I am very happy to see this subject appear in this list, security is so commonly overlooked. The number one exploit hackers use are buffer over flows and the top two places that look are format strings and network packets.
>And ? What can be done if a buffer overflows ? It's perhaps a basic >question, but I really don't know anything about *hacking*. >And I'm sure I'm >not the only one there :) The most effective defenses are simple: - NEVER use sprintf and strcpy always use snprintf and strncpy instead. - Know how the function works in all cases, for example in what cases does strncpy not null terminate a string, Does snprintf append a null terminator beyond the array limit, etc.. - Use dynamic memory allocation verses stack. Most exploits deal with stack manipulation. - Initialize all variables to a know value (for example zero). - Always encrypt passwords, never pass them in clear text (ouch rcon). - For encryption always use well tested algos like DES, AES, etc. - Never make your own encryption or use XOR's. It may look secure but very easy to crack. - Never use time of day for keys or any part of encryption since TOD is predictable. - When receiving network traffic VALIDATE ALL FIELDS. Don't look at one field and assume the rest are valid. There are some really wicked exploits of the IP protocols because of drivers performing poor boundary checks. >But, I wonder if the hacker can hack the program without its source code... >It looks quite hard if he hasnt the source code, because he wouldn't know >where there is a risk of buffer overflow, does he ? Doesn't really matter, an attacker will start at the point he has most access too (normally text input) and work from there. His first goal is to find an input that will crash the program. Then using a debugger he examines the stack of the crashed program and tries a variety of strings until he can predict how to get what he wants on the stack and boom the hack is done. After that they will go to network packets, by sniffing. Once they identify the packet structure they will start replacing/removing bytes from the message until the server crashes. Then the exploit progresses as above. Bad programming is a hackers best friend!!!! >I'm also concerned after reviewing the site, I'm not sure if their hat >colour is black, white, or maybe 'grey'. Bugtraq is a community of Security Analysts not hackers. They normally do not post exploits until the vendor is ready with a patch to fix the exploit. In cases where the vendor ignores the security concern or fails to take action the exploit is published to inform the community of possible security risks in their networks. For what ever it is worth I am not a hacker, I work for a software security firm that specializes in identifying and preventing software attacks for fortune 500 companies over the internet. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders