Evolutionox
Today I have various bits of edutainment for you. But first, Happy Birthday to my wee sister, who turned 21 today. Actually, yesterday. Well, technically, 2 days ago, depending on your timezone. Regardless - Happy Birthday, Sis’.
Ok, on to the entertainment. Well, it’s not really that entertaining, actually. But it is educational. Apparently the corporate behemoth that is Dove (you know, the soap people) have reformed their fetishizing-waiflike-bulemia-victim ways, and are now using “real girls” in their advertising. Or, at least, they’re willing to show you what the real girl looked like, before the makeup team and photoshop artists got at her:
I wasn’t particularly surprised by the make-up part, but the Photoshopping blew me away, and I’m a frickin’ professional computer graphics nerd. I’m well aware of the crazy photoshopping that goes on these days, like this Faith Hill “re-imagining”. But this video is insane. Did you see what they did to her NECK?!? Who has a neck like that?!? And then they give her bugged-out alien space-eyes!?! Freakish. It’s basically a caricature. I wonder why we don’t notice this kind of thing…
Ok, now on to the lowbrow humour. Below is the subject line of an e-mail that was forwarded to most of the departments at a certain university-which-will-not-be-named (senders have been hidden to protect the guilty):
AC pointed out that the slip may have been Freudian in nature, which hadn’t even occurred to me.
(Yes, I am making jokes at the expense of a dead man (well, tangentially, at least). Hear that scraping? It’s the bottom of the barrel…)
Finally, for your nerding pleasure, don’t you just hate it when you don’t have a fixed memory address containing jmp esp to point your buffer overflow attack at? I know I used to. But not anymore, because some ingenious hacker-type has come up with a solution - Temporal Return Addresses.
If you don’t know how a buffer overflow attack works, here’s the Coles notes - say you have some program with a function foo() that has a local array char bar[100]. Because the programmer is an idiot, the function contains a call like “strcpy(bar, line_from_a_file)”. So you create a file with a line that contains more than 100 characters, causing strcpy to write past the end of the array, overwriting the return address on the stack that foo() will jump back to when it is finished. Normally this causes the program to crash, because the return address was replaced with random garbage. But if you’re clever, you can craft a string that replaces the original return address with a new one - say somewhere else in memory that contains the assembly code to delete the hard drive, or give you administrator access. Voila, you’re a hacker.
But there’s one problem. You need to know the new return address, which is highly program-specific. The problem is that the addresses of memory buffers can change for all sorts of reasons, including people wising up and making them random, breaking this attack. Good, right? But those hackers are crafty. They’ve figured out that, really, you just need a fixed memory address that is constantly being incremented - like, say, a timer. Then you just wait until the bit pattern of the timer is the same as the assembly instruction you want to execute, then you (very quickly) point your return address there, and you’re golden.
Let me repeat that, for the kids in the back. The timer is an integer which is constantly incrementing. At certain times, the bit pattern of this integer is the same as the bit pattern of an instruction the attacker wants to execute. The buffer overflow attack can be executed at that exact moment - the attacker just has to be willing to wait.
But you’re safe, you say, because your source code is closed and nobody knows the addresses of your timer variables. Wrong again, because the crafty hackers have written a program which scans your program over time and automatically identifies addresses in memory that are constantly incrementing. Plus, on Windows it turns out that all processes have at least one timer that Windows makes for them. Wild.
If you’ve read this far but aren’t a programmer and don’t really understand, just trust me, this is a work of staggering fucking brilliance. And we totally lucked out, because most timers on computers count the date from 1970, and it turns out that for most of 2003, these timers contained a highly desirable bit pattern really, really often. Combined with all the worms that were running amok back then, and, well, it could have been messy.
(That’s the end of the science lesson - you may return to your facebook now…)