S
s0suk3
Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?
Does anybody know how to bypass Visual C++ security cookies (generated by the /GS switch) in order to exploit a buffer overrun vulnerability in a program compiled with Visual C++?
On 09/18/12 02:23 PM, (e-mail address removed) wrote:
Please wrap lines to a sensible length.
Probably. Now what was your C++ question?
I'll try the old Google Groups.
I know that this group doesn't deal with specific environments but
I've asked in other forums and haven't gotten answers.
If I knew of one that was being
carefully watched by the authorities
or unusually heavily infested with
malware, I'd recommend it to you, but I don't - sorry!
It not just the environmental specificity of your question. It's also
the content. People like yourself don't generally use these forums to
discuss such matters.
You mean you think he's a cracker? Personally, if I was using Visual
C++ and there /were/ ways to bypass that thing, I'd like to know too,
and I'd like to know how they worked.
Legitimate users need to know about vulnerabilities.
I'll try the old Google Groups.
I know that this group doesn't deal with specific environments but
I've asked in other forums and haven't gotten answers.
On 09/18/2012 10:19 AM, Jorgen Grahn wrote:
...
His response to my message
says that he considers it perfectly
acceptable to exploit such a vulnerability - that is not the attitude of
someone looking for information to help defend against such exploits.
That would be his "There's nothing illegal about exploiting
vulnerabilities as long as you don't do it to make any actual crimes".
Why not? To fix such a problem, you must be able to recreate it.
We cannot protect ourselves from attackers if we are ignorant of the
techniques they use.
I'd have expected substantially different wording from someone with the
motives you're suggesting. I'd have expected such a person to mention
his legitimate motives, to counter suspicions that they might be
illegitimate.
To be fair, I'd expect exactly the same kind of disclaimer from any
sufficiently intelligent cracker, in order to masquerade as someone with
a legitimate motive (unless he knew that he was in a cracker forum). The
wording actually used suggests, to me, a cracker wannabe with
insufficient intelligence to recognize the desirability of acquiring
such camouflage. If you're right, then he's a good guy with insufficient
intelligence to recognize the need for such disclaimers.
I'd have expected substantially different wording from someone with the
motives you're suggesting.
That would be deception, which I don't do.
The fact that you don't
have any pride or self-respect doesn't mean everyone else is like you.
1 2 said:That would be deception, which I don't do. The fact that you don't
have any pride or self-respect doesn't mean everyone else is like you.
Your parents, the 2s, must have had a cruel streak to name you 1. Or
maybe you do just a little deception? As for pride and self-respect I
have enough of each to stand by what I write here using my real name.
Really, I can't see the problem here. We're in a C++ group;
if someone asks a C++ question, we just answer him as well
as we can, and whatever is he going to do with our help
is not our concern. Who knows, maybe the guy who asked an
innocent question yesterday was an engineer working on
the next Iranian bomb?
Some may consider this an easy way out (or the Feynman attitude). Many
German scientists who took part in constructing the atomic bomb had a
similar attitude, and after some 100's of thousands of Japanese people
had to give their lives for an "extended unit test", they suddenly
changed their minds. General Grove, military supervisor of the
construction team, called them "fools that lay Golden eggs".
Just something to think about, no criticism. I would only ever give such
information to people I really know well (for example, someone who wants
to know whether a security mechanism must be improved because it has a
weak spot), certainly not to someone I met in a newsgroup.
Regards,
Stuart
Some may consider this an easy way out (or the Feynman attitude). Many
German scientists who took part in constructing the atomic bomb had a
similar attitude, and after some 100's of thousands of Japanese people
had to give their lives for an "extended unit test", they suddenly
changed their minds. General Grove, military supervisor of the
construction team, called them "fools that lay Golden eggs".
Just something to think about, no criticism. I would only ever give such
information to people I really know well (for example, someone who wants
to know whether a security mechanism must be improved because it has a
weak spot), certainly not to someone I met in a newsgroup.
Regards,
Stuart
Your parents, the 2s, must have had a cruel streak to name you 1. Or
maybe you do just a little deception? As for pride and self-respect I
have enough of each to stand by what I write here using my real name.
This is getting a bit OT (though not as much as the personal attacks),
but I'd like to point out that even some of us with plenty of pride and
self respect avoid using our full real names on Usenet. Call it
cowardice if you like, but for me it's to avoid having some loon track me
down in real life. ...
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.