fact that we see more reported every week is proof enough that people do look at the source. If nobody looked we'd have no new reports, right?
Nice to see you pimping xen-tools :)
Here's the thing though; "Linux" doesn't care.
I've been using Linux on my desktop for the past few years (more than that really!) and I couldn't care less if it takes over the world or becomes mainstream. So long as I can run it on my system(s) and on the servers at work I'm happy.
Thats probably how a lot of people feel.
Too often people say things like "Linux isn't ready for the mainstream/desktop because of XXXX" - and each time XXXX is something that is usually very niche orientated, or something that is personally important to the speaker.
3d graphics? I couldn't care less. I can watch full-screen movies with Xine with no lag, more than that I don't care.
I'm not suggesting you're wrong, and I'm not suggesting that people wouldn't switch more easily if such features were available. But I'm saying that not everybody has the same needs as you.
Similar "fixit" work would be as a plumber, or a locksmith. You could even be on-call for those for rediculous salaries.
Personally I'd not be interested in locksmithary, but people will always need plumbers. Especially at random hours of the day. Dealing with water is very simple if you can gain the appropriate certifications for your locale.
That is one approach - writing documentation for games/software, and trying to get it included in the future releases.
Another approach is to start writing guides on how to use software, configure it, etc. Then submit that documentation to the appropriate forums and wikis.
I started a site aimed at documentation useful for Debian, which is nothing more than a collection of individual articles on a few topics. Despite that it has been very useful to myself and others. I'm not suggesting you setup your own site and fragment things further, but I'm sure there are markets for many beginner-level (and more advanced) introductions to particular software applications and packages.)
"sudo nano /etc/sudoers" - then give yourself the ability to sudo svn ;)
On a more serious not it is scary how easily people can leak permissions in setups like this. Any editor which can invoke a shell shouldn't be added to a sudoers file, since that allows them to shellout to root. Similarly allowing people to install packages is usually equivilent to root access - even "make install" can be dangerous..
Seconded.
I don't work for an ISP, just a small hosting company. But we respond to each and every incoming SPAM/abuse report. It eats up valuable time, but ignoring it just isn't something we should do.
Indeed, and they work with Mainsoft for the Unix ports of some of their applications. (Not to mention Microsoft Xenix back in the day!)
The way I did it was to use something like this:
10 CLEAR 1234530 FOR F=12345 TO 1E9: READ A
40 IF A<256 THEN POKE F,A: NEXT F
50 RANDOMIZE USR 12345
That way you could terminate your DATA with 999, or similar to break out.
I'm impressed (suprised?) that I can remember 201 == "ret" in z80 machine code, though it's been a long time since I touched it.
One of the nice things about starting with Z80 machine code is that x86 intel code was very similar. (I think Zilog, the makers of the Z80 chip were ex-intel?).
Random Spectrum hack I just found googling for my own name!
That isn't entirely true. Sure code might exist in the wild which uses old instructions, but it wouldn't need to be rewritten - just recompiled with a suitable compiler. (Ignoring people who hand-roll assembly of course!) (Of course whether the source still exists is an entirely separate issue!
However with all the microcode on board chips these days it should be possible to emulate older instructions, providing Intel can persuade compiler-writers to depreciate certain opcodes the situation should essentially resolve itself in a few years.
Interesting, I didn't know that gentoo had special handling for that.
Debian, and by extension Ubuntu, can also automatically generate packages from CPAN using the dh-make-perl tool, as described here.
I find that 90% of the Perl packages I commonly use exist as packages in the official repositories, and the others I create myself. I don't like mixing packages and CPAN - and usually stick to only Debian packages on my machines.
Ahh I misunderstood - for some reason I was thinking of "comparisons.debian.net", or similar, linked into package descriptions..
Good idea :)
The problem here is two-fold:
The bigger problem is that very few people write documentation, and yet so many people seem to want it. I started some here, and have been lucky enough to get a reasonable number of submissions from external people. But the fact remains if you wait for people to volunteer to write documentation .. well you'll be a long time waiting.
Over here in the UK we have a measurement for this REN:
I've never seen a phone device with a number of higher than 1 upon it - which would support your four devices, but I'm sure it is possible.
More details from Wikipedia.