Im taking a security class that I was told had nothing to do with programing. Of course the entire semester goes by and there is no programing at all. Until the final ...
Can someone please help me out with this question?
http://cwlmiami.com/question.JPG
Last edited by miamitj; 12-10-2010 at 11:53 AM.
Well, considering that the code described doesn't even *compile*, it's completely harmless! What book is that, anyway?Originally Posted by miamitj
Code:#include <cmath> #include <complex> bool euler_flip(bool value) { return std::pow ( std::complex<float>(std::exp(1.0)), std::complex<float>(0, 1) * std::complex<float>(std::atan(1.0) *(1 << (value + 2))) ).real() < 0; }
William Stallings -- Computer Security -- Principles and Practice.
Im guessing the first one is suppose to print. What is the second one suppose to do?
Who knows what it's "supposed to do" - it's nonsense.
Code:#include <cmath> #include <complex> bool euler_flip(bool value) { return std::pow ( std::complex<float>(std::exp(1.0)), std::complex<float>(0, 1) * std::complex<float>(std::atan(1.0) *(1 << (value + 2))) ).real() < 0; }
As for the first one, yes, it looks like it's supposed to print, but begin, print and end are not keywords in C. I would almost say it was Pascal, given the begin, end, (* and *), but the output command in Pascal is write, not print.
As for the second example: The first printf is totally bogus syntax. The for loop looks like it's trying to print the numeric value of each character in t, and the final printf prints out the string representation of t, but there's no terminating null (unless it's part of the "and so on..."), so it may print all kinds of bogus info. Note that t is never declared anywhere.
I would say the relevance is that, if a hacker is so stupid he can't even compile a program, you don't have to worry about him.
Think about it guys... If you were teaching a course on computer security, would you let your students --half of whom you know are taking the course to learn how to get around security-- within half a mile of working malicious code?
Sure I would, and so did my professor. I took a security course when I did my undergrad. We did all sorts of code analysis, discussing buffer overflows and issues with signed/unsigned stuff. We even had to write a program to insert a "malicious" printf statement using buffer overflows for some RPC stuff in a fake service the prof wrote.
Most of the code that will be covered in a security course is "in the style of" malicious code, but can't really harm anything itself. Things like examples of buffer overflows changing a return value in a program that doesn't actually do anything on a system is innocuous, but demonstrates the principles quite well. The actual implementation of these things is incredibly complex, requiring detailed knowledge of the system to be attacked, compiler used to compile the program, etc and is probably beyond the grasp of most university students.
This is for my Masters. The people in this class are paying WAY to much $$$ to be taking a class just to get around security. I'm sure it would be easier to Google code then deal with a class like this.
Thanks, I'll be sure to stay the hell away from that book (unless I need a good laugh).
"I am probably the laziest programmer on the planet, a fact with which anyone who has ever seen my code will agree." - esbo, 11/15/2008
"the internet is a scary place to be thats why i dont use it much." - billet, 03/17/2010
