Just like the *real* Avril
7 posts
• Page 1 of 1
- Murgatroyd
Just like the *real* Avril
by Murgatroyd » Thu Sep 16, 2004 6:37 am
So good looking on the outside - a dangerous piece of code on the inside.
http://news.bbc.co.uk/2/hi/technology/3661678.stm
http://news.bbc.co.uk/2/hi/technology/3661678.stm
- cavalierlwt
-
- Posts: 2840
- Joined: Thu Feb 13, 2003 12:54 pm
by cavalierlwt » Thu Sep 16, 2004 7:55 am
WTF? How does Windows work, under the hood that is?
I'm obviously no hacker, but I consider myself a fair programmer, or at least I was at one time. I have a rudimentary understanding of the Windows OS. I can't figure out how the hell Windows works so that a buffer overun would cause a hacker to be able to take control of your machine. Anyone know how this type of thing works--in simple terms?
What the hell does Windows do, attempt to 'run' any data that overflows a buffer??
I'm obviously no hacker, but I consider myself a fair programmer, or at least I was at one time. I have a rudimentary understanding of the Windows OS. I can't figure out how the hell Windows works so that a buffer overun would cause a hacker to be able to take control of your machine. Anyone know how this type of thing works--in simple terms?
What the hell does Windows do, attempt to 'run' any data that overflows a buffer??
Failing to plead
with a throat full of dust
Life falls asleep
in a fetal position.
with a throat full of dust
Life falls asleep
in a fetal position.
- SavageParrot
-
- Posts: 10599
- Joined: Wed Mar 19, 2003 5:42 pm
- Location: Cheltenham, England
by Chacal » Thu Sep 16, 2004 6:45 pm
Originally posted by cavalierlwt
Anyone know how this type of thing works
Yes.
--in simple terms?
No.
Anyway, t's not a vulnerability that's specific to Windows. Most programs have them. But Windows has a LOT of them.
Chacal
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
by amnion » Thu Sep 16, 2004 7:35 pm
any data that overflows can be crafted to execute with the privilege level of the program that was compromised, leading to an attack executing arbitrary code, can lead to the box being compromised totally...
OpenBSD and some other OS's make this harder to do...
OpenBSD and some other OS's make this harder to do...
I am not an addict...
Tyan Thunder K8WE - Dual Opteron 254 4GB PC3200 RAM, BFG 7800GTX OC.
- cavalierlwt
-
- Posts: 2840
- Joined: Thu Feb 13, 2003 12:54 pm
by cavalierlwt » Sat Sep 18, 2004 3:32 pm
Yeah, I understand the concept of privilege levels and windows lack of them. The thing that throws me is is the overflow resulting in the some code getting executed. When I think of overflows, I think of data maybe getting written to memory that should be protected, outside of reserved memory etc. This usually causes a program, perhaps the OS itself, to lock up. I'm just trying to figure out the logic of the OS looking at a buffer overflow, then attempting to 'run' the overflowing data as though it were an executable.
Failing to plead
with a throat full of dust
Life falls asleep
in a fetal position.
with a throat full of dust
Life falls asleep
in a fetal position.
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 44 guests