Jump to content

AtomicMaster

Senior Members
  • Posts

    157
  • Joined

  • Last visited

Everything posted by AtomicMaster

  1. I strongly disagree with the statement "Learn C first". And it's not because i am against C, or anything like that, but you actually gain a better understanding of modern programming by learning C++ over learning plain C. Yes, there is nothing that C++ does that you can't do in C via crazy, usually highly round-about way of doing things, but C++ will teach you modern programming without loosing track of the origins. After C++ Java will make some sense, C# will be cake, and any C-like language syntactically (PHP, JS) or any modern OO language (Ruby) will make sense a lot more quickly then if you learn C... Learning C++ is very possible without knowing C, but trying to understand modern programming paradigms is much more difficult if you learn C first; why do you need objects, why do you extend things, what is polymorphism, why would you use templates, what is a diamond problem, etc. There is nothing wrong with learning C++, you can do cool things in any language, but you cant understand modern programming paradigms learning an a language that can not express them. Learning to program is learning how to think of things, not how to write things, while syntactically C++ differs from some even more modern languages, syntax can be easily looked up, not knowing how to approach a problem because you don't understand a particular language structure can't. Another thought: Because you are typically taught up (from functions to classes to datastructures to advanced classes to advanced structures to crazy stuff) when you have a problem that you would typically use a more complex structure than a language may support, you know other ways to solve the same problem (usually requiring more code), but if you dont know the higher level solution, you may end up always writing much more code for the solution...
  2. The insecurity introduced by the echo/eval is new... As is the inefficiency
  3. "... as I discuss in my book Earth in the Balance, and the much more popular Harry Potter and the Balance of Earth, we need to defend out planet against pollution. As well as dark wizards." ~ Al Gore's head
  4. Let's talk about javascript injections And as much as i love talking about specific injections, javascript and javascript obfuscation (heck i wrote a parser/obfuscator/reassembler), since we are in the CS section, let's actually talk about XSS from the perspective of comp-sci. Let me start with classifying the type of attack/error, then dig deeper to cause, find relatives of the errors. Or at least that's where i will start, if anyone wants to have an intelligent discussion on the topic, hopefully they will jump in and we can go for it Classification LangSec Inter-Language Interoperability Error Injection of code by making a parser think of user data as code is the typical trait of any Language Security Issue, thus its a LangSec error. Furthermore, this does not necessarily occur as a result of a poor language implementation, but rather due to language interop (see cause), and thus it's an inter-language interoperability error. Cause Because the internet is a tangled web of unrelated technologies, which all speak different languages, to be successful at providing programs that operate within the internet paradigm we haven't a choice but to use multiple programming languages to combine necessary technologies for the software to work. e.g. When we pull up scienceforums.net (leaving the low-level languages aside), our HTTP request gets processed by the web server (most likely apache), which extracts data from the request and passes it on to PHP, PHP needs some data, which it doesn't store, so it talks to a back-end (most likely) MySQL (though it could also have other things it talks to, like Memcache), but let's keep it simple, we have PHP and MySQL. When MySQL is done it replies back to PHP, which then finishes processing our request. Since the page is not simple, PHP replies in JSON to the JavaScript which made the request, which then parses the JSON and puts it in the corresponding context(s) of the DOM as HTML and CSS. So we have HTML talking to PHP which talks to MySQL, which talks to PHP which talks to JavaScript which outputs to the DOM. The problem with these technologies is that most of them have no way of communicating to each other what is user-data, and what is not. There is no standard, there is no special back-end way to share state-machines, so the only thing that all these languages ultimately understand is strings... (this has been changing with some of the mentioned languages, but let's forget that for a minute). Since it is a string, the next language in line has to build it's own state based on the input it has, which to it seems all like programmer input, so as soon as you reach this gap in language interop, the next, and every other language after that looses the exact notion of what the user input originally was. And of course none of these languages speak any of the other ones, and so they can't know what is a good and what is a bad input (i.e. to sql the string of alert(1); means really nothing, well syntax error, while to JS, the same string means something entirely different) So following this issue from a cause perspective we learn that XSS is actually caused by the same core issue that causes SQLi errors. They are, in fact, twins
  5. They do, I guess I learn something every day...? Sorry it's been years since I have had a system insecure-enough...
  6. So can Python, C# .net with Mono, and both are arguably more platform independent than Java, Java heavily depends on the runtime environment, libraries available in Oracle JRE for example are not all avilable in OpenJRE or Dalvik. And Java doesn't run on every machine, if oracle doesn't make a JRE for a platform, Java doesn't run on the platform, at least well, take Raspberry Pi for example... Mr Greg, JS many beautiful things exist; jquery (i use it all the time), angular, node (can be very useful) and the ones i've been looking into lately three and ember which is kind of like RoR, but in JS and for browser-side apps...
