"The Register also confirmed that the exemption for gamers should not extend to jailbreaking of console software because such jailbreaking is strongly associated with video game piracy."
Actually, this demo would be stopped if the stack protector was on. The demo relies upon overwriting the return pointer that controls where the function jumps to upon returning.
The stack protector acts as a guard against overwriting that value without knowing a key that is stored elsewhere in memory. You'd need some memory disclosure issue to get the key or brute force the key.
I can't tell you how many times I've seen someone passing a query though the prepared query method but still crafting the query dynamically
Stuff like:
prepareQuery("SELECT something FROM table WHERE col='"+userInput+"' and otherCol=?", otherUserInput);
That is still vulnerable even though prepared statements are in use. As long as user input doesn't find its way into the query string though you should be safe from these assuming the issue isn't internal like bad stored procedures creating queries based on input.
I know you're making a joke but a passpoem or a passstory for lack of a better word is usable and something I do.
I take a passage of reasonable length from a book that I've memorized, could be song lyrics or anything though. Then to create a password I take the first several words to make a password roughly the length I want, do a standard transformation on it that results in a string with numbers and special characters and use that as a password.
When I need to change my password, I just take the next phrase from the passage and apply the same transformation. This has the distinct ability of letting me go back in time and remember what password I would have used at a certain time which has come in handy for remembering the root password on an old server.
> And I don't accept the echo-chamber consensus opinion of mountaineers that it's all worth it in the end.
I'm not sure what mountaineers you've talked to but most I know don't like the current state of Everest and how its become a tourist attraction. Most I know support the restriction Nepal is considering of restricting permits to those who have climbing experience on other significant peaks.
> Honestly, I don't think anyone really has any business up there.
Well, no one has any business being up on any mountain; yet we do it.
> you can find better, more challenging climbs that are still safer.
Yes and no. Though your statement is true I'm not sure you realize how safe Everest is. Everest has about a 4% death to summit ratio. Though its not the lowest rate among the 8000m peaks considering the masses of inexperienced climbers who climb Everest the fact its so low is amazing to me. If Everest was climbed by the same type of people who tackle K2 or Nanga Parbat (26.5% and 20.3% death:summit) I'd imagine the ratio would be significantly lower on Everest. Even so, Everest has a low fatality rate.
However, it is also not technically challenging (the challenge is the altitude not the climbing) so because of that finding something more challenging and safer shouldn't be a problem.
Its also worth mentioning that there is more than one route up Everest, the Southern Col is the most popular and easiest and thus sees the traffic jams up Lhotse face and at Hillary's Step. Other routes don't see the same traffic.
AFAICT most mountaineers deplore the current Everest situation, though it pays well at $60k+ a head. While it will never happen, I wish they would simply outlaw paid guiding and the use of bottled O2: a few people with the genes and skill could still climb these peaks, but rich tourists couldn't even try.
I had a go at climbing from Tibet a few years ago - got to 8100 meters but my O2 packed up. I think mountaineers are a bit conflicted - on the one hand it's messy having the place covered with tourists / so so climbers but on the other it's nice to be free to climb mountains and not have it restricted to the anointed few. Stopping the use of O2 would probably cause a lot of deaths - bodies tend to pack up at that altitude without it. I'm not sure stopping guiding would make much difference. I went 'unguided'. You still plod up the thing. If you had to carry all your own kit rather than getting Sherpas to lug the ropes and tents it would make it much harder.
Are you describing these ratios correctly? A 20% summit:death ratio would mean 1 person summits for every 4 who die, right? Is this really death:summit, or is it summit:attempt?
There are risks but the last couple years have been exceptionally deadly.
Prior to 2014 the deadliest day was May 11, 1996 (8 deaths). In the 1997 through 2013 seasons the average season death count was only 5 with a median of 4 compared to 22 in 2015 and 17 in 2014.
Adding to this, if people want a lonely long hiking trail the Continental Divide is a good choice. My longest period without seeing another person at all was 6days, and I know several who have gone went weeks without seeing anyone(apart from hitchhiking into town for more food).
Its also just a really awesome trail (Montana/Wyoming/Colorado/New Mexico) with on a good year maybe 300 hikers starting(far fewer finishing or making significant progress)
Though it does take map and compass navigation as the trail is not complete and even when it is, there often isn't a trail just a line on a map.
