Joined: 04 Mar 2003
|Posted: Sun Jan 01, 2006 9:34 pm Post subject: Dec '05 SFDC Column
December ’06 SFDC Column
Well the month of December is not only upon us, it is almost over already. This year has been another busy, busy year for the staff here at SFDC. We have seen continued growth on a monthly basis over this past year, which is a testament to the quality of the forum. Much as we have always said it is not only through the efforts of the staff, but also due to the members themselves that make this forum what it is. With that said we still need to keep up our efforts to make SFDC the best computer security forum out there today.
Over the course of the past several months we have noticed an upsurge in the bumping of posts, and double posts. This makes the forum look untidy, and is against forum rules for that very reason. Lets all please make an effort not to do this, and rather simply use the edit key to update our last post. Sadly, not every post will always get an answer although we all try to give one. If your question isn’t answered, try posing the same question again in another week or so, but with perhaps more detail this time. That said lets take a look at some of last months posts.
Sempron vs. Celeron?
One of the members is asking which processor is better in regards to the Celeron, and the Sempron. Well first off we need to realize that both of these processors are what is considered low end ones. That means that they will be slower in terms of processing speed, and will give have lower specs as well. One of the specs you should be paying close attention to is the L1 cache. Quickly said the more of this the better off you are. You should always first assess your needs before purchasing a computer. What is it going to be used for? If you are a gamer and want to play the latest games out there I definitely would not even consider getting either one of these processors. In essence what you are getting with either one of these is a bargain basement processor. With that said expect the performance one would get with such a processor. There really isn’t a huge difference in price between one of these, and a Pentium IV for instance. Problem is once you start factoring in upgrades your computer goes up in price quite rapidly. Decide what your budget is, and stick with it!
The question posed by one of our members here is one that comes up every now and again in one form, or another. They want to know how a port is exploited on a computer. Well much as it is pointed out in the thread itself, is the fact that it is not the port itself that is being exploited. Rather it is the service which is listening for active connections on that specific port, which can be exploited. Exploited that is if it is vulnerable to a specific exploit that it has not been patched for yet. For example, you decide to install the win32 port of Apache webserver on your computer. Once installed this program will open up a listening socket on TCP port 80. That means that this Apache webserver is actively listening for connections on port 80 using TCP. If there is an exploit such as say Apache Chunked encoding that this server is vulnerable to, and the webserver is not patched, then yes it can then be exploited. Hopefully this fuller explanation will be of good use to some of you who were having some difficulty grasping this concept.
Using Malloc in C
The poster of this thread is looking for some guidance on the usage of malloc in the C programming language. Just as the hyperlink I just gave you says, you are able via malloc to allocate a chunk of memory. A key point to remember here is that this memory will come from the heap, and not the stack when using malloc. There is a key difference between the heap and the stack. In the heap the memory there is nowhere near as structured, as the memory of the stack. A quick aside to this is why you see far more stack based buffer overflows then heap based overflows. Heap based overflows are harder to find, and exploit. Anyhow before I get even more sidetracked some excellent advice is given to the poster in this thread, as it pertains to his question. Learning how to properly use “malloc”, and by extension “free” is tricky affair, and one I have yet to tackle myself.
Most popular language except C++
In this thread the question asked is what programming language is the most popular one, excluding C++. Well that begs the question of most popular language for what? Is it for writing operating systems, web applications? One needs to be far more specific to get a good answer. There is no real all around winner, but if forced to give one out I would have to say C. Most every operating system, and heavyweight application has C in it. It has been said many times that you are probably best off learning C, ASM, and an object oriented language such as C++ or other OO based one. Just as it is explained in this thread learning ASM will also really help you along, as all of these high level programming languages are in turn translated to machine code ie: ASM. Being able to code in ASM and understand it well will certainly give you a leg up on the competition. You may wish to check out our review selection for some ASM based book reviews.
Well this brings us to the end of another SFDC column. I also wanted to take the time to mention that there is a wealth of information on this site. You may want to use the search function to see if your question has already been answered before posing it. Also if you are a new member you would be well advised to read the stickies in the forums that interest you. Those are some of the more notable posts for that specific forum. Lastly, a big thank you goes out to the programmers on this forum for the donation of both their time, and expertise in answering our questions for us. We are indeed very lucky to have them, as believe me, retaining their professional services would quickly add up to a small fortune! On that note take care and we will see you all in the New Year.