Chapter 5: 0x500—Conclusion - Hacking [Electronic resources] : The Art of Exploitation نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Hacking [Electronic resources] : The Art of Exploitation - نسخه متنی

Jon Erickson

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
توضیحات
افزودن یادداشت جدید









Chapter 5: 0x500—Conclusion



Overview



Hacking tends to be a misunderstood topic, and the media likes to sensationalize, which just exacerbates this condition. Changes in terminology have been mostly ineffective — what's needed is a change in mindset. Hackers are just people with innovative spirits and an in-depth knowledge of technology. Hackers aren't necessarily criminals, though as long as crime has the potential to pay, there will always be some criminals who are hackers. There's nothing wrong with the hacker knowledge itself, despite its potential applications.


Like it or not, vulnerabilities exist in the software and networks that the world depends on from day to day. It's simply an inevitable result of profit-oriented software development. As long as money is connected to technology, there will be vulnerabilities in software and criminals in networks. This is usually a bad combination, but the people finding the vulnerabilities in software are not just profit-driven, malicious criminals. These people are hackers, each with their own motives; some are driven by curiosity, others are paid for their work, still others just like the challenge, and several are, in fact, criminals. The majority of these people don't have malicious intent and instead help vendors fix their vulnerable software. Without hackers, the vulnerabilities and holes in software would remain undiscovered.


Some would argue that if there weren't hackers, there would be no reason to fix these undiscovered vulnerabilities. That is one perspective, but personally I prefer progress over stagnation. Hackers play a very important role in the co-evolution of technology. Without hackers, there would be little reason for computer security to improve. Besides, as long as the questions "Why?" and "What if?" are asked, hackers will always exist. A world without hackers would be a world without curiosity and innovation.


I hope this book has explained some basic techniques of hacking and perhaps even the spirit of it. Technology is always changing and expanding, so there will always be new hacks. There will always be new vulnerabilities in software, ambiguities in protocol specifications, and a myriad of other oversights. The knowledge gained from this book is just a starting point. It's up to you to expand upon it by continually figuring out how things work, wondering about the possibilities, and thinking of the things that the developers didn't think of. It's up to you to make the best of these discoveries and apply this knowledge however you see fit. Information itself isn't a crime.



References



Aleph One. "Smashing the Stack for Fun and Profit", Phrack 49. http://www.phrack.org/show.php?p=49&a=14


Bennett, C., F. Bessette, and G. Brassard. "Experimental Quantum Cryptography", Journal of Cryptology 5, no. 1 (1992): 3–28.


Borisov, N., I. Goldberg, and D. Wagner. "Intercepting Mobile Communications: The Insecurity of 802.11." http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf


Brassard, G. and P. Bratley. Fundamentals of Algorithmics. Englewood Cliffs, NJ: Prentice-Hall, 1995.


CNET News. "40-Bit Crypto Proves No Problem." January 31, 1997. http://news.com.com/2100-1017-266268l


Conover, M. (Shok). "w00w00 on Heap Overflows", w00w00 Security Development. http://www.w00w00.org//image/library/english/10061_articles/heaptut.txt


Electronic Frontier Foundation. "Felten vs RIAA." http://www.eff.org/sc/felten/


Eller, Riley (caezar). "Bypassing MSB Data Filters for Buffer Overflow Exploits on Intel Platforms." http://community.core-sdi.com/~juliano/bypass-msb.txt


Engler, C. "Wire Fraud Case Reveals Loopholes in U.S. Laws Protecting Software." http://www.cs.usask.ca/undergrads/bcb668/490/Week5/wirefraudl


Fluhrer, S., I. Mantin, and A. Shamir. "Weaknesses in the Key Scheduling Algorithm of RC4." http://citeseer.nj.nec.com/fluhrer01weaknessesl


Grover, L. "Quantum Mechanics Helps in Searching for a Needle in a Haystack." Physical Review Letters 79, no. 2 (July 14, 1997): 325–28.


Joncheray, L. "Simple Active Attack Against TCP." http://www.insecure.org/stf/iphijack.txt


Krahmer, S. "SSH for Fun and Profit." http://www.shellcode.com.ar/docz/asm/ssharp.pdf


Levy, Steven. Hackers: Heroes of the Computer Revolution. New York, NY: Doubleday, 1984.


McCullagh, D. "Russian Adobe Hacker Busted", Wired News. July 17, 2001. http://www.wired.com/news/politics/0,1283,45298,00l


The NASM Development Team, "NASM – The Netwide Assembler (Manual)", version 0.98.34. http://nasm.sourceforge.net/


Rieck, K. "Fuzzy Fingerprints: Attacking Vulnerabilities in the Human Brain." http://www.thehackerschoice.com/papers/ffp.pdf


Schneier, B. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. New York: John Wiley & Sons, 1996.


Scut and Team Teso. "Exploiting Format String Vulnerabilities", version 1.2. http://www.team-teso.net/releases/formatstring-1.2.tar.gz


Shor, P. "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer." SIAM Journal of Computing 26 (1997): 1484–509. http://www.research.att.com/~shor/papers/


Smith, N. "Stack Smashing Vulnerabilities in the UNIX Operating System." http://tinfpc3.vub.ac.be/papers/nate-buffer.pdf


Solar Designer. "Getting Around Non-Executable Stack (and Fix)." BugTraq post dated Sunday, Aug. 10, 1997. http://lists.insecure.org/lists/bugtraq/1997/Aug/0066l


Stinson, D. Cryptography: Theory and Practice. Boca Raton, FL: CRC Press, 1995.


Zwicky, E., S. Cooper, and D. Chapman. Building Internet Firewalls, 2nd ed. Sebastopol, CA: O'Reilly, 2000.





pcalc





A programmer's calculator available from Peter Glen http://ibiblio.org/pub/Linux/apps/math/calc/pcalc-000.tar.gz





NASM





The Netwide Assembler, from the NASM Development Group http://nasm.sourceforge.net/





hexedit





A hexadecimal editor from Pixel (Pascal Rigaux) http://www.chez.com/prigaux/hexeditl





Dissembler





A printable ASCII bytecode polymorpher from Matrix (Jose Ronnick) http://www.phiral.com/





Nemesis





A packet-injection tool from obecian (Mark Grimes) and Jeff Nathan http://www.packetfactory.net/projects/nemesis/





ssharp





An SSH man-in-the-middle tool from Stealth http://stealth.7350.org/SSH/7350ssharp.tgz





ffp





A fuzzy fingerprint generation tool from Konrad Rieck http://www.thehackerschoice.com/thc-ffp/





John the Ripper





A password cracker from Solar Designer http://www.openwall.com/john/





/ 60