RELRO: RELocation Read-Only

This article describes ELF relocation sections, how to abuse them for arbitrary code execution, and how to protect them at runtime.

Gera's Insecure Programming Format String #2

Now that this semester is completed, I can continue going through gera’s execises =).

Negating an AND expression.

The basic database QUERY expression for a simple login is: [sql] SELECT * FROM users WHERE username = ‘phillip’ AND password = ‘taco’ [/sql] Which boils down to: “Login if T ∧ T” where in this case the first T is the result the database returns when username is in the database and the second is the result T is where password is in the database.

Rudimentary Treatise on the Construction of Locks, 1853 (excerpt)

A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among themselves, as they have lately done. If a lock – let it have been made in whatever country, or by whatever maker – is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of honest persons to know this fact, because the dishonest are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged, that an acquintance with real facts will, in the end, be better for all parties.