短篇小說《我是一名黑客》討論

valentine

原帖由 colddawn 于 2006-4-24 09:54 發(fā)表
關(guān)于溢出，確實應(yīng)該是有從用戶態(tài)安全上下文溢出到root權(quán)限的可能的，樓上那位說人buffer overflow沒學(xué)過的人難免有點誹謗的嫌疑了，作者這篇文章既然是小說了，不可能每個技術(shù)細(xì)節(jié)都符合現(xiàn)實狀況，可以允許稍微夸 ...

Yes, it's easy to say what a buffer overflow is. But never say unix/linux is unsafe because there's buffer overflow, that sounds extremly ridiculous and miss leading.

Be advised, if you want to talk about BO, you should say something about a specially unknown/unpatched BO vuln exist in a speical application on the certain system.

valentine

原帖由 skipjack 于 2006-4-24 09:42 發(fā)表


現(xiàn)在看你到是有種“的感覺了。
哈哈...
如果你感覺好，就貼出來吧。
就算我看不懂，也會存檔的。

"懷才不遇”?
Don't really know why you said this.

I'm doing very well and I love my security related job , IMO, I'm doing  one of the most exciting job in this  world, seriously.

What I don't like this article is that  the author is trying to make him a genuis while he sounds like an idiot.

One book is really good for those who care about security and hacking:
"The shellcoder's Handbook", by Jack Koziol, David Litchfield, Dave Aitel...

[ 本帖最后由 valentine 于 2006-4-24 22:47 編輯 ]

skipjack

原帖由 valentine 于 2006-4-24 22:26 發(fā)表


Most of IE vulnerabilities come from COM/Activex. A COM object can be initialized even it is not masked as safe for scripting, this has been proved to be very dangerous. Lots of memory corrupti ...

沒關(guān)系，我知道你現(xiàn)在上班了。呵呵...有時差
http應(yīng)該屬于那種一問一答式的交互協(xié)議，瀏覽器在沒有發(fā)送request請求時，不應(yīng)該對response做出反應(yīng)。但我發(fā)現(xiàn)IE和mozilla在協(xié)議實現(xiàn)上有很大的不同。當(dāng)mozilla和http server建立TCP三次握手后，如果這時server返回response信息，mozilla會無條件的去響應(yīng)它。
我測試的環(huán)境是這樣的，當(dāng)我在局域網(wǎng)中截獲mozilla與sever的TCP三次握手ack包時，迅速給它發(fā)送一個重定向頁面（這個包太好構(gòu)造了，不是嗎？），mozilla就會被我吸引過來，但I(xiàn)E不會。
我知道你的工作是漏洞挖掘，在這方面應(yīng)該會比我有造詣，測試環(huán)境也比我這里好。我感覺這是一個不正常的協(xié)議實現(xiàn)，你覺的呢？

valentine

原帖由 skipjack 于 2006-4-24 22:47 發(fā)表


沒關(guān)系，我知道你現(xiàn)在上班了。呵呵...有時差
http應(yīng)該屬于那種一問一答式的交互協(xié)議，瀏覽器在沒有發(fā)送request請求時，不應(yīng)該對response做出反應(yīng)。但我發(fā)現(xiàn)IE和mozilla在協(xié)議實現(xiàn)上有很大的不同。當(dāng)mozilla和 ...

Yes, you really got a good point there. That's an improper protocol implentation and a security flaw.

One mitigating factor of this flaw is that TCP hijacking and Man-in-the-Middle attack is not available to a normal user, and in order to control the victim, you nead to exploit another vulnerability which can lead to code execution.

[ 本帖最后由 valentine 于 2006-4-24 23:32 編輯 ]

skipjack

原帖由 valentine 于 2006-4-24 22:46 發(fā)表

"懷才不遇”?
Don't really know why you said this.

I'm doing very well and I love my security related job , IMO, I'm doing  one of the most exciting job in this  world, seriously.

Wh ...

"懷才不遇”－－> 玩笑 <－－，我只是說你寫小說在寫法上不如作者而己。
我知道你的工作性質(zhì)，也看過你的求職經(jīng)歷。
呵呵...每個人都有可取的地方不是嗎？如果我說“漏洞挖掘”不就是“軟件測試”嗎，你覺的中聽嗎？
你也看到了，貼這個貼子在這里，并沒有你預(yù)想的那二個結(jié)果。

valentine

原帖由 skipjack 于 2006-4-24 22:56 發(fā)表


"懷才不遇”－－> 玩笑 <－－，我只是說你寫小說在寫法上不如作者而己。
我知道你的工作性質(zhì)，也看過你的求職經(jīng)歷。
呵呵...每個人都有可取的地方不是嗎？如果我說“漏洞挖掘”不就是“軟件測試 ...

If a security researcher is a QA tester, a hacker is nothing but a programmer


[ 本帖最后由 valentine 于 2006-4-24 23:09 編輯 ]

skipjack

原帖由 valentine 于 2006-4-24 23:04 發(fā)表


If a security researcher is a QA tester, a hacker is nothing but an programmer

這話是你說的，可不是我說的。哈哈...
為金錢工作容易累
為理想工作可奈風(fēng)寒
security researcher與hacker都屬于后者吧，所以有用不完的動力驅(qū)使著。

valentine

原帖由 skipjack 于 2006-4-24 23:09 發(fā)表


這話是你說的，可不是我說的。哈哈...
為金錢工作容易累
為理想工作可奈風(fēng)寒
security researcher與hacker都屬于后者吧，所以有用不完的動力驅(qū)使著。

Currently I'm working for both, "Money does not bring you happiness but freedom", and all man enjoy freedom.

skipjack

原帖由 valentine 于 2006-4-24 23:15 發(fā)表



Currently I'm working for both, "Money does not bring you happiness but freedom", and all man enjoy freedom.

有開源支持，我不擔(dān)心中國的軟件會差到那去，關(guān)鍵還是硬件。硬件有后門，軟件在安全管屁股用��？
只要你在我的機器上輸入過敏感密碼，機器沒有接入網(wǎng)絡(luò)，你最后為了安全把硬盤格了、拆了、毀了后還給我，但我還是得到了我想要的密碼。在你印象中這用什么方法來實現(xiàn)？

valentine

原帖由 skipjack 于 2006-4-24 23:36 發(fā)表


有開源支持，我不擔(dān)心中國的軟件會差到那去，關(guān)鍵還是硬件。硬件有后門，軟件在安全管屁股用��？
只要你在我的機器上輸入過敏感密碼，機器沒有接入網(wǎng)絡(luò)，你最后為了安全把硬盤格了、拆了、毀了后還給我，但我 ...

1. IMO,the most serious security hole resides in routers, firmware of the mainframe computers, etc.

2. Want to write a novel?
I have no experience in doing this, but just to answer your very closed question, as no access to the network, the sniffed password(got by a keylogger) may only  be saved into CMOS-like space if it allows you to write,  and if the hard disk is not destroyed but only soft formatted, some data may still be recoverred.