“Month of Apple Bugs” project. Its interesting and helpful read.
http://projects.info-pull.com/moab/
Some individual bugs that have been published, some with epxploits, that can help illustrate tehcniques and also help to demonstrate the way the Apple security community is thingking. One finding by Dino Zaovi, as in the links below,
Matasano Link 1, Matasano Link 2
An interesting format string bug in the launchd daemon was used by Kevin Finisterre (”Non Executable Stack Lovin on OSX86″ at:http://www.digitalmunition.com/NonExecutableLovin.txt ) to illustrate a technique to bypass the nonexecutable stack feature of OS X on intel.
http://www.digitalmunition.com/dma.html
http://osvdb.org/search?request=apple
Ija van Sprundel found a vulnerability in the ping and traceroute programs in OS X that can allow a local user to obtain root access:
http://www.suresec.org/advisories/adv8.pdf
http://www.suresec.org/advisories/adv10.pdf
http://www.suresec.org/advisories/adv11.pdf
Common Vulnerabilities and Exposures (CVE) entries for Apple Bugs:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apple
On June 12, 2005, Steve Jobs delivered a speech on a graduation ceremony in Stanford University. It is the best speech that I’ve ever read in my life.
Below is the text of the commencement address by Steve Jobs.
…
“I am honored to be with you today at your commencement from one of the finest universities in the world. I never graduated from college. Truth be told, this is the closest I’ve ever gotten to a college graduation. Today I want to tell you three stories from my life. That’s it. No big deal. Just three stories.
The first story is about connecting the dots.
I dropped out of Reed College after the first 6 months, but then stayed around as a drop-in for another 18 months or so before I really quit. So why did I drop out?
It started before I was born. My biological mother was a young, unwed college graduate student, and she decided to put me up for adoption. She felt very strongly that I should be adopted by college graduates, so everything was all set for me to be adopted at birth by a lawyer and his wife. Except that when I popped out they decided at the last minute that they really wanted a girl. So my parents, who were on a waiting list, got a call in the middle of the night asking: “We have an unexpected baby boy; do you want him?” They said: “Of course.” My biological mother later found out that my mother had never graduated from college and that my father had never graduated from high school. She refused to sign the final adoption papers. She only relented a few months later when my parents promised that I would someday go to college.
And 17 years later I did go to college. But I naively chose a college that was almost as expensive as Stanford, and all of my working-class parents’ savings were being spent on my college tuition. After six months, I couldn’t see the value in it. I had no idea what I wanted to do with my life and no idea how college was going to help me figure it out. And here I was spending all of the money my parents had saved their entire life. So I decided to drop out and trust that it would all work out OK. It was pretty scary at the time, but looking back it was one of the best decisions I ever made. The minute I dropped out I could stop taking the required classes that didn’t interest me, and begin dropping in on the ones that looked interesting.
Continue reading ‘Steve Jobs, “..connecting the dots.”’
TrueCrypt 5.0, The Free Open-Source Disk Encryption Software now has a Mac OS X Version.
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g.., file names, folder names, contents of every file, free space, meta data, etc).
Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on-the-fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on-the-fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.
Let’s suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files.
Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).
downloads | digg story
This article has been taken from www.codeguru.com, it’s working great.
Andy McGovern (view profile)
May 26, 2004
Environment: VC++ 6, Win32
Introduction
Many exciting applications, such as data encryption and genetic algorithm programs, use randomly generated numbers to make choices. In some (rare) cases, only truly random numbers will do; that makes things complex because programs are based on logic, and the logic they use can generally be reversed. In other words, it is difficult to program a series of logical steps that produces numbers that don’t follow some kind of pattern. One approach for generating truly random numbers is to measure some kind of continuous natural phenomena; for instance, the noise power level in a radio-frequency receiver. The noise power level appears to be random because the power level at any instant in time depends on so many variables, such as cosmic radiation, solar energy, Earth thermal energy, and so forth. For most applications, pseudo-random numbers are sufficient. Pseudo-random numbers follow predictable patterns, but they do so over very long periods. The idea is that you would have to look at a very long (maybe in the billions) string of numbers before you would see a repeat of the pattern.
A conceptually simple way to generate long sequences of pseudo-random numbers is with a linear feedback shift register (lfsr). The tapped elements (the memory slots connected to the circle with the plus inside) are XOR’ed (0 xor 1 = 1; 0 xor 0 = 0; 1 xor 1 = 0) and then placed in the right-most bit slot, pushing all the previous bits one slot to the left. The sequence of 1s and 0s that pop off the left side of the register are the pseudo-random number sequence. The catch is that some tap positions cause the register to short cycle; in other words, some tap positions do not use the register to its greatest capability. A register’s maximum-length sequence will be (2^n - 1) bits long; n is the number of slots in the register. A short cycle in the register has occurred if the register ends up with the same fill that it started with before (2^n - 1) cycles elapse. Any book on spread spectrum communications or error correcting codes is bound to have a table listing tap positions corresponding to maximal length sequences for given LFSR lengths.
Figure 1: LFSR with an initial fill (0,0,1,1,0,1,0) and taps on elements (0,3) Continue reading ‘A Random Number Generation Technique with Encryption and Genetic Algorithm Applications’
Read this, before you decide to marry a programmer.
Husband: (Arrived home late).. “I am home, I am logged in.”
Wife: “Do you get something that I told you to buy it for me, honey?”
Husband: Bad Command or File name.”
Wife: But, I told you that early this morning!”.
Husband: “Error syntax. Abort?”
Wife: “So, How about a new LCD TV Screen we planned to buy?”
Husband: “Variable not found…”
Wife: (upset) “This time, you have to get it for me. Otherwise, I will go to buy it myself on your credit.”
Husband: “Sharing Violation. Access denied…”
Wife: “Do you still love me?
Husband: “Love?.. Too many parameters…”
Wife: “Huuuuughf, this was my mistake to marry idiot just like you.
Husband: “Data type mismatch.”
Wife: “..you are completely useless!”
Husband: “…undetectable error.”
Wife: “..give me money for my household work.
Husband: “File in use, try again later..”
Wife: “Huh.. What do you think I am in this family..?
Husband: “Unknown Virus.”
Recent Comments