Hakiri

Well I stumbled across the following image which I though is very interesting. From the 37singnals blog:

Why are we doing this? What problem are we solving? Is this actually useful? Are we adding value? Will this change behavior? Is there an easier way? What’s the opportunity cost? Is it really worth it?

Interesting speech from Tim O’Reilly on this year’s ETech event. Why does he love hackers? Check it out!

Although I agree with what he is saying, I need to add a few more things. First and foremost, hacking is a state of mind. It is not something that you can learn but it is definitely something that you can cultivate until you start understanding it. Second, hacking is not all about solving complicated problems. I don’t agree. Hacking is about solving problems (any kind) in a creative way. It is the art of being innovative in its most simplistic form. Innovation is also the act of finding new solutions on an old problems so don’t be fooled by the so-called new factor.

Basically, hacking is everything that you can change or use in undesired or unintended, interesting and rather innovative ways in which you are solving a problem.

The New Face of Cybercrime is quite interesting and very inspirational video footage that may open up your eyes a little bit wider.

The video features several known security experts that will make you shake your head in disbelieve when you learn how easy is to pull most of the hacks that happen today.

The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It’s their only hope of staying only one step behind the bad guys. Amazon

I did some research on online games as well and I must agree with both Greg Hoglund and Gary McGraw that this is very much unexplored hacking discipline when compared to the security industry as a whole.

CourtTV (TruTV) has a new series starting Dec. 25 at 11 pm called ‘Tiger Team.’ It follows a group of elite penetration testers hired to test organizations’ security using social engineering, wired/wireless penetration testing, and physically defeating security mechanisms (lock picking, dumpster diving, going through air vents/windows). They do all of this while avoiding the organizations’ various security defenses as well as law enforcement.

Basically this is the US equivalent of a popular British show known as The Heist or something like that. Never the less, it will be interesting to see what exactly it is.

The 24th Chaos Communication Congress (24C3) is the annual four-day conference organized by the Chaos Computer Club (CCC). It takes place at the bcc Berliner Congress Center in Berlin, Germany. The Congress offers lectures and workshops on a multitude of topics and attracts a diverse audience of thousands of hackers, scientists, artists, and utopians from all around the world. The 24C3s slogan is Volldampf voraus! the German equivalent of full steam ahead a particular request for talks and projects featuring forward looking hands-on topics. Chaos Communication Congress

The video above shows some highlights from last years event. If you have some spare days between XMas and New Year, you must check it out. CCC is considered as one of the best hacker events in Europe.

Alexander Sotirov, a.k.a Solar Eclipse, is a well known security researcher who specializes in buffer overflow exploit development and binary reverse engineering. In the following video, Solar gives a couple of simple advices which may come as a breakthrough for the readers who are new to the fields of binary software hacking.

To summarize his word, buffer overflow exploitation starts and finishes with a crash. The crash occurs due to the fact that the input supplied to the program hasn’t been correctly sanitized. In most cases, this results into overwriting a memory segment behind a buffer. This segment often contains data which is crucial to the program execution. If the corrupted buffer is in fact a local variable relative to a function (could be C/C++ main as well), then we are dealing with a stack-based buffer overflow which traditionally is very simple to exploit. In case the buffer is dynamically allocated at runtime (malloc and the rest of the family), we are dealing with heap-based buffer overflow which often is very hard to work with. There are other conditions we have to keep in mind although stack and heap overflows compose the majority of all bin software vulnerabilities.

No matter whether it is stack or heap based exploitable condition, the simple fact is that buffer overflow vulnerabilities are often very easy to locate, although they may require a bit of time to exploit. As long as you can supply data, which influences the EIP register at runtime, you are on the right path. The next step is to identify the type of vulnerability by tracking the execution path a couple of instructions back. From that you should be able to see whether the execution is caused by RET or some function pointer. And all in all, this is all what buffer overflows are. Of course, based on the circumstances, you might make use of several other techniques (nops, return to libc, exception handler overwrites, bla, bla), which help to bypass certain restrictions. However, the first step is always to find the crash.