Secure Programming

With the FireWalls & a mammoth lock on gate, do you think the fort is secure? No. The walls are weak and the daemons standing on gates are gullible. We are here to learn breaking the walls and tricking the deamons, and to learn making them secure. It not about certification bullshit.It's just about CODE. Lets start the drill.
"If you know the enemy and know yourself, your victory will not stand in doubt; if you know Heaven and know Earth, you may make your victory complete" -Art of War

Saturday, April 02, 2005

Any Interpretations?

1 comment:

SG said...: Let me describe it myself.
The kingdom as it seems is a System.
The system has two areas
1. Administrative area (Root)
2. Common Users

There are three kind of gatekeepers who protect
1. Common users from outside
(These might be daemons like apache server)
2. Administrative area from outside
(The daemons running as root for example SMTP mail server)
3. Administrative area from common users
(Suid programs such as passswd.)

An attackers task is to trick these gatekeepers (daemons/applications) into doing something of their choice.
The most infamous way of doing it is using bufferoverflow.
Trust me if u master this art of bufferoverflows, the world is at your feet.

A script kiddie would just try to know what kind of gatekeeper is on duty and google out the appropriate exploit (programs/script) and attck the daemon.

If you kill the daemon, then it is called denial of service.

I hope I make sense.

#Alpha0; 5:44 AM