  7. The article you link to mentions one "brain expert". And I can be sure that in the way that the internet currently works, it can not be a conscious mind, for example, simply because currently the internet is extremely deterministic, in order to tackle deductive reasoning and problem solving (just a couple of things that are defined under intelligence), a mind has to provide uncertain answers.
  8. It was some years ago, i suppose it could have been algorithm-driven.
  9. HTML is not a programming language. ecoli, if you are looking into doing computationally-heavy modeling work, for really heavy stuff, like i work on a system with over 1000 GPUs kind of stuff, focus on C++ with MPI and Cuda, if you are looking at the financial market, then learn Java.
  10. Oh no doubt. I am a firm believer in that if you know how to code, language is (within reason) just a syntax to express your solution.
  11. I recall working on this back in 2009(ish) If you want a speedy algorithm for checking a large amount of numbers for primity; bool is_prime(int num) { //lets see we need to check for a couple of things first //compare to single digit primes, why? they are the only ones with irregularities if (num < 8) { static bool firstPrimes[] = {false, false, true, true, false, true, false, true}; return firstPrimes[num]; } //now lett's check for simple division, this weeds out a LOT of numbers if (num%2==0 || num%3==0 || num%5==0 || num%7==0) { return false; } //exploiting what we know about the prime set, weed out even MORE numbers if((num+1)%6==0 || (num-1)%6==0) { //unfortunately we still need to do this, this is the only way to check if the number has prime factors... int to = sqrt(num+1); for(int i=2; (6*i)-1<=to; i++) { if(num%((6*i)+1)==0 || num%((6*i)-1)==0) { return false; } } return true; } return false; } Sensei, if i recall you should do value+1 to eliminate some false-positives due to casting. Raj, that C++ is very basic, so basic that reading 10-12 pages into a C++ manual/text book should give you all the knowledge to understand everything there except for type-casting.
  12. Attempting to answer/comment on everything up to this point: The thread is about languages to learn, not necessarily good languages to learn to program in. If we were talking about best beginner languages, then i think that no language is better than Python; it was developed for the purpose of teaching people how to program. Not sure what John is talking about, Python is no more difficult to learn than PHP or Ruby or JavaScript, it is easier than Java unless your background is strictly in C++. C has tons of uses, there are things that just don't need object orientation, like boot loaders for example, memory management, and tons of other OS/Firmware areas. But what you loose in C++, specifically direct memory management of your program environment, is a necessity, and so C, even assembly is still useful. And it's still simpler than C++, OO, while having its' uses, sometimes makes code extremely complex. Modern compilers don't care where the variables are declared, there would be no gain in performance if the variables were defined all over the code (like in C++), its just how the language was defined in 1972 because it was easier back then to do it that way, and because you can still compile a program written in 1972 on modern compilers (i.e. the language has changed very little and is extremely backwards-compatible), and for the most part vise-versa, you have to declare your variables in the beginning. Syntax highlighting has been around for a while, and everyone SHOULD use a syntax-highlighting text editor to program (if they are not using an IDE, which i prefer not to). I do not understand any teacher that forces their students to use something nano-like. What you use for an editor is your choice, but use modern editors, they will help you write less error-prone code. Also as a point of note, Sun Microsystems was around for 28 years, and seized to exist in 2010. Java appeared in 1995 and since acquisition in 2010 has been developed by the Oracle corporation. Also what does it mean "That language was barely even broken into!"? C# is pretty cool, when you use it with Mono And yes, programming has changed significantly since the 1980s
  13. Not necessarily computer scientists, danston. Hardaware layer can be conceptualized by theoretical physicists, designed, analyzed and tested by chemists, applied physicists and engineers, who are all qualified for their respectful positions. Computer scientists will likely not touch this new hardware layer until it is already shown to transfer signals with some reliability...
  14. Motherboards list what memories and memory speeds they support, CPUs have clocks and MICs, which have memory they support, so choose from the center of the venn diagram. The following guide should be helpful too: http://www.tomshardware.com/reviews/phenom-ii-ddr3,2319.html
  15. http://www.9tut.com/subnetting-tutorial That should make up for your notes. As far as i can see (glimpsing over) none of the answers are correct for the assignment.
  16. ... You can't solve the halting problem "by examining program code, determining if the code halts or runs indefinitely" by running the program. It's like trying to determine what a modern nuclear weapon would do to a city the size of LA by firing an ICBM at LA... You don't "need" anything, the halting problem solution would however tell you that a program that infinitely recurses, recurses infinitely. Without running it, and without running into a stack issue. And it's not a non-issue, it's a non-undetectable problem due to the limitation of current CPU design. Imagine if we had a CPU that during recursion would never run out of stack, maybe there is no stack there to fill up. Solution to halting needs to work for code, any code...
  17. It may be more difficult to exploit it remotely, without any physical access to the device and thus useful debugging ability, but even still it is possible with some effort. When your networking code segfaults because of my packet, i get direct feed-back (or lack of any response) about this happening, so with significant amount of trial and terror, you could potentially fully exploit even such a system. It becomes easier if i can have a copy of your system running locally, or if i can get remote feedback (dump perhaps) or remote debugging-ability from your system. On top of this, if you run other people's software on top of your OS, weird machines that i build inside that software when i exploit it can still work as they worked before and on other platforms. I should say that there is no such thing as completely secure software of any moderate or high complexity... at least none yet. Trust is a part of any interaction you have with any person or object, it is implicit and thus easily given. If you are in the middle of a desert, you see a chair, and you come over to it and sit down, you automatically trust that the engineers who designed this chair, designed it so it doesn't kill you, that the people who produced parts, followed the engineering and material specifications, that people that put the chair together did their job. You don't make a conscious decision to trust all these people and processes that you don't know, but your trust from your action is implied by the said action. There are many levels of trust missing out of this, and many, many more parties that are involved. The lack of trust may come from simply choosing to not trust. I should throw in another term here, which is reliance. For example, I may not trust the ISP that i use with my data, but yet i have no other choice but to rely on them to transfer my data. Or for example i can trust a network, but i may not be able to rely on the said network to transfer my data. You have a choice of an OS, and there are plenty of choices there just like there are in browsers. You don't choose a browser for how well it parses a GET request, and i can tell you that writing a browser is no trivial task; modern browsers are extremely complex, not quite as complex as an operating system, but still complex enough to have teams of hundreds of developers, testers, qa people working on them full time, putting in thousands and thousands of man-hours every month. I have a few machines with a multitude of operating systems, installed and virtualized, some i trust more than others, none i trust completely, some are completely free including all the software that i have chosen to run on these operating systems, none of which is pirated, others are not (not all of the software that i use is free as in freedom, and not all of it is free as in free beer). As to the last part there, i can tell you that it is fair to say that a lot of times there are more vulnerabilities in the piratable software (regardless of you running a pirated or a legitimate copy) then there is in open and free software. This is mainly due to the release cycles and the ability of vendors to adapt to modern-day security... Topic for a different discussion perhaps
  18. I am only arguing the silliness and needless complexity of the suggestion of your original question; to the original question, as far back as the first response i said: There are tools for static and dynamic analysis which to some extent can examine source code for bugs, and so potentially such systems can look at heuristics and perhaps certain actions to look for secret back-doors, but those would be fairly easy to bypass. There are sandboxing methods for software, but those are reactionary, they look at what the software does to classify the software, but no such systems are in play for running monitoring full-blown OSes (well ish), and again they would be very reactionary. There is currently nothing to my knowledge that can examine a full system to see if there is hidden code in it that is meant to provide a secret back-door. Every way that i can think of, and thats both with and without having actual source code, can be bypassed. Unfortunately context-free grammar of programming languages makes things easy to hide and system nature of the software, such as an OS, makes some techniques that i am thinking about not even applicable. The problem you propose is very involved and difficult, perhaps unsolvable. As with math, sometimes a simpler problem, but one very similar to the original may be a way to find how to solve the original problem. So to try to come up with some answers, lets make this a lot more simple. Lets say that what you have is a website, a modern one, how do you build javascript that that detects whether or not the other code on the page is not malicious. Looking at it as the different parties involved in the thought experiment: On one hand as a system user, i am oblivious to the fact this code exists. On another hand, as someone who is trying to break this system, i have everything in front of me, including the protection mechanism, so i win by default, or do I? On the third hand, if i am writing this, i have no way to know if the original code that is provided by the website developers already has back-doors built in, and if that is the case how can i, and should i even try to detect these holes On the forth hand, if i am the website, i have no real way to definitively say that the security introduced by this code that verifies my code, whether i can trust it, and whether or not it itself doesn't inject new ways of getting owned. So as far as i can see, there are four separate parties: black box, black box that's operating in black box to make sure that the outer black box is indeed a black box, a user that relies on the black box to be a black box, and someone who thinks that one of the black boxes is actually a puzzle box with a treat inside. None of these parties can trust the other, and yet they have to depend on each-other for this system to work correctly and safely. The first step to the solution, and feel free to correct me here, is to solve, or at least simplify or even fully dismiss the trust problem here. Lets start there?
