Strings can get you hacked! (buffer overflows, strcpy, and gets)

preview_player
Показать описание
---

Strings are basic, but they also cause so many security problems, like buffer overruns, that new programmers usually don't understand or recognize. This video shows how careless string operations can make your code vulnerable to attack and gives some tips about what you can do to make your software more secure.



***

Welcome! I post videos that help you learn to program and become a more confident software developer. I cover beginner-to-advanced systems topics ranging from network programming, threads, processes, operating systems, embedded systems and others. My goal is to help you get under-the-hood and better understand how computers work and how you can use them to become stronger students and more capable professional developers.

About me: I'm a computer scientist, electrical engineer, researcher, and teacher. I specialize in embedded systems, mobile computing, sensor networks, and the Internet of Things. I teach systems and networking courses at Clemson University, where I also lead the PERSIST research lab.

More about me and what I do:

To Support the Channel:
+ like, subscribe, spread the word

Want me to review your code?

You can also find more info about code reviews here.
  1. Jacob Sorber
Рекомендации по теме
Strings can get 0:09:04

Strings can get you hacked! (buffer overflows, strcpy, and gets)

Can you get 0:10:46

Can you get Hacked by just clicking a Link?

How This 16-Year-Old 0:23:58

How This 16-Year-Old Hacked the CIA

I COPIED A 0:00:33

I COPIED A Girl HACKER and SHE hacked my comment!😨#shorts

Scanf can get 0:22:23

Scanf can get you hacked!

Using strcpy can 0:17:14

Using strcpy can get you hacked!

How People Get 0:08:53

How People Get Hacked

ChatGPT can be 0:00:44

ChatGPT can be HACKED

Kali Linux: 3 0:11:56

Kali Linux: 3 Must-Have Hacking Tools for Every Hacker | Angry IP Scanner, Hydra, Aircrack-ng

I got hacked 0:10:07

I got hacked by an iPhone Cable.

Versus Market Hacked 0:09:33

Versus Market Hacked Through an Easy Vulnerability

How to know 0:10:19

How to know if your PC is hacked? Suspicious Network Activity 101

How to tell 0:09:02

How to tell if your PC is hacked?!

3 Ways Your 0:00:06

3 Ways Your Account Gets Hacked #shorts

Get your systems 0:00:55

Get your systems hacked if you do not know this! #python #codingerrors #programming #coding

The Kids Who 0:27:38

The Kids Who Hacked Xbox

How To Make 0:00:31

How To Make Custom Trigger Stops For *FREE*... #Shorts

How to get 0:51:45

How to get properly hacked! by Julien Topçu

Family says Ring 0:01:23

Family says Ring camera hacked; 'I still see you'

I Stole Gordon 0:00:47

I Stole Gordon Ramsay's World Record

Used syringe under 0:00:38

Used syringe under the microscope is insane (real!)

The SPRUNKI COMPUTER 0:16:35

The SPRUNKI COMPUTER VIRUS..?? (Hacked Sprunki)

High security locks 0:00:25

High security locks easily defeated w/ this method. #lockpicking #homeowner #tools #city #security

This Strapless Bra 0:00:52

This Strapless Bra Hack Is GOLD

Комментарии
Автор

This is the most valuable channel on YouTube!

axalius
Автор

As a production operator I found an overflow flaw I used to "hack" the system. There was a machine that I had to load with a batch of product and then enter my name and password. One day I inadvertently held the last key of my password long enough for key repeat to start. I hit enter and the application crashed instantly. I immediately realized I had found an overflow bug. I realized I could use this to covertly stop the production line any time I wanted! If I wanted a short break, all I had to do is load the machine and fill the password buffer with about 50 characters or so and the machine would crash. Then I would call a technician to "fix" it. Usually took about 15min to get it back up and running. Shame on me but also shame on the sloppy programmer!

chiraldude
Автор

Hi Professor, I appreciate your effort of spreading knowledge. Please keep up the good work.

BARaaz
Автор

It's very common with these comments on beginner vids pointing out security issues. For me, learning from doing stuff wrong is _the_ way to learn. I learn a concept much better by processing a mistake than by getting it right the first time

peppigue
Автор

In college we were taught to prevent buffer overflows to avoid memory related issues. Didn't know buffer overflows can be used to hack as well!

neerajkale
Автор

One of the reasons for the sad state of IT security is that teachers don't want their students to "initially worry too much". Which tends to then have people not learn about security at all. Like, how many people who watched the previous videos did watch this one too? And how many, having learned about strings, didn't want to bother and didn't bother.

Look at the very recent (today is 2023-03-12) TPM 2.0 buffer overflows. BUFFER OVERFLOWS! IN THE *"TRUSTED"* PLATFORM MODULE!

You have to teach security from the very first lesson. Or forget it.

EDIT: I forgot to quote Alastor Moody: *CONSTANT VIGILANCE!*

Автор

You have a lot of good stuff on your channel, sir. Thank you kindly for this content.

SirNeshorn
Автор

3:11 "So let's compile our stupid little test program." >D

GA
Автор

I tried to run this example on clang and it wouldn't even let me do a buffer overrun. :) Then I found out that there's lots of research done on "buffer overflow protection" and maybe some compilers have adopted some of those techniques.

manishgill
Автор

He's really underrated for his explanation

k_gold
Автор

Hi Jacob as always its a great video, can you make a video on what are the advantages and disadvantages of function pointers? In terms of time and space and security threats.

rajanjha
Автор

The best video for buffer overflow I've ever watched!

clairehuo
Автор

I came across this channel for interview prep.
I loved the content.

mshingote
Автор

thanks for the advice, really helpfull.

bokunochannel
Автор

Great video, very informative ! More on these please sir! Like based on security issues

bhailog_gaming_
Автор

More of these kinds of videos would be spot on Jacob! Thanks :)

Silverdragon
Автор

FIRST! Thanks for the informative lesson, Teacher.

ayoubaz
Автор

Hi Jacob Sorber, Thanks for the very informative videos. it's really nice.

aradhanakiran
Автор

Hi Jacob, all of your videos are great. short and precise explanation. Can you make a video explaining poll and epoll.

sriramvatala
Автор

strncpy may or may not be slow, but it also will _not_ nul-terminate the destination buffer if it is filled up by the strncpy call. From the manpage...
"Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated"
The example you gave only worked because your were lucky enough that there was a null byte after the end of the destination buffer.

ChrisBNisbet