|
Ah. Let me put it this way...
Someone may think he's being helpful when giving advice on how to detect or avoid an attack of some sort, e.g. "always check your tailpipe for bananas before starting your engine". That sounds reasonable doesn't it? But, there is very little likelyhood that the average person will come under that type of attack, particularly from a serious attacker. The more likely outcome of publishing such advice is to give the local urchins an idea for a prank.
Several such instances of "advice" have circulated the Internet (and they sometimes get picked up by broadcast media), much like chain letters, and I cringe every time I hear of one, because I know they're actually putting bad thoughts into people's heads.
Examples:
http://www.snopes.com/horrors/robbery/slasher.asp[^]
http://www.snopes.com/crime/gangs/lightsout.asp[^] (I first heard of this one on the radio)
http://www.snopes.com/crime/warnings/maryland.asp[^]
So, even if I knew how to write a virus or similar malware (and I don't), I wouldn't tell anyone.
I do recall there was a book, though, back in the 80 or 90s...
Or you might like this: http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_1?ie=UTF8&qid=1424628134&sr=8-1&keywords=virus+book+code+computer[^]
<hidden>
I do recall, in high school, writing a program, that was essentially a password grabber, which I would leave running on a terminus.
It would prompt for Username and Password (this was RSTS-E on a PDP-11), write them to a file in my directory, delete itself, and exit.
Fun times. I don't think I caught anyone with it.
</hidden>
|
|
|
|
|
Bruno Sprecher wrote: And why one can discus SQL injection Because the only thing that is published on the subject is how to prevent it happening. If you want a discussion on how to prevent viruses, worms, trojans etc., then start a thread with that clear objective. But having a discussion on how to write such software is plain silly.
|
|
|
|
|
Sorry, but SQL injection is a children Story (which a lot of experts push to Show how "experts" they are).
Yep let discuss how to implement a virus! No, that is _not_ silly...because you, neither me and all the others do not have any idea about it.
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: SQL injection is a children Story (which a lot of experts push to Show how "experts" they are). On the contrary, we do it to show "newbies" and others, that their code exposes a weakness, and they should change it in order to protect their systems. The fact that you appear not to understand the importance of this is rather worrying.
Bruno Sprecher wrote: let discuss how to implement a virus! No, that is _not_ silly Of course it is, if it gives people information on how to create such software.
|
|
|
|
|
No! If it is published one can defend! If not published only gibberish is available, like here! And that is not the Job of this forum!
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Sorry Bruno, I really don't understand those statements.Sorry, I re-read that and think I do understand; but I can only continue to disagree with you. If you publish information on how to create this sort of software, then every hacker in the world can find out how to do it. That is not only silly, but totally irresponsible.
|
|
|
|
|
Hmmm, most probably my bad english. Anyway I appreciate that you still discuss with me.
The only thing I like to reach is, that one can discuss free about the "dark side" and develope defense against it.
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
I agree. I think the main point is that even though one's intentions may be good, much bad can come of it.
|
|
|
|
|
I agree with the rest of opinions. Maybe with an example...
SQL-Injection:
You see someone stepping out of the car and you tell him. If you leave the door opened and the keys inside, your car might be easily stolen.
Virus (light version):
You tell someone how to open a closed car and startup the motor without a key.
Virus (strong version)
You explain/publish about how to make a home-made bomb.
Virus (extreme version)
You explain/publish how to build a dirty bomb.
Sorry, but I think they are different. Although I knew how to do it, I would not explain how to build bombs due to some reasons.
1) People with bad intentions could learn it
2) People with good intentions but not enough knowledge could try to experiment how to protect themselves and blow up the house and kill the neighbours by accident or bad implementation
3) Normal people would not understand anything of what I am explaining and be still unprotected.
In conclusion: for a 0.1% (or less) that could take legitime profit of it in a "good" way... they can learn it in their own.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Sorry to reply like this. My meaning is:
SQL-Injection: Yes you know about it. Even I know this simple things!
Others (light, strong, extrem): No, you don't know about it...why to hide your knowledge to help others to protect against it...? It is simply giberish...
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: Sorry to reply like this
No problem
Bruno Sprecher wrote: My meaning is:
I understood you the first time
Bruno Sprecher wrote: why to hide your knowledge to help others to protect against it...? Do you see / read the news? In such a world... If the example was not clear enough...
Would you really teach how to create bombs? [irony]Maybe someone learn how to deactivate.[/irony]
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Quote: Would you really teach how to create bombs?
Good Point
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Bruno Sprecher wrote: And why one can discus SQL injection and _not_ the other abusive themes? ..because the term Sql Injection is famous, and terms like keyloggers are scary.
