|
Gather 'round kiddies, while I spin a tale of olde tyme computing, back when mainframes roamed the planet and fed on punched cards.
I was a wee sprout teaching myself how to program on a timesharing PDP-8 in high school.
The crowd I ran with usually had all the passwords, either through visiting the computer center, stopping the processor and using a disk diagnostic tool to pull the master password off the hard disk, or bugging the automatic logout program. But mostly through what is now called social engineering..."Hello, Fred? I know you don't use the computer (terminal) at your school, but could you get me the password to your school's account? Yeah, it's usually written on the blackboard by the terminal."
Unfortunately the teachers and system manager thought we had some machine language program that would coerce the passwords out of the system by forcing it to fail and as a last gasp would spit out the passwords as sort of a "help me!" before crashing.
Stop laughing, these bozos were serious.
So we had the name and so we set out to earn it. After about a month of trying to crack the security, we gave up. The timesharing environment was a rubber playpen that would not let us have access to the goodies.
And then I cracked it...by accident. Really. In what seems to be the pattern of my programming life, I have this innate and uncontrollable talent for finding bugs. Most of my career it has been a pain "Why is it only you that has trouble with the software?", but at my current job, it is a boon.
Back at the plot. I had gotten hold of the system programmer's guide for the OS and had gotten tired of flipping pages to interrelate system tables. Until I was seduced by the dark side of programming, I was studying to be an architect and had access to large sheets of paper and a drafting board. So I made this master layout of all the system tables and how they interconnected.
When I was done, I could see how I could go from public information and drill down to the input/output buffers. The system guide said you did not have buffers until you were logged in. I should have known it was BS because we used to hide what we were typing from the noobs by typing a long string of commands on the same line as the login. Since the keystrokes were not echoed until you were logged in, only someone good at reading keystrokes could see what we were doing.
But it got me to thinking I could watch what was being done at the other school's terminals. So I hacked out a quick little program called "Snoopy" and set it to watching the terminal next to mine. It worked wonderfully. And then seemed to hang. Hesitantly, as though someone was hunting and pecking at a keyboard the word "LOGIN" appeared. I about crapped my pants. This was the days of ASR-33 teletype terminals and printed output. If one of the teachers had come in, they'd have proof that I was cracking the system. You couldn't turn the monitor off or reboot the computer, my only option would have been to rip off the paper and eat it. Which would have looked a tad suspicious by itself.
The timesharing nature of the environment had made the pointers I was chasing go invalid and accidentally connected me to a buffer where someone was logging in.
A few years later, stories of this exploit earned me a little conversation with the FBI.
"A whale of a tale I tell you lads, a whale of a tale and it's all true, I swear by my tattoo."
Psychosis at 10
Film at 11
|
|
|
|
|
Google's been doing this to unwary website operators almost since it's inception. So many cases have hit the news over the years I've lost count.
Sounds like a case of "doomed to repeat" to me.
patbob
|
|
|
|
|
|
rohans84 wrote: directory browsing was enabled
So you're working for ACS:Law[^]?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
we were not so stupid to put our transactional data (customer data) on a box which is connected to internet
|
|
|
|
|
here is another gem by my colleague. I believe he was drunk when he wrote this as I don't think he would do this in senses.
Page executingPage = null;
try
{
executingPage = HttpContext.Current.Handler as Page;
}
catch(InvalidCastException ex)
{
executingPage = HttpContext.Current.Handler as Page;
}
R A M
|
|
|
|
|
It at least recognises the futility: as can't throw an exception, it returns a null instead...
Real men don't use instructions. They are only the manufacturers opinion on how to put the thing together.
|
|
|
|
|
I know that there are a number of programers that don't understand proper Exception Handling, but this one is really bad. Maybe he was thinking that he should retry? Even then it is not done properly.
Just because the code works, it doesn't mean that it is good code.
|
|
|
|
|
yeahhh.. it won't go in catch block ever.
R A M
|
|
|
|
|
If at first you don't succeed, try, try, try throw, throw, throw again. Or something like that.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
|
|
|
|
|
|
I have an improved version:
Page executingPage = null;
while (true)
{
try
{
executingPage = HttpContext.Current.Handler as Page;
break;
}
catch (InvalidCastException ex)
{
continue;
}
}
|
|
|
|
|
Yep, this should work MUCH better
____________________________________________________________
Be brave little warrior, be VERY brave
|
|
|
|
|
LOL!!! Oh man.. you just made my week.
|
|
|
|
|
lol then what was the use of the variable "ex" he simple don't understand exception handling
Vuyiswa Maseko,
Spoted in Daniweb-- Sorry to rant. I hate websites. They are just wierd. They don't behave like normal code.
C#/VB.NET/ASP.NET/SQL7/2000/2005/2008
http://www.vuyiswamaseko.com
vuyiswa@its.co.za
http://www.itsabacus.co.za/itsabacus/
|
|
|
|
|
DWC - (Zero tolerance for) drunk while coding...
|
|
|
|
|
That's GOT to be a DWC!!
|
|
|
|
|
I'm always more productive when drunk.
(Off-topic)
But yeah, he was probably drunk.
|
|
|
|
|
I once fixed something similar that was coded by a newbie, it went
something like this:
private void HandleException(Exception ex)
{
try
{
... Code to handle exception that would always throw an exception
... Can't recall exactly what it was since it was 3 years ago
}
catch (Exception ex)
{
HandleException(ex);
}
}
The function would recursively call itself and cause a stack overflow exception.
|
|
|
|
|
I think it is a waste of code
|
|
|
|
|
This is a piece of code i took from a book i read about java game development.
public boolean displayModesMatch(DisplayMode mode1,
DisplayMode mode2)
{
if (mode1.getWidth() != mode2.getWidth() ||
mode1.getHeight() != mode2.getHeight())
{
return false;
}
if (mode1.getBitDepth() != DisplayMode.BIT_DEPTH_MULTI &&
mode2.getBitDepth() != DisplayMode.BIT_DEPTH_MULTI &&
mode1.getBitDepth() != mode2.getBitDepth())
{
return false;
}
if (mode1.getRefreshRate() !=
DisplayMode.REFRESH_RATE_UNKNOWN &&
mode2.getRefreshRate() !=
DisplayMode.REFRESH_RATE_UNKNOWN &&
mode1.getRefreshRate() != mode2.getRefreshRate())
{
return false;
}
return true;
}
|
|
|
|
|
I remember seeing very much the same thing in some DirectX sample. It certainly is not the greatest code ever written, but where do you see the horror?
A while ago he asked me what he should have printed on my business cards. I said 'Wizard'.
I read books which nobody else understand. Then I do something which nobody understands. After that the computer does something which nobody understands. When asked, I say things about the results which nobody understand. But everybody expects miracles from me on a regular basis. Looks to me like the classical definition of a wizard.
|
|
|
|
|
The code will work of course, but it should be obvious that the if structures are redundant... simply return the combined value of all the booleans
|
|
|
|
|
Really? It would become quite an ugly expression and it would be much harder to read. I remember writing similar code when playing with DirectX, but I wanted to filter display modes out of a list and any parameter could also have a 'don't care' value. This would have gotten even messier, so I also went for the more readable variant.
A while ago he asked me what he should have printed on my business cards. I said 'Wizard'.
I read books which nobody else understand. Then I do something which nobody understands. After that the computer does something which nobody understands. When asked, I say things about the results which nobody understand. But everybody expects miracles from me on a regular basis. Looks to me like the classical definition of a wizard.
|
|
|
|
|
uhum that makes sence, but i'd probably try to simplify the expression using some describing variable names.
|
|
|
|