  19. Firstly OSI is just a conceptual way to represent a conceptually-separated model of a network. Nobody needs to build an OSI model for a newtork card, and surely if that need arose, nobody would do it in assembly; there's no need. Secondly writing anything in assembly doesn't magically make it fast, or secure, it does, most times, make it needlessly complex. Certainly not undoable. The progress is shorter. A competent dev can fully implement multiple attacks a day (3-4) starting say at nothing more than a description given in a typical CVE. Lol, let's pretend i am an attacker: If i'm in a pinch and i need to infect many machines at the same time, I'm not infecting 100000 machines from my computer, that would be stupid; what i am doing is going to a newly published list of stolen CC and renting out a botnet, I am doing this from my car, in a parking lot of some coffee shop, or just some neighborhood with an open wifi. Then from another coffee shop, at another time, i fire in code for the botnet, the code includes my worm. I do this from a laptop with a live cd running from a thumb drive, and with a wifi card that i burn immediately after use (not the laptop, but the other things). If i am not in such a hurry, i just mitm a coffee shop wifi and inject code to download my virus next time you download anything from the web into [fill in your favorite social media site here], tell it to cache for 10 years while i'm at it. All my virus has to do is replicate over local media, as long as it stays out of detector range, and it wont do weird things on the computer, it will be able to spread wide before it is detected. So, what ISP are you talking about? Even if i theoretically was stupid enough to upload the first round of worms from my own home, transferring lets say 3 megabytes of data, which is a horribly bloated worm, to say even 100 computers i found with a single shodan query, this still puts me at 100:1 ratio of infections to your method, and thats at generation 1 (and no ISP will wonder about 300M of upload). After generation 1 this spreads in a progression relative to the way i chose to propagate my virus without involving my connection, while you have to rely on other people seeding, or have to seed copies yourself... yeah... And digging through 50 million lines of code requires no knowledge or any special build environments or applications at all, how do you imagine this works, you just hit a "Compile" button? In 2012 there were 1765 cves with the cvss score of 7-10 (thats High, usually means code execution), of which 1675 were network access vulnerabilities, 1634 of which required no credentials, 1466 of which had a low or medium complexity... That's still over 4 a day discovered. For a person with the level of knowledge that can pull off putting in a key logger and a back door into 50M lines of windows code, and be able to build the os, it won't take very long to find a fully exploitable vulnerability, days maybe? I mean if they have windows code, they can just run static analysis on it, I am sure that will bring up plenty of problems/places to look into. Or you can be a curious person who likes to break things (i.e. a geek or a hacker, which are fairly synonymous terms) with no obligations, time on your hands and access to the internet i.e. almost any college student. You must be joking... Oh yes, i totally forgot about the "Add Invisible Back Door" check box in the Visual Studio project parameters... I am saying that this level of sophistication doesn't require compiling and distributing and OS. This happens in the real world (examples were given), and that since we know about them, there is a way to detect them, usually when they are activated and do bad things; malware detection, reversing and identification is a reactionary science by its nature. One can significantly limit such possible problems just by using open systems. Nope, sorry, that is incorrect. With the sophistication of modern malware, no user interaction is required at all, you simply will not know when or how you were infected, even following fairly strict security practices. It is already being done, just not by a lone attacker that gained access to 50,000,000 lines of code and now wants to distribute their own ISO; that's just silly. Both US and Chinese-based companies have included back-doors into their product, but that's the actual developers being told by the state to do something. It's just needlessly complex, unrealistic for a non-corporate or government aggressor, and clearly not even the approach that someone with hundreds of millions of dollars of funding will even take. As stuxnet and duqu clearly showed. kiddie script as a term makes no sense, it is not a security-term, it is not even a term that google can find, script kiddie, on the other sense is both a security term and it makes sense Again, no idea what a kiddie script is. I have a very good idea of what a hash table is, but i have no idea about it's relevance to the topic. What are you doing that requires "speeding up" via a hash table?
