|
Przemysław Frasunek
Przemysław Frasunek (also known as venglin, born 6 May 1983) is a " white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s, noted for one of the first published successful software exploits for the format string bug class of attacks, just after the first exploit of the person using nickname tf8. Until that time the vulnerability was thought harmless. He is the CEO of Redge Technologies. Vulnerability research Notable vulnerabilities credited to Przemysław Frasunek: * , Format string bug in WU-FTPD (''remote root exploit''), one of the first exploits for the format string bug class of attacks. * , Buffer overflow (''remote root exploit'') in NTP server, affecting wide range of systems. * , Signal race condition in FTP server, affecting NetBSD and Mac OS X. * , Privilege escalation (''local root exploit'') affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolari ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
White Hat (computer Security)
A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission. White-hat hackers may also work in teams called " sneakers and/or hacker clubs", red teams, or tiger teams. History One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force, in which the Multics operating systems were tested for "potential use as a two-level (secret/top secret) system. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hacker (computer Security)
A security hacker or security researcher is someone who explores methods for breaching or bypassing defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, sabotage, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. Longstanding controversy surrounds the meaning of the term "hacker". In this controversy, computer programmers reclaim the term ''hacker'', arguing that it refers simply to someone with an advanced understanding of computers and computer networks, and that ''cracker'' is the more appropriate term for those who break into computers, whether computer criminals ( black hats) or computer security experts ( white hats). A 2014 article noted that "the black-hat meaning still prevails among the general public". The subculture that has evolved around hackers is often referred to as the "co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bugtraq
Bugtraq was an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It was a high-volume mailing list, with as many as 776 posts in a month, and almost all new security vulnerabilities were discussed on the list in its early days. The forum provided a vehicle for anyone to disclose and discuss computer vulnerabilities, including security researchers and product vendors. While the service has not been officially terminated, and its archives are still publicly accessible, no new posts have been made since January 2021. History Bugtraq was created on November 5, 1993 by Scott Chasin in response to the perceived failings of the existing Internet security infrastructure of the time, particularly CERT. Bugtraq's policy was to publish vulnerabilities, regardless of vendor response, as part of the full disclosure movement of vu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Format String Bug
Uncontrolled format string is a type of code injection vulnerability discovered around 1989 that can be used in security exploits. Originally thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the call stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write the number of bytes formatted to an address stored on the stack. Details A typical exploit uses a combination of these techniques to take control of the instruction pointer (IP) of a process, for example by forcing a program to overwrite the address of a library function or the return address on the stack with a poi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WU-FTPD
WU-FTPD (more fully wuarchive-ftpd, also frequently spelled in lowercase as wu-ftpd) is a free FTP server software (daemon) for Unix-like operating systems. It was originally written by Chris Myers and Bryan D. O'Connor in Washington University in St. Louis as a replacement of the BSD FTP daemon, for use in the Washington University network, primarily the largwuarchivesite. The software eventually evolved to lend itself as a replacement in other mainstream commercial operating systems of the time, including DEC's Ultrix, IBM's AIX and Sun's SunOS and Solaris operating systems. It was also soon ported to other operating systems rooted in open source, such as FreeBSD and Linux. The software had fallen into disrepair during the mid-1990s until its stewardship was taken over by Stan O. Barber. He released a number of patches, which were named the ACADEM series, named after his company, Academ Consulting Services. After a few years the source code was taken over by Gregory Lundber ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Solaris (operating System)
Oracle Solaris is a proprietary software, proprietary Unix operating system offered by Oracle Corporation, Oracle for SPARC and x86-64 based workstations and server (computing), servers. Originally developed by Sun Microsystems as Solaris, it superseded the company's earlier SunOS in 1993 and became known for its scalability, especially on SPARC systems, and for originating many innovative features such as DTrace, ZFS and Time Slider. After the Acquisition of Sun Microsystems by Oracle Corporation, Sun acquisition by Oracle in 2010, it was renamed Oracle Solaris. Solaris was registered as compliant with the Single UNIX Specification until April 29, 2019. Historically, Solaris was developed as proprietary software. In June 2005, Sun Microsystems released most of the codebase under the CDDL license, and founded the OpenSolaris Open-source software, open-source project. Sun aimed to build a developer and user community with OpenSolaris; after the Oracle acquisition in 2010, the Open ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenSolaris
OpenSolaris () is a discontinued open-source computer operating system for SPARC and x86 based systems, created by Sun Microsystems and based on Solaris. Its development began in the mid 2000s and ended in 2010. OpenSolaris was developed as a combination of several software ''consolidations'' that were open sourced starting with Solaris 10. It includes a variety of free software, including popular desktop and server software. It is a descendant of the UNIX System V Release 4 (SVR4) code base developed by Sun and AT&T in the late 1980s and is the only version of the System V variant of UNIX available as open source. After Oracle's acquisition of Sun Microsystems in 2010, Oracle discontinued development of OpenSolaris in house, pivoting to focus exclusively on the development of the proprietary Solaris Express (now Oracle Solaris). Prior to Oracle's close-sourcing Solaris, a group of former OpenSolaris developers began efforts to fork the core software under the name ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
1983 Births
1983 saw both the official beginning of the Internet and the first mobile cellular telephone call. Events January * January 1 – The migration of the ARPANET to Internet protocol suite, TCP/IP is officially completed (this is considered to be the beginning of the true Internet). * January 6 – Pope John Paul II appoints a bishop over the Czechoslovak exile community, which the ''Rudé právo'' newspaper calls a "provocation." This begins a year-long disagreement between the Czechoslovak Socialist Republic and the Vatican City, Vatican, leading to the eventual restoration of diplomatic relations between the two states. * January 14 – The head of Bangladesh's military dictatorship, Hussain Muhammad Ershad, announces his intentions to "turn Bangladesh into an Islamic state." * January 18 – United States Secretary of the Interior, U.S. Secretary of the Interior James G. Watt makes controversial remarks blaming poor living conditions on Indian reservation, Native American re ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Living People
Purpose: Because living persons may suffer personal harm from inappropriate information, we should watch their articles carefully. By adding an article to this category, it marks them with a notice about sources whenever someone tries to edit them, to remind them of WP:BLP (biographies of living persons) policy that these articles must maintain a neutral point of view, maintain factual accuracy, and be properly sourced. Recent changes to these articles are listed on Special:RecentChangesLinked/Living people. Organization: This category should not be sub-categorized. Entries are generally sorted by family name In many societies, a surname, family name, or last name is the mostly hereditary portion of one's personal name that indicates one's family. It is typically combined with a given name to form the full name of a person, although several give .... Maintenance: Individuals of advanced age (over 90), for whom there has been no new documentation in the last ten ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hackers
A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bugs or exploits to break into computer systems and access data which would otherwise be inaccessible to them. In a positive connotation, though, hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN or the dark web) to mask their identities online and pose as criminals. Hacking can also have a broader sense of any roundabout solution to a problem, or programming and hardware development in general, and hacker culture has spread the term's broader usage to the general public even outside the profession or hobby of electronics (see life hack). Etymology The te ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
