I originally planned on going into networking a bit (i.e. what happens when you type something in the internet browser), but I decided it's probably more important to take a step back and discuss hacking.
Hacking, I've come to learn, doesn't necessarily mean anything malicious. It's more about a mindset... about knowing how the system works, and how to manipulate it in order to make it do what you want. Even if what you want was not the original intent.
But what does that mean, really? Well, early programs sort of took it on faith that people would use them the way they were intended... so most programmers didn't code ways of catching such errors.
A lot of programs are interactive - they ask us for our user names, or birthdate, or what our favorite fruit is, or what command we want to give to a character in a computer game.
And here's the thing - the programmer doesn't necessarily know what we're going to type. If it's asking for our favorite fruit, it could be 'apple', or 'banana', or something more obscure like 'jackfruit' or 'starfruit'. The program has to be prepared for whatever we type in...
And sometimes, well... people make mistakes. Typos. They might be asked for their favorite fruit, and instead hit the 'ENTER' key without typing anything. Or accidentally type ap4le. Or bannnana. Or 42.
And sometimes, someone who knows the system very well can deliberately type in something else. For example, the program might have reserved enough space for whatever they consider appropriate for a fruit. Maybe there's enough space to type jackfruit_____ (giving extra room, just in case.)
But what happens if someone types in jackfruit_____gotomyvirus?
It's possible for everything past the buffer, everything past the space reserved for that user in put, to overwrite whatever happened to be at that location. It's still all in binary, of course. So it's as though the computer had said 011001010 and now says 010010110. But if that location was, oh, let's say instructions for the next step of the program... and the new instructions basically tell it to go to another location and run a bit of code that does something malicious (i.e. 'go to my virus'), then congratulations. Your program has a vulnerability that has now been exploited and used to launch a computer virus.
Computers only do what they are told to do, no more and no less. If it thinks a program is telling it to go to a location, it doesn't know that the command was altered... it just follows the instruction and goes to that location. And if that location includes a list of other commands, commands telling it to start a remote trojan that takes over your computer, or secretly record everything you type, or run a program mining for cryptocurrency, or check for orders from another computer and send multiple information requests to a designated website... well, it's just doing what the instructions said.
There are countermeasures, of course. Secure coding practices that check user input for things like this, and/or cut off anything that goes beyond the allotted space.
This also is just one example of a vulnerability, to give readers a sense of how it works.
(It's also just one area of this vast realm we call 'cybersecurity' that I'm interested in. Not so much finding those vulnerabilities and exploiting them - though there are people who make a living finding such things - so much as looking at a virus and figuring out how it does what it does. I think I'd have to set up a virtual machine, get some code I suspect is malicious, and then watch/monitor the actions it takes when it runs. I'd probably need something that breaks down those actions into machine language, and have to understand that language well enough to go looking for where the instructions are altered. Figure out where something is entered to overwrite what was supposed to be in the program and put in new instructions. And it'll look different for the various vulnerabilities, too. Plus there's an ongoing cat and mouse game to this. That is, anti-virus programs can identify sequences of 1's and 0's that indicate something malicious is going on, so hackers sometimes encrypt the virus or alter it on a regular basis so that it looks like something different.
I haven't gotten down into the weeds of this yet. Tbh I'm hesitant to start up my own 'sandbox' and risk infecting my systems if I do something stupid. I'd sort of prefer to know someone already doing this kind of work, and learn from them as much as possible.
I like the idea, though, and may just jump in and start messing around with it at some point. If I break something, well, I'll just have to learn how to fix it afterwards, right? It's just... there are tons of other interesting things to explore, as well!)
Hacking, I've come to learn, doesn't necessarily mean anything malicious. It's more about a mindset... about knowing how the system works, and how to manipulate it in order to make it do what you want. Even if what you want was not the original intent.
But what does that mean, really? Well, early programs sort of took it on faith that people would use them the way they were intended... so most programmers didn't code ways of catching such errors.
A lot of programs are interactive - they ask us for our user names, or birthdate, or what our favorite fruit is, or what command we want to give to a character in a computer game.
And here's the thing - the programmer doesn't necessarily know what we're going to type. If it's asking for our favorite fruit, it could be 'apple', or 'banana', or something more obscure like 'jackfruit' or 'starfruit'. The program has to be prepared for whatever we type in...
And sometimes, well... people make mistakes. Typos. They might be asked for their favorite fruit, and instead hit the 'ENTER' key without typing anything. Or accidentally type ap4le. Or bannnana. Or 42.
And sometimes, someone who knows the system very well can deliberately type in something else. For example, the program might have reserved enough space for whatever they consider appropriate for a fruit. Maybe there's enough space to type jackfruit_____ (giving extra room, just in case.)
But what happens if someone types in jackfruit_____gotomyvirus?
It's possible for everything past the buffer, everything past the space reserved for that user in put, to overwrite whatever happened to be at that location. It's still all in binary, of course. So it's as though the computer had said 011001010 and now says 010010110. But if that location was, oh, let's say instructions for the next step of the program... and the new instructions basically tell it to go to another location and run a bit of code that does something malicious (i.e. 'go to my virus'), then congratulations. Your program has a vulnerability that has now been exploited and used to launch a computer virus.
Computers only do what they are told to do, no more and no less. If it thinks a program is telling it to go to a location, it doesn't know that the command was altered... it just follows the instruction and goes to that location. And if that location includes a list of other commands, commands telling it to start a remote trojan that takes over your computer, or secretly record everything you type, or run a program mining for cryptocurrency, or check for orders from another computer and send multiple information requests to a designated website... well, it's just doing what the instructions said.
There are countermeasures, of course. Secure coding practices that check user input for things like this, and/or cut off anything that goes beyond the allotted space.
This also is just one example of a vulnerability, to give readers a sense of how it works.
(It's also just one area of this vast realm we call 'cybersecurity' that I'm interested in. Not so much finding those vulnerabilities and exploiting them - though there are people who make a living finding such things - so much as looking at a virus and figuring out how it does what it does. I think I'd have to set up a virtual machine, get some code I suspect is malicious, and then watch/monitor the actions it takes when it runs. I'd probably need something that breaks down those actions into machine language, and have to understand that language well enough to go looking for where the instructions are altered. Figure out where something is entered to overwrite what was supposed to be in the program and put in new instructions. And it'll look different for the various vulnerabilities, too. Plus there's an ongoing cat and mouse game to this. That is, anti-virus programs can identify sequences of 1's and 0's that indicate something malicious is going on, so hackers sometimes encrypt the virus or alter it on a regular basis so that it looks like something different.
I haven't gotten down into the weeds of this yet. Tbh I'm hesitant to start up my own 'sandbox' and risk infecting my systems if I do something stupid. I'd sort of prefer to know someone already doing this kind of work, and learn from them as much as possible.
I like the idea, though, and may just jump in and start messing around with it at some point. If I break something, well, I'll just have to learn how to fix it afterwards, right? It's just... there are tons of other interesting things to explore, as well!)
No comments:
Post a Comment