|
Ok, I give up. Serious programmers seems to deny serious attacks
On attacks (SQL inj., ...) why I should make a difference between this and that, it is only another blabla and _no_ background knowledge because it can not discussed....sorry for that.
EOD, Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
As a software developer, it is my responsibility to make sure that my software is protected from attacks, and since I write a lot of apps with web service calls, database transactions, or REST operations, there's a lot of bullet proofing I do there.
I do not, however, write OS's. Therefore, it is the user's responsibility to keep their machine virus, malware, adware, etc. free. And yes, there's a responsibility that the OS manufacturer has too, of course. But my point is, I can only be responsible for my little corner and asking me to take on things I cannot in any way shape or form be responsible for is silly.
Marc
|
|
|
|
|
Dear Marc Clifton
I read a lot of your articles and learned a lot there!
But Quote: Therefore, it is the user's responsibility to keep their machine virus, malware, adware, etc. free.
No, I can't agree. If the user is my 80 years old mother, I don't think it is appropriate to put the responsibility to her
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: If the user is my 80 years old mother,
Well of course, some people need the help of a professional. Which is also why we have IT departments that make our lives miserable by blacklisting websites like CodeProject and StackOverflow and prevent us from chatting on FB while at work.
Marc
|
|
|
|
|
I allreday disabled CP and others programmers Forums for my 80 year old mother
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: why one can discus SQL injection and _not_ the other abusive themes?
Contrarywise; we are always quick to chastise a petitioner who asks for help in writing malware, keyloggers and such. Fortunately there are fewer of them.
But the real problem in your statement is that intentionally writing code to do bad things is very different from naively writing code that can have bad things done upon it.
|
|
|
|
|
Boah, this is just also only a general statement. Please read all the rubish to my previous question in the forum. Things like "i know somebody who knows somebody...". About the abusive things nothing is known...and that is a shame! I like to know them (the abusive things) to fight against them!
Thank you for your comment
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Ah. Let me put it this way...
Someone may think he's being helpful when giving advice on how to detect or avoid an attack of some sort, e.g. "always check your tailpipe for bananas before starting your engine". That sounds reasonable doesn't it? But, there is very little likelyhood that the average person will come under that type of attack, particularly from a serious attacker. The more likely outcome of publishing such advice is to give the local urchins an idea for a prank.
Several such instances of "advice" have circulated the Internet (and they sometimes get picked up by broadcast media), much like chain letters, and I cringe every time I hear of one, because I know they're actually putting bad thoughts into people's heads.
Examples:
http://www.snopes.com/horrors/robbery/slasher.asp[^]
http://www.snopes.com/crime/gangs/lightsout.asp[^] (I first heard of this one on the radio)
http://www.snopes.com/crime/warnings/maryland.asp[^]
So, even if I knew how to write a virus or similar malware (and I don't), I wouldn't tell anyone.
I do recall there was a book, though, back in the 80 or 90s...
Or you might like this: http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_1?ie=UTF8&qid=1424628134&sr=8-1&keywords=virus+book+code+computer[^]
<hidden>
I do recall, in high school, writing a program, that was essentially a password grabber, which I would leave running on a terminus.
It would prompt for Username and Password (this was RSTS-E on a PDP-11), write them to a file in my directory, delete itself, and exit.
Fun times. I don't think I caught anyone with it.
</hidden>
|
|
|
|
|
Bruno Sprecher wrote: And why one can discus SQL injection Because the only thing that is published on the subject is how to prevent it happening. If you want a discussion on how to prevent viruses, worms, trojans etc., then start a thread with that clear objective. But having a discussion on how to write such software is plain silly.
|
|
|
|
|
Sorry, but SQL injection is a children Story (which a lot of experts push to Show how "experts" they are).
Yep let discuss how to implement a virus! No, that is _not_ silly...because you, neither me and all the others do not have any idea about it.
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: SQL injection is a children Story (which a lot of experts push to Show how "experts" they are). On the contrary, we do it to show "newbies" and others, that their code exposes a weakness, and they should change it in order to protect their systems. The fact that you appear not to understand the importance of this is rather worrying.
Bruno Sprecher wrote: let discuss how to implement a virus! No, that is _not_ silly Of course it is, if it gives people information on how to create such software.
|
|
|
|
|
No! If it is published one can defend! If not published only gibberish is available, like here! And that is not the Job of this forum!
