LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] hack attempt - thoughts

[ILUG] hack attempt - thoughts

Smelly Pooh plop at redbrick.dcu.ie
Mon Mar 6 02:18:34 GMT 2000 

In reply to kevin lyda's flatulent wordings, 
> i'm sure buffer overflows are still out there, they sneak in quite
> easily.  one reason to consider using ppc and alpha boxes - i'm sure
> most buffer overflow scripts favor intel and sparc.

They do indeed, but as others have already mentioned, security through
obscurity.  It is only the assembly code used in a buffer overflow that is
hardware specific, the buffer overflow exists in all platforms compiling the
same source.  What's worse is that this assembly code is generally identical
for all buffer overflows on the same platform, just assembly code to get stack
pointer and exec /bin/sh.  That means that a hacker could have an intel
exploit for a program, and if he needs to use it on a sparc he'll grab the
equivalent assembly code for sparc (either by downloading it which you can or
writing it himself which would take more skill), insert it in the same place
as the assembly code for the intel exploit, change a few numbers (those that
are usually dependent on word size, byte ordering and presumptions based on
environment size and so on) and lardee dar, trial and error for an extra 5
minutes and you've just ported a 'sploit.  Of course, the thing about security
through obscurity is not that you're more secure, just that the odds of
somebody actually hacking your obscure hardware or OS or whatever is less
likely, I've seen many script kiddiez d/load, compile an exploit, runs it and
if it doesn't work just throw it away, takes a rarer breed to go through the
bother of fixing an exploit :}

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell