Buffer overflows; the way i see it
Towards the beginning of this month, i was part of a team that had taken part in the CIPHER 5 capture the flag competition; due to lack of experience and preparation we had failed to fare well in it; we came out 22nd out of 32 worldwide.
However, buffer overflows was a topic i did not manage to cover fully during the preps for the competition; so i continued my work on it even after the it. My work is mainly on the Linux distro named DVL – Damn Vulnerable Linux(you mite wanna google it out if you have`nt heard of it); its a linux distro based on backtrack which has got vulnerable apps of many various kinds which are excellent for practice. It was referred to me by Marcus J. Carey, a security auditor who has helped me in numerous occasions.
Now, i don`t pretend to be an expert on buffer overflows; i`d rate myself intermediate. However, i`ll mention a few guidelines you could follow which might help you at exploiting overflows. SO, here are the references(please let me know if there are better ones)
1. Try reading `bout buffer overflows on wikipedia.
2. Video tutorials on “Assembly programming in Linux” which`ll explain the basics of memory management and assembly programming on an Intel x86 system by Vivek Ramachandran.(1-7 is enough). Neat work.
3.Video tutorials on “Exploiting buffer overflows” by Vivek Ramachandran(1-5). Neat again(but a bit slow).
4.Try reading “Smashing the Stack” ; an excellent article by aleph1 which was published in the Phrack magazine.
Now, once you are done with all that you could try out DVL(i used DVL 1.4); i`d suggest you go through the challenges in the -
/dvl/exploitmes_package_04/
directory before going through the others. After going through all the above tutorials the challenges in that directory should be a breeze.;-) However, if you still find trouble there are a nicely written tut`s in that directory itself. I strongly advice you not to go through them in the beginning.
So what am i upto now? Well, i`ll let you know when i`m done with that… 
P.S. if you wanna know how to download videos from www.securitytube.net , read this.
EV-DO on ubuntu 9.04
Using an EV-DO internet connection on your ubuntu was never that hard, but then again, its boring repeating the same steps on every new installation of ubuntu(unless you have a script to automate it; i.e.). Usually you have to mount the USB modem(type usbfs, just in case you`r wondering) and manually create a symbolic link /dev/modem which points to /dev/USBtty0 so that wvdialconf recognizes your usb device as the modem to be used.
However, In Ubuntu 9.04 i was surprised that mounting and creation of the symbolic link had taken place automatically.
So, all i had to do was run :-
$ wvdialconf
This resulted in the creation of a wvdial.conf file in the /etc directory which could be edited and used for saving the username and password.
However connecting using ‘wvdial’ still caused a problem; it just would`nt connect. Figuring out the solution was`nt hard though – There was a line which read :-
Modem – /dev/USBSL0
All i had to do was change it to
Modem – /dev/USBttyS0
and whoallah! Connected to cyberspace!
But the speed sucks! And i have no clue WHY!
Wanna know how bad the speed was…?
I was on a brand new Vista using IE…. i had better browsing speeds there. No kidding!
Innovation Room
Events which happen around me, though seemingly distinct at first glance, tend to create a lasting impression in my mind which form the basis for further thinking.
Two events which recently took place were:-
i) joining the social ubuntu forum at www.myubuntu.ning.com(which rightly claims to be “the social side of ubuntu”).
ii) reading a comment at the ubuntu forums. The comment was posted by a linux user; who had doubts desciding to move over to ubuntu. However, he found coding something he found uninteresting. He wanted nothing to do with a CLI interface and was asking the forum members`s opinion on whether or not he should move over into ubuntu.
This got me thinking.
Consider the case of a businessman, or maybe a housewife who blogs regularly on her favorite recipies; anyone who considers coding as the last thing they wish want to try out(I don`t blame them). Linux variants, in most cases, have their settings easily configurable via the CLI. Now, does a businessman need to learn bash scripting for setting the desktop environment for his basic needs?
Now, suppose a user posts his view on any popular forum as www.ubuntuforums.org ; ive lost count of the number of times i`ve seen them go unanswered. True, some questions may seem “lame” but experienced linux users seem to disregard that fact that a person might be using linux; not because he`s interested in the code(or is a wannabe-coder), but because its free. Not helping newbies and choosing not to answer their queries is not a good practice.
