Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

'How to' software exploits book raises eyebrows

Mar 16, 2004 11:38PM PST

A book written by leading security researchers on writing code to exploit security flaws in software, including Microsoft Windows, has caused some raised eyebrows in the technical community for publishing previously unknown techniques for exploiting vulnerable systems.

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, is an advanced guide to writing software exploits. The book is intended as a resource for network administrators who are interested in closing security holes.

However, the book also contains working examples of code for exploiting vulnerable systems and previously unpublished techniques for launching attacks such as heap overflows and kernel attacks.

http://www.computerweekly.com/articles/article.asp?liArticleID=129216

Discussion is locked

- Collapse -
Re:'How to' software exploits book raises eyebrows
Mar 17, 2004 2:59AM PST

Your reference link does not work.
Neither do these, which are the full links:

http://www.computerweekly.com/articles/article.asp?liArticleID=129216&liArticleTypeID=1&liCategoryID=2&liChannelID=22&liFlavourID=1&sSearch=&nPage=1


http://www.computerweekly.com/search/adsearchresults.asp?liArticleID=-99999&liArticleTypeID=-99999&liCategoryID=1&liChannelID=200&liFlavourID=1&sSearch=&nPage=1&SEARCH_PAGENUMBER=1#search_res

The only way I can find to get to the Article is to
physically type in
http://www.computerweekly.com/ in your address box and at the top right of their home page..
click on "Advanced Search"

Then on the left "Search for pages with...Some of these words" type: Shellcoder's Handbook.
The article will come up as the first one...click on it.

- Collapse -
Re:Re:'How to' software exploits book raises eyebrows
Mar 17, 2004 3:10AM PST
- Collapse -
Re:'How to' software exploits book raises eyebrows
Mar 17, 2004 3:29AM PST

No, I do NOT think it is "strange" - I have the same problem like you Donna posting a link to ComputerWeekly.com. JR - You can only solve the "problem" by copy\paste the link into your browser. That works Happy

- Collapse -
Marianna & Donna....The copy/paste to address with my WinXP, IE6, works on
Mar 17, 2004 3:53AM PST

all my listed URL's and Donna's. Thanks for the tip.

Gonna fire up my Win98se, IE5.5, puter later on and switch to Opera to see what URL's works on it and if it requires copy/paste....?

Wink
JR

- Collapse -
Re:Marianna & Donna....The copy/paste to address with my WinXP, IE6, works on
Mar 17, 2004 3:56AM PST
Gonna fire up my Win98se, IE5.5, puter later on and switch to Opera to see what URL's works on it and if it requires copy/paste....?

Good Luck. Share your Opera-experience ok?
Opera seldom give me problem on any link and posting.
It sometimes crashed but it's my fault Grin
- Collapse -
Kinda late getting back to you Donna. Ran the test on Opera
Mar 17, 2004 12:43PM PST

with all the above URL's and they worked OK.

- Collapse -
Ain't that sumpin....IE5.5 Sp2 and IE6 SP2 requires a copy & paste on my PC's for those URL's. (nt)
Mar 17, 2004 12:54PM PST

.

- Collapse -
Re:Ain't that sumpin....IE5.5 Sp2 and IE6 SP2 requires a copy & paste on my PC's for those URL's. (nt)
Mar 17, 2004 3:10PM PST

Thanks for the test result JR. Did a test too Happy

IE 6 SP1, IE 6 SP2, myIE2, Opera, Firefox, Mozilla - all links will work (no need to copy and paste) except to your 2nd link.

- Collapse -
Did a survey in the SpeakEasy forum.....
Mar 20, 2004 4:41PM PST
- Collapse -
Re:Re:'How to' software exploits book raises eyebrows
Mar 17, 2004 3:54AM PST

Thanks M Happy

- Collapse -
Cetin solved the "mystery" :)
Mar 18, 2004 6:03AM PST

could be because of the following facts:

On the client PC, when the link is clicked, it sends the referrer URL. The target site is using that for tracking purposes. However, it seems that the site's software truncates the URL's length to if it exceeds a preset number of characters.

Example of the final (truncated) URL is:

http://www.idg.com/referals.nsf/notice?openform&ttref=http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=16022&messageID=178249&idgref=http://www.computerweekly.com

Because the URL it's lacking the final part, it fails to open as the original link.

