Arbitrary code execution – why?

May 4th, 2006

I find the current state of affairs in programming deplorable. As it is, a single tiny system program with an unchecked buffer size can often be exploited by an attacker to execute arbitrary code on the system. (Let that sink in for a second.) Your operating system (whatever it is) is so fragile that a single coding error, a typo, could allow anyone to do anything they wanted to on your machine. That's unacceptable. And all too common.

Read full entry »

Of security seals and window screens

May 1st, 2006

We had a house meeting with our R.A. today to talk about check-out procedures, cleaning, and several house disputes. In the course of the meeting, she noted that the screen in one of the common room windows had been opened, breaking the security seal, and that we would be assessed a fine. Wait, what fine? We were never informed of this!

Read full entry »

Google redirection on public WiFi

April 5th, 2006

Just a quick thought: Imagine if I set up an unsecured WiFi point near a coffee shop, and modified people's Google search results to include my own advertisements.

Or what if I started an advertisement referral program? People with unsecured WiFi points could install a program that would refer Google searches to my company's servers, which would modify the results. People would get a kickback for the number of referrals they got, as measured by my servers.

You could even use the same kickback system that adware companies currently use.

I think this underscores the importance of using secure protocols like HTTPS.