About 15 years ago, I mused about the idea of having a "desert island machine". This is where I'd put someone in a room with a box that has a couple of hard drives and a working network connection. HD #1 is blank. HD #2 has a few scraps of a (Linux) OS on it: bootloader, kernel, C library and compiler, that sort of thing. There's a network connection of some sort, and that's about it.
Now you see things like people managing to do the original Super Mario Bros game from the 80s in under five minutes, and I do mean people. There are actual humans frobbing plastic controllers doing this! Just dig around on your favorite giant video-streaming site if you need evidence of this happening.
So here's the pitch: Linux speedruns. By that, I don't mean "speedrunning a game on a Linux box" (like emulation, or something). Nope.
If you’re looking to get into ethical hacking, getting acquainted with Python is a great start. They discuss Python and ethical hacking and reveal the best online courses you can take to start training in the field.
The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material.
Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.
I read this book when I was young. Still remember the atmosphere :-)
Somewhere around 2014 I found an /etc/passwd file in some dumps of the BSD 3 source tree, containing passwords of all the old timers such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and Bill Joy.
Files so deeply compressed that they’re effectively malware have been around for decades—and a researcher just unveiled a brand-new Zip bomb that explodes a 46-megabyte file to 4.5 petabytes of data.
How do you find hundreds of vulnerabilities hidden in millions of lines of firmware code?
Traditionally, a major source of high-quality pirate releases has been retail discs, such as Blu-ray or DVD. Today, torrent and streaming sites are regularly fueled by content culled from streaming services such as Netflix and Amazon. Known online as WEB releases, these files are the product of a decryption process using tools mostly not intended for public use. Recently, TF spoke with a person involved in the secretive WEB scene.
When it comes to using computers to steal money, few can come close to matching the success of Russian hacker Evgeniy Bogachev.
The $3 million bounty the FBI has offered for Bogachev’s capture is larger than any that has ever been offered for a cybercriminal—but that sum represents only a tiny fraction of the money he has stolen through his botnet GameOver ZeuS.1 At its height in 2012 and 2013, GameOver ZeuS, or GOZ, comprised between 500,000 and 1 million compromised computers all over the world that Bogachev could control remotely. For years, Bogachev used these machines to spread malware that allowed him to steal banking credentials and perpetrate online extortion.2 No one knows exactly how much money Bogachev stole from his thousands of victims using GOZ, but the FBI conservatively estimates that it was well over $100 million.
Ken Thompson's "cc hack"
Presented in the journal, Communication of the ACM, Vol. 27, No. 8, August 1984, in a paper entitled "Reflections on Trusting Trust".
Ken Thompson, co-author of UNIX, recounted a story of how he created a version of the C compiler that, when presented with the source code for the "login" program, would automatically compile in a backdoor to allow him entry to the system. This is only half the story, though. In order to hide this trojan horse, Ken also added to this version of "cc" the ability to recognize if it was recompiling itself to make sure that the newly compiled C compiler contained both the "login" backdoor, and the code to insert both trojans into a newly compiled C compiler. In this way, the source code for the C compiler would never show that these trojans existed.