That's great! When I lived in CO I hiked some of the same 1-2 day loops over and over across different seasons (some hit the continental divide). Seeing the same trail change depending on time of year was great. My favorite time hiking is in the winter (talk about being completely alone!). The stillness is so quiet, and all you hear is the snow crunching beneath your boots or the actual snow falling.
The AT just seems anti-why I like to hike, and sounds more like a backpacking trip across Europe with your HS senior class.
There are competitors, just in terms of the major long trails of the USA, there is the Pacific Crest(PCT) and the Continental Divide (CDT) those three make up the Triple Crown of long distance hiking in the USA ( http://aldhawest.org/triple-crown/ )
I'd say the PCT is its closest competitor as the PCT is considerable well marked, but its an easier trail grade to hike(and on the other side of the country)
If you want remoteness and untouched wilderness, I went days without seeing another person (and some hikers can go weeks depending on the year) on the CDT at all though some extraordinarily beautiful locations. Of course its not as defined as the PCT or AT(compass navigation is requires as the trail doesn't always exist)
The thing about the AT is it is the most accessible of any of the major trails, I've heard that about half the US population is within a 1day drive of some point of the trail.
You mentioned the AT being most accessible, just in terms of being nearby, but accessibility in terms of necessary skill is an important factor as well.
The Benton MacKaye Trail, for example, runs parallel to the southern part of the AT for about 300 miles, and also starts on Springer Mountain. There are lots of people that live close enough to hike on it. But the fact that it involves much more wilderness and doesn't go through a town every other day makes it a poor option for inexperienced hikers.
That makes me suspect that the only way to spread out the damage, so to speak, is to raise barriers to entry. Emphatically: not so drastically that people won't hike. I certainly want more people interested in enjoying and protecting the outdoors. But at least enough that people are comfortable in a variety of settings that aren't as "urbanized" as the AT is.
Its a classic alright but being a classic just a warning to everyone some of it does require going back in time a little bit like dealing with a 16bit binary.
If this type stuff interests any of you but is too hard, give mine a try ( 0x0539.net ). It is not intended to be a significant challenge, instead all the stages focus on introducing some basic concept related to offensive security. Its mostly aimed at some young teens that have expressed an interest in learning that stuff rather so the target is very introductory.
I update the site every so often with new sets of challenges and rotate through former sets if someone requests it. The current one I ran for a bit in 2013 and then brought it back earlier this year and plan to cycle in a new binary exploitation focused one in December.
I've gotten so far as finding the first secret and turning that into something viewable so I can read the two word question. Not quite sure what to do with the stuff that's left over yet though.
Sure, that gives me an address, but the host isn't reachable.
I played around with it and found a login page that might be similar but _no clues_ as to how to gain access. Feel like I'm missing an intermediate step here.
I really enjoy these puzzles, but I'm also stuck at the login page. Even poking around, and ignoring that the subdomain isn't working, I don't see anything else. Have any suggestions?
Everything you need to figure it out is on the login page.
Consider how hackernews works, there is the login page but that is not the only means to authenticating. You don't after all have to type your user/pass out for every page request.
Thanks for the tip! I'll be attacking this again tonight, I think I have an idea now that you mention auth. By the way, some subdomains are public (not sure if part of the game), like source.0x0539.com, oxidized etc.
Awesome work, thanks for the fun!
Edit: Just got past login, what an awesome puzzle. That being said, I hate that it looks like I have a run an executable from your site. Seems dangerous, so now I have to spend the time getting a VM setup.
You don't have to run the executable. You can, but the problem is absolutely doable without running it (static reversing).
As for the subdomains, you can safely ignore them. There are a number of them most are not primarily mine. I just give some friends free hosting(or point subdomains to their boxes)
And yea there are random subdomains that are not part of it. Most of the subdomains are not even mine (I give free hosting to friends). The only subdomain that was part of it was clcs.0x0539.net but thats no longer the case.
Thanks so much for all of the clarification; it's really helpful to know I don't have to execute the app in question. I'll keep going down the rabbit hole, hopefully others find this site and enjoy it.
http://ifixit.org/blog/7475/repair-coalition-wins-exemptions... is a bit more clear on the types of things that will be allowed under this.
As for the specifics of jailbreaking:
"The Register also confirmed that the exemption for gamers should not extend to jailbreaking of console software because such jailbreaking is strongly associated with video game piracy."
https://www.federalregister.gov/documents/2015/10/28/2015-27...