Joined: 04 Mar 2003
|Posted: Fri Jun 03, 2005 8:43 pm Post subject: May '05 SFDC Column
SFDC Column May
Well another very busy month has come to a close for us here on the forums. You may have noticed some new things have happened. Notably, that we have started what will be a recurring theme; “Interview with a security professional”. We have been immensely gratified by the response we have had so far. There has been many leading lights in the security industry who have graciously agreed to an online interview. To date we have had Dave Aitel, and Marc Maiffret with several more in various stages of completion. It has been great to get feedback from some of the best talent in the computer security world today. Please feel free to make comments based on those interviews, in the threads, which were started to accommodate them. Should there be enough feedback I will see if I can get the interviewee to answer a few more questions based on your feedback. Lastly, please feel free to suggest some names that you would like to see interviewed. I will certainly do my best to request their participation. On that note lets go back over some of last months more interesting posts!
IP Addressing Issues
This post addresses some issues that the poster is having with their in home computer network setup. It was nice to see that the poster made a detailed effort to chronicle what the problem was, and also what they had done to date. We had AdamV respond first to his query with some sound advice. One of the key points he raised was that make sure there are no IP address conflicts, and secondly as well to make sure that all the hardware at hand is compatible. There is little point in having various hardware such as routers, and wireless cards if they are unable to talk to each other. One other key point that bears mentioning again here is that if you do any changes to your computers configuration it is always best to reboot. This is especially so if you are using a Microsoft Windows operating system. Remember when computer problems arise always try to locate the “break point” if you can. This will allow you to troubleshoot more effectively vice taking a haphazard approach.
Exactly one byte from a binary file
We have several posts in this month’s column from the programming section. Once again Capi has come forth and given some excellent advice. The original poster wanted to know how to read one byte from a binary file. When it comes to programming there are always many ways to “skin the cat” as it were. Though once again when it comes to programming there are also ways to optimize your code for speed, and functionality. You will notice in the post that Capi gives a quick breakdown of the various commands used to both read input, as well as for writing data. For those of you who are budding programmers you may want to save this answer by Capi. It breaks down very nicely, and succinctly what function is used for what. Capi also makes an excellent point in that you need to be careful what functions you will use if you want your code to be portable between say Linux and Microsoft Windows.
NX flag in CPU’s: a very old “new idea”
This is another post from the programming section. Capi deals with a topic or rather CPU architecture feature known as “NX” or other words the non-executable stack. Capi notes that rightly that this “new feature” is not new at all, but in reality a rather old one at that. This was first introduced back in the 1980’s. Much to the merriment of Capi, and several others was the fact that Marc Maiffret also said as much in his interview with us. It is always nice to get corroboration by someone as talented as Marc. The NX feature is a good design improvement in terms of overall computer security, but as expected the exploit developers out there have already found ways to circumvent this additional protection method. After all there are other overflows out there as well such as the heap overflow. All in all this was a truly excellent post by Capi, as he details very nicely what and how a non-executable stack does.
UNIX C Sockets
The last post from our programming section deals with one of our members asking for resources dealing with UNIX sockets. One of the most often mentioned resources is Beej’s guide to network socket programming, or as it is also known to some; raw socket programming. Though raw sockets only deals with one aspect of socket programming. There are also other resources such as the TCP/IP Volumes I through III that will help you understand. Specifically Volume I is helpful.
EXE Binders: Be careful what you execute
Another very good post explaining a computer security concept was answered by Capi. This post deals specifically with what a “binder” is, and how it works. Normally you will see binders being used by those who use trojans to infect other people’s computer. This of course is normally done the bottom feeders of the computer world who are also known as “script kiddies”. It was nice to see the author of the original post, which was pulled respond. His responses allowed us to clarify forum policy, as well as clarify the perception that he has been called a derogatory remark. Many of you who are new to the realm of computer security would be well advised to read this post, and understand how a binder works.
Well this brings us to the end of this month’s column, and I would like to raise a few points before I sign off. Many of the posts that are featured in the monthly column receive close scrutiny for the quarterly prize giveaways. You will also notice that the forum member article by Sid will be going up on the site within a day or two as well. Remember that if you wish to have your article, or column published you will need to pm me with your idea. Lastly the, “Interview with a security professional” has been going great, but I also need your feedback on who you would like to see interviewed. Failing that I will simply pick people I believe would be of the most interest to our varied membership. On that note have a great month of June, and I will see you again soon.