Thanks Cetin Happy

- Collapse -
Err....still a mystery to me....
Mar 18, 2004 3:33PM PST

I've known Cetin to be an excellent 'techie' and former ZDNet/CNet Moderator. What puzzles me is that if the length is truncated and exceeded number of characters then these two short one's should connect properly using IE, but instead connect up to IDC.com

http://www.computerweekly.com/articles/article.asp?liArticleID=129216

http://www.computerweekly.com/

They will both connect properly if using the Opera browser, or if they are copy/paste in IE.

I listed all those in the Test forum (3-18-04 10:09 PM) and tried on 3 computers to connect without success (except the last URL) using my WinXP IE6, Win98se IE5.5 and the WinME IE5.5 computers. It did connect properly on the Win98se computer that has the only Opera browser.

The last URL listed in Test is the proper one for IDE.com and opens Ok with IE and is also the same as Cetin's example.

- Collapse -
Hmm....My Opera 6.01 indicates "No Java Runtime Environment Installed." (nt)
Mar 18, 2004 3:55PM PST

.

- Collapse -
? still a mystery ? No mystery ?
Mar 19, 2004 3:25AM PST

John,

Alright, it was brought to my attention that the saga Cry continues Grin ?

First of all, my sent message to Marianna lacks the final part: the Computer Cures Wink So, read the below missing part:

This doesn't happen on the client PC (i.e. the original link works) if:

1. It uses IE and a third party application that blocks the IE's referrer.

2. Another browser (non MS core based) which has the referrer blocking feature and the blocking option set as Enabled.

3. The URL is copied and pasted on a new blank IE instance.



Now,


In your not working case, let's take the http://www.computerweekly.com/ example. If you click it, it'll call it's mother (IDG) with the referrer link added (in our case the Forum's message link plus some extra). Because the crafted URL exceeds some length (possible a design bug), the new URL isn't properly redirected to the initial (your clicked) URL.

Opera has the blocking referrer feature that's why it works as expected. For IE, as I said in my #1, you need a third party utility. One example: Norton Personal Firewall (NPF). In paranthesis, you could search for other third party utility using the referrer blocking feature. I'll explain with NPF. BY default, it blocks sending the referrer (in our case your post's URL). If you have NPF (or third party utility) installed and enabled, by clicking the links it'll work as expected, i.e. will open the correct page.


Regards,

Cetin

Trying to unweave, unwind, unravel
And piece together the past and the future,


T. S. Eliot

- Collapse -
Thanks Cetin. I posted
Mar 21, 2004 1:04AM PST
- Collapse -
You are welcome John , and ?
Mar 21, 2004 8:50PM PST

1. Here are other third party utilities examples that block the referrers: AdSubtract PRO, CookieCop. The AdSubstract Pro trial version can be downloaded from the following page:

http://www.adsubtract.com/pro/trial/download.html

With the utility running in system tray, open Control Panel, Filters Tab and check the Referrers box. Using IE, click those links again. Try those links with the Referrers box unchecked and notice the difference.

In paranthesis, if one uses an anonymizer service as an intermediate between client and the problem site with referrers blocked, by clicking the links should work as expected.

2. Here's another example of an error due to a referrer problem (although that web site is designed in a totally different solution)

http://reviews.cnet.com/5208-6142-0.html?forumID=5&threadID=16098&start=0

However, the difference is the fact that one cannot simulate the client side's context. Probable the poster's PC is infected with some pests - or - he's using some sort of anonymizer utility/service. One thing I can tell for sure: he has the cookies blocked (at least for that site).

3. By going back to the original problem, one interesting topic arises: under IE, what is the difference in the process of clicking the links in the page vs. opening them (copy & paste) in a new window. I'd let it for digging whoever it's interested in this.


Well, I opened your survey's thread in SE Forum. It's nice to see that people jumped with testing results in their own environments and I noticed an overall positive attitude.

Nice talking with you John. Regards,

Cetin

Trying to unweave, unwind, unravel
And piece together the past and the future,


T. S. Eliot

- Collapse -
Re: and ?
Mar 22, 2004 4:07AM PST