The first gets us a higher rating on Google, the second a higher rating on the suspicious sites-list.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Bruno Sprecher wrote: Please remind we are here: Quote: For lazing about and discussing anything in a software developer's life that....
Exactly.
Creating/maintaining/dealing with viruses is not part of a software developer's life.
Go to a security forum. There will be experts there who can answer your questions.
That's way safer than reading our guesses and (probably misguided) assumptions.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
I don't see what it is you have to complain about: CodeProject does have content related to key-loggers and security monitoring, like this series of 4 articles by Michael N Haephrati that describes, and appears to have code for (which I'm not about to download), a complete "secret" security monitoring package that includes hidden updates, user activity monitoring, etc.: [^].
This kind of low-level coding doesn't interest me, but I stumbled across this article today while doing research on application-level keyboard hooks in Win Forms (the fourth article in the series is about keyboard hooking). I would guess there's other content here related to the interests you expressed.
The virus that really interests me is "human language," as in the hypothesis by Ustinov that language originates from a xenobiological virus (it came from outer space).
But, I am not troubled by the fact that CodeProject seems to avoid discussing viruses from outer space.
cheers, Bill
«I'm asked why doesn't C# implement feature X all the time. The answer's always the same: because no one ever designed, specified, implemented, tested, documented, shipped that feature. All six of those things are necessary to make a feature happen. They all cost huge amounts of time, effort and money.» Eric Lippert, Microsoft, 2009
|
|
|
|
|
BillWoodruff wrote: (which I'm not about to download) You don't need to.
We installed it on your machine weeks ago.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
It seems like everybody is on GitHub nowadays.
I'm not looking for source control or collaboration tools.
I could share my code, but why would I? I don't have anything very interesting to share at the moment (or maybe some files for my blog/articles?).
And I'm also not looking into contributing to other projects as I'm busy enough studying for my Open University courses.
I understood GitHub is more than that (a social network? Can't be better than CP ).
I am kind of interested in what all the fuzz is about, but is it worth it for me to create a profile?
My blog[ ^]
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}
|
|
|
|
|
I do not use GitHub, but Bitbucket - which is essentially the same (but I found better for me)...For what?
I do work on the same project from different physical locations (different computers), so it helps me to work on whatever project I want...
I also use it as a kind of online debug (and for share too)...
But do not do it for the buzz...Do it only if you need it...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Checked out BitBucket and compared the two. I'm still considering GitHub simply because I'm curious. Marc also mentioned a compelling reason to go with GitHub
My blog[ ^]
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}
|
|
|
|
|
Unless you:
1. Collaborate with others on projects OR
2. Must work on said projects from multiple locations
I would say that GitHub is overkill. However, I strongly urge you to use some sort of version control even for your personal projects. Being able to undo changes can be a life-saver!
I would, however, add that if you are concerned about intellectual property (IP) ownership, GitHub is a poor choice. Recent events (e.g. the Yanqui Federales attempts to grab data from MS servers located in Ireland ) show that if the server is not under your physical control - you don't own the data on it!
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
I don't know if that last statement is a valid point against GitHub. If you use it for OSS projects, then you don't mind anyway [anyone can clone anyway - the license itself is very clear stated].
If you need something for internal projects, then GitHub is a weird choice anyway, as you could just go with, e.g., a GitLab instance, which is installed on premises. This gives you much more freedom, however, comes also with additional maintenance costs.
|
|
|
|
|
Florian Rappl wrote: If you need something for internal projects, then GitHub is a weird choice anyway, as you could just go with, e.g., a GitLab instance, which is installed on premises
Agreed. My point was that GitHub is not an appropriate place for proprietary code, the advantage of being able to access your code from anywhere being offset by the lack of security.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
Yep, that's definitely true!
|
|
|
|
|
Git doesn't actually need a server. The only reason I can think of to use one is if you absolutely love web interfaces. Personally, I haven't found anything yet that I like better than GitExtensions, so even when I do use GitHub it's just cloud storage.
For internal projects, just clone a "public" repo to a folder on an internal server. You can easily restrict access via your existing authentication system (ActiveDirectory in our case) if that's your bag, so no need to muck about with keys for ssl or anything. Easy-peasy, and very low maintenance.
|
|
|
|
|
I don't know where you read that git needs a server (no one said or implied that). The discussion was about a central web interface with the special case of GitHub. However, running git without a server is only a half-baked solution. If you have source control you also (should) want backups. Therefore syncing with one or more peers is important.
And I also don't see where your reasoning against web interfaces is coming from. Even at home I use gitweb on my RPi - its often the fastest and most convenient way to access quick information about a repository that has not been cloned or fetched yet.
|
|
|
|