And this, i feel, is one main reason for the increase in popularity of ubuntu taking place at an incremental rate; rather than the exponential growth we would like to see. This is one major way in which the requirement of the end-users is not being met with.
And as usual, this is my attempt to bring about a small change in the way people perceive things.
I`ve created a room in the social network at ning. try out the Innovation Room at http://myubuntu.ning.com/group/innovationroom
.
The idea behind this group is to provide a platform for :-
1. Tending to the needs of new linux users.
2. Bridge the gap between End-Users and Developers so that the former get to tell the latter, what THEY feel is required to be done.
3. I`ll explain this point using a simple example. Consider the case wherein, a task needs to be automated. In most of the cases, people opt for shell scripts which can help them in their tasks. But now, Users can put forward their requests and have them replied to.
4. Most importantly, the results produced by #1, #2, #3 mentioned above can be used to understand end-user needs in a more effective way; thereby improving the overall quality of the next distribution release.
Cheers!!!
battery life ubuntu 9.04 update #1
The KDE-desktop environment, however, has surprised me. 
It had a power-management daemon which provided the following profiles; powersave, performance, aggressive powersave, presentation, and Xtreme powersave.
Also, i went through the internet looking for power management daemons which could automate these tasks for me; and i found none. It was a hot summer afternoon, and i was bored. So, i decided to make one by myself. I have`nt started on it yet, i`m just doing a bit of reading on power saving methods for now. I`m hosting a project at codeplex and i`ll release it at its successful completion. Updates on the mini-project`ll be put up here every now and then, though.
i`ve named the project power-Xtended; and the alpha version of it is about done. It`s got only a quarter of the features i`d intended to put in; the GUI is designed using the Glade-interface designer(this`s my first experience with it) and i`ve used python along with it. Here are the improvement-statistics i`ve come across on using power-X.
quite satisfactory, for an alpha, don`t you think? i`ll be releasing the next update, pretty soon, and i`ll need all your help for testing it out on various environments.
UPDATE #2
more features, `n hopefully better power mangagement; powerX beta is almost done. Will be released soon.
UPDATE #3
the project has been moved from www.codeplex.com into a site of its own. The site will be put up here soon. Due to unforseen difficulties, the release has being delayed. Please be patient.
something i`ve never quite understood
I`ve been to various FOSS conferences and i find few aspects of open source software interesting. However, what i fail to understand is why 90% of linux users i`ve met, seem to hate windows even while :-
1. Theming their linux distro to look like windows.
2. Sub-consciously admitting to the fact that Gates HAS done a good job.
3. Realizing that the linux environment is HOPELESS for gaming(comparison with windows).
Common conversations(sometimes heated discussions) regarding the matter, which take place every now and then(some i`ve been a part of, others i`ve quietly watched), can be summarized into a small conversation as follows…
me:- why do you hate windows so much?
them:- windows is closed. they need money for what they`ve done.
me:- well, have`nt they done a pretty neat job?
them:- no, they haven`t. linux is more user-friendly.
me:- WHAT?
them:- yes, i do find linux VERY user friendly.
me:- oh, fine. And is this “user-friendliness” the reason why you love linux so much…?
them:- no. i love it because it`s open source.
me:- oh, and have you ever considered contributing\contributed in any manner?
them:- not really… i mean, not yet.
It`s almost as if claiming to use linux(AND hate windows), makes you seem like a geek with “over-developed” brains. This is a open remark against all those who support open source without actually understanding the underlying ideology or contributing to it in any manner. If your belief in FOSS is strong enough to blame windows of a bad ideology, then i wonder how the ratio (contributing to FOSS : blaming windows) gets to be so small.
my views…
I love linux.
FOSS… ? i find it interesting; just don`t think its “interesting” enough to accept as an ideology.
what do i believe in?
Making money on what you`r good at is no crime. Smart people have been doing it over the ages, and will continue to do so. Wasting your breath criticizing them is just not gonna help. Linux is a good effort which improves with every new release. But, it`s different from windows in almost ALL respects. Kindly, stop the damn comparison and for the love of God, stop trying to make one look like the other!!! Appreciate the differences.
Think about it. `n if you think its the truth, live with it.