  20. A prostitute that fell asleep on the back seat of a semi split the victory podium of Paris Dakar...
  21. Sorry, historical malware data shows this to be false many, many times over. Viri like Alureon, that was a remarkable bootkit, which still had millions of machines infected this time last year, massive spreaders like Conficker, and insanity like Stuxnet, which spread a remarkable amount of ways (and it was in the wild for over a year before it was detected) there is plenty of data that shows that it is a lot easier to spread the types of malware i am talking about, then it is to spread a seemingly-legitimate copy of windows. During Conficker.B outbreak the amount of new hosts infected per 1 hour was fluctuating from 75 to 140 thousand, which continued for a great number of days! To spread that amount of windows XP copies (only assuming 300MB) in that kind of time, you would need a nice and brisk 90 gigabit pipe, and your Teir 1 ISP, i assure you, would not ask any question about what this data is... As far as what is involved, i can assure you that compiling windows is not quite as simple as issuing a make, or pressing the "Compile" button, and because you would have to go through hundreds of thousands of lines of code before you can even take a gander at where to put the rootkit into the OS, and then you will have to actually compile it, QA a full OS, and thats before the logistics of distributing, and the fact that you will be discovered as soon as anyone looks at the md5 sum of your iso (if you choose to distribute it as such). In the end, i am just saying, there are a LOT easier ways to distribute the same code... Why would i do this? Breaking this into pieces and answering each one. There is no difficulty with scanning for ips, it takes less than a minute to scan the most popular (1024) ports through 65535 hosts (thats a /16 or a med-large corporate intranet, just for a size comparison), thats besides the point of why you would do something like that... You don't have to scan either, you can just sit and listen for services, some are quite chatty. Checking ports and services running on them is trivial, especially when you know exactly what you are looking for, but even scanning and identifying every port and every service on a machine takes some seconds, maybe a minute? You know exactly what version(s) of what service(s) you have an 0-day for in these situations. You also know exactly as what privilege that service is run (user, system, other), and you already have a priv escalation (if you need one) ready before you even connect or distribute these kinds of things, and your payload just works, regardless of machine, user, etc, if it doesn't you go and find a vuln where it always does and use that one... The term script kiddie doesn't come from being able to write a simple script to take over a machine, it comes from a complete cluelessness about what the security script/program does and so simply executing whatever program you saw or downloaded that was promised to attack in an attempt to take over a machine; like a kid. Hence script kiddie. No idea where you are going with the hash table...
  22. my natural logs are rusty, but if i recall: [math]ln(e^{e^k})=e^k[/math] [math]ln(e^k)=k[/math] [math]ln\left( e^{e^k}\right)^k=ln(e^{e^k*k})=e^k*k[/math] so second relationship should therefore be: [math]e^k*k, e^{e^k*k}[/math] (feel free to check all that though)
  23. And i am telling you that this is a poor assumption to make, even with recursion and loops. Examples: Socket, or IPC-based programming will include loops like this all the time: while(1){ if data on socket read break else sleep } So this causes a false-positive for infinite loop detection Any sort of more advanced programs will include structures, structures that will be passed to code that may recurse, but here's the kicker, how do you know what changes in those structures are relevant to the recursion? The only thing being passed to the functions will be a pointer... To the same point: recursive searches or traversals of datastructures will often pass the same value into the search function, and as we shift locations in the tree, we will perform a recursive search(the same data) These would be false-negatives as you keep track of all the variables and values. I mean yes, your code will work in very specific cases, but again, so will a /while\s*\([1|true]\)/i
  24. Young son of a prison guard wakes up every morning when his dad runs a baton across the posts of his little crib.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.