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Sorry Bruno, I really don't understand those statements.Sorry, I re-read that and think I do understand; but I can only continue to disagree with you. If you publish information on how to create this sort of software, then every hacker in the world can find out how to do it. That is not only silly, but totally irresponsible.
|
|
|
|
|
Hmmm, most probably my bad english. Anyway I appreciate that you still discuss with me.
The only thing I like to reach is, that one can discuss free about the "dark side" and develope defense against it.
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
I agree. I think the main point is that even though one's intentions may be good, much bad can come of it.
|
|
|
|
|
I agree with the rest of opinions. Maybe with an example...
SQL-Injection:
You see someone stepping out of the car and you tell him. If you leave the door opened and the keys inside, your car might be easily stolen.
Virus (light version):
You tell someone how to open a closed car and startup the motor without a key.
Virus (strong version)
You explain/publish about how to make a home-made bomb.
Virus (extreme version)
You explain/publish how to build a dirty bomb.
Sorry, but I think they are different. Although I knew how to do it, I would not explain how to build bombs due to some reasons.
1) People with bad intentions could learn it
2) People with good intentions but not enough knowledge could try to experiment how to protect themselves and blow up the house and kill the neighbours by accident or bad implementation
3) Normal people would not understand anything of what I am explaining and be still unprotected.
In conclusion: for a 0.1% (or less) that could take legitime profit of it in a "good" way... they can learn it in their own.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Sorry to reply like this. My meaning is:
SQL-Injection: Yes you know about it. Even I know this simple things!
Others (light, strong, extrem): No, you don't know about it...why to hide your knowledge to help others to protect against it...? It is simply giberish...
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: Sorry to reply like this
No problem
Bruno Sprecher wrote: My meaning is:
I understood you the first time
Bruno Sprecher wrote: why to hide your knowledge to help others to protect against it...? Do you see / read the news? In such a world... If the example was not clear enough...
Would you really teach how to create bombs? [irony]Maybe someone learn how to deactivate.[/irony]
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Quote: Would you really teach how to create bombs?
Good Point
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: And why one can discus SQL injection and _not_ the other abusive themes? ..because the term Sql Injection is famous, and terms like keyloggers are scary.
The first gets us a higher rating on Google, the second a higher rating on the suspicious sites-list.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Bruno Sprecher wrote: Please remind we are here: Quote: For lazing about and discussing anything in a software developer's life that....
Exactly.
Creating/maintaining/dealing with viruses is not part of a software developer's life.
Go to a security forum. There will be experts there who can answer your questions.
That's way safer than reading our guesses and (probably misguided) assumptions.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
I don't see what it is you have to complain about: CodeProject does have content related to key-loggers and security monitoring, like this series of 4 articles by Michael N Haephrati that describes, and appears to have code for (which I'm not about to download), a complete "secret" security monitoring package that includes hidden updates, user activity monitoring, etc.: [^].
This kind of low-level coding doesn't interest me, but I stumbled across this article today while doing research on application-level keyboard hooks in Win Forms (the fourth article in the series is about keyboard hooking). I would guess there's other content here related to the interests you expressed.
The virus that really interests me is "human language," as in the hypothesis by Ustinov that language originates from a xenobiological virus (it came from outer space).
But, I am not troubled by the fact that CodeProject seems to avoid discussing viruses from outer space.
cheers, Bill
«I'm asked why doesn't C# implement feature X all the time. The answer's always the same: because no one ever designed, specified, implemented, tested, documented, shipped that feature. All six of those things are necessary to make a feature happen. They all cost huge amounts of time, effort and money.» Eric Lippert, Microsoft, 2009
|
|
|
|
|
BillWoodruff wrote: (which I'm not about to download) You don't need to.
We installed it on your machine weeks ago.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
It seems like everybody is on GitHub nowadays.
I'm not looking for source control or collaboration tools.
I could share my code, but why would I? I don't have anything very interesting to share at the moment (or maybe some files for my blog/articles?).
And I'm also not looking into contributing to other projects as I'm busy enough studying for my Open University courses.
I understood GitHub is more than that (a social network? Can't be better than CP ).
I am kind of interested in what all the fuzz is about, but is it worth it for me to create a profile?
My blog[ ^]
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}
|
|
|
|
|
I do not use GitHub, but Bitbucket - which is essentially the same (but I found better for me)...For what?
I do work on the same project from different physical locations (different computers), so it helps me to work on whatever project I want...
I also use it as a kind of online debug (and for share too)...
But do not do it for the buzz...Do it only if you need it...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|