Woah buddy slow down there you're gonna cut yourself on that edit. I fully agree, I'm just not ignorant of how the connotations of words evolves over time, otherwise I'd say your language development seems retarded to me :)
LainTrain
joined 9 months ago
But installing few extensions doesn't protect against it if the few extensions you install have scope and permissions to do bad things. It's all worded in plain English, at some point you gotta just not use computers anymore if you can't read.
Even if it's good advice for nan checking emails on IE6 on windows vista, it really shouldn't be necessary for a Lemmy user.
Thanks! This is very helpful
Love computerphile!
This resource was 100% exactly what I was looking for. Now gonna setup an env and play with the examples! Thanks so much!
I agree, I think for now I'd like to try to create a demo exploit and exploitable program like this without considering ASLR et al. and then at some point in the future perhaps look at a return to libc type deal to understand that as well.
Interesting point.
This makes it seem like the whole concern about memory safety has become almost redundant, the chances of exploitation are just so remote, it must take incomprehensible work to discover a functional exploit that would be useful to attackers in modern software
Yeah I'm a big fan of this actually! I remember putting together a half adder with some breadboards, never got to the full computer because I didn't have the drive to do so and felt like I understood the concepts well enough, but yes this is awesome!
Yeah I fully agree with the former in particular. The GRC side of things is just not that interesting and not that valuable. I do vulnerability management as a job which is somewhat depressing after a cybersec MSc, but honestly a job is a job and I don't really believe it produces that much value to anyone, but neither does the entire company I work for, the entire system we live under incentivizes waste, and who am I to argue as long as I get paid?
When it comes to low level stuff, this is purely curiousity and self-fulfillment of understanding for me.
Thank you! This is incredibly helpful and insightful.
I now understand how one would do this with manually writing in a debugger, am I correct in thinking that if I constructed the input to gets() in such a manner that BBBBBBB contains shellcode, and RRRR is a return address pointing to the beginning of BBBBB then that is how arbitrary code execution can be achieved with this in practice?
But as far as I understand someone just requested he did, and then it was Andreas who had the meltdown, hence the accusations of politicization?
Common Sense Home Edition 2015 has no issues like this.