Saturday, February 17, 2007

(Mantra of Happiness)....why i Think so much??????


Do you have to try hard to be happy? or does it just come naturally...

"Give more, Expect less" .. the secret of happiness. how simple .. is it?

Do you love your work or ..


No matter what you're doing.. you have to be good at it.. and only then will you hold some value for people..no matter what..

So even if you dont like ur work.. still give ur best shot.. thts how i keep motivating myself, every few days when i get down..lol :)

But better do not involve yourself in any kinda work which you can't do without passion ....

I think I need some action right now.. feeling too dull.


posted by Anuj Agarwal @ 1:53 AM Comments: 1

NUMB

What do I want from life? I want everything. I want my dreams to be fulfilled.. I want to live life the way I want to. I want happiness..

Am I looking for too much? I don't noe.. am really confused about a lot of things right now and I dont know how to end the confusion. Where do i go.. What do i do...Am scared about the future.. God..show me the way please..

posted by Anuj Agarwal @ 1:17 AM Comments: 0

Sunday, February 11, 2007

BUFFER OVERFLOW EXPLOITS

A large number of exploits have been due to sloppy software development. Exceeding array bounds is referred to in security circles as "buffer overflow." These  are by far the most common security problems in software.

What's the computer vulnerability of the decade?  It's not the Y2K bug, according to computer science and security analysts, but a security weakness known as the buffer overflow.

So guys want to know about BUFFER OVERFLOW....its not wikipedia so i would like to suggest some steps which anybody can do to understand it in a savvy manner. Here I described an exploit named "Stack Smashing Exploit" for understand buffer overflow.

Buffer overflow is a common programming error.  There is not a single OS that is free from this error.  Buffer overflows have been causing serious security problems for decades. In the most famous example, the Internet worm of 1988 used a buffer overflow in fingerd.  The problem occurred several times so far in 2000. What is surprising is that a number of security oriented software such as SSH and Kerberos  also have these errors.

The Buffer Overflow Error

The essence of this problem can be explained by the following.  The line strcpy(p, q) is a common piece of code in most systems  programs.  An example of this is: char env[32]; strcpy(env, getenv("TERM")); The strcpy(p, q) is proper only when

  1. p is pointing to a char array of size m,
  2. q is pointing to a char array of size n,
  3. m >= n,
  4. q[i] == '' for some i where 0 <= i <= n-1

Unfortunately, only a few programs verify that all the above hold prior to invoking strcpy(p, q).  A buffer overflow occurs when an object of size m + d is placed into a container of size m. This can happen in many situations when the programmer does not take proper care to bounds check what their functions do and what they are placing into variables inside their programs.   If n  > m in the strcpy(p, q) of above an area of memory beyond &p[m] gets overwritten.

A few other examples of such buffer overflows:

#char input[20]; gets(input);


Buffer Overflow Exploits

An attacker exploits this programming mistake.  He injects cleverly constructed data / executable-code into the area beyond the declared sizes.  If the "buffer" is a local C variable, the overflow can be used to force the function to run code of an attackers' choosing. This specific variation is often called a ``stack smashing'' attack. A buffer in the heap isn't much better.  Attackers have been able to use such overflows to control other variables in the program.

NOTE: THESE STEPS I FOUND SOMEWHERE ARE VERY USEFUL IF FOLLOWED CAN EASILY MAKE U UNDERSTAND ALL ABOUT BUFFER OVERFLOW.

Lab Experiment

Objective: Understand the stack smashing buffer exploit thoroughly.

  1. Download the article by Aleph One.  You will be extracting the source code of exploit3.c and exploit4.c files from it.
  2. Study the code of exploit3.c and exploit4.c that you extracted. 
  3. Improve the code so that there are no warning messages from gcc even after using the flags as in
        gcc -ansi -pedantic -Wall.
  4. Reduce the size of their compiled binaries by at least 5% as seen by the size command when exactly the same flags are used in the compilation.  Make sure no functionality is lost.
  5. Login as any non-root user.  Verify that the exploit still works on the vulnerable program.
  6. Turn in a lab report (of say 2-4 pages) with answers to the questions below, and thoroughly describing your changes, and how you verified that there was no loss of functionality.  Attach hard copies of properly indented versions of your exploit[34].c files.  Use indent -kr.
  7. Answer the question: What is the "environment"?
  8. Answer the question: Why does exploit3.c run system("/bin/bash") at the end of main()?


Even the security is not secure, loop holes are not the defects but the key to preci

posted by Anuj Agarwal @ 12:40 PM Comments: 0

Thursday, February 08, 2007

Friendship tips....

Be a secrete admirer of your friend:- If your friend is good at something then do not praise him in his presence. Praising a person for what he is good, does not improve his qualities, but can cause over-confidence to be induced in him, which surely will be harmful for your friend. A good friend should never miss an opportunity to praise his friend in front of others when he is not around.

Don't proved him wrong in public:- As it is important not to praise a friend openly in his presence, it is also very much important to abstain from proving him/her wrong in front of other people. Take him away from the crowd and let him know where he is wrong. There is no point in proving your friend wrong in other's presence; it will spoil your friend's image in other's view. And additionally your friendship will be in danger.

NOTE : These are my observations and experiences, give your valuable comments if you like it or not.

There is a tragic clash between Truth and the world. Pure undistorted truth burns up the world.

posted by Anuj Agarwal @ 12:01 PM Comments: 1

Library Fever

So at last the silence broke...hehe i started writing and studying...
When on the first day, I went to library...it was really a wonderful experience...
It was like a daydream...I am studying in library with so many frustrating nuggets are also increasing their knowledge in the abyss of books.
So I joined them, first day it was boring but as soon as i started reading journals and magazines it was really a fun...now i am studying daily 2-4 hrs in library.
The only frustrated thing about that wonder place is that you can't enjoy wid guys there....most of them are glaring at you some time or other.
But the CANTEEN of ISM is of course the heaven near the hell.
Now i am enjoying my life at the fullest......and i can't envisage what happens next of this cannabis.....

Engineering is the art of making what you want from things you can get.
Management is all about getting things what you want.

posted by Anuj Agarwal @ 11:24 AM Comments: 2