Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [hacking]

23 questions
173
votes
11 answers

Is Ken Thompson's compiler hack still a threat?

Ken Thompson Hack (1984) Ken Thompson outlined a method for corrupting a compiler binary (and other compiled software, like a login script on a *nix system) in 1984. I was curious to know if modern compilation has addressed this security flaw or…
Andrew
60
votes
16 answers

Why did SQL injection prevention mechanism evolve into the direction of using parameterized queries?

The way I see it, SQL injection attacks can be prevented by: Carefully screening, filtering, encoding input (before insertion into SQL) Using prepared statements / parameterized queries I suppose that there are pros and cons for each, but why did…
Dennis
  • 8,157
  • 5
  • 36
  • 68
39
votes
5 answers

How easy is it to hack JavaScript (in a browser)?

My question has to do with JavaScript security. Imagine an authentication system where you're using a JavaScript framework like Backbone or AngularJS, and you need secure endpoints. That's not a problem, as the server always has the last word and…
Jesus Rodriguez
  • 551
  • 1
  • 6
  • 8
16
votes
10 answers

If competition is using 'lingua obscura' for development (why) should I be worried?

I was reading Paul Graham's essay - Beating The Averages (2003) and here's what he had to say: The more of an IT flavor the job descriptions had, the less dangerous the company was. The safest kind were the ones that wanted Oracle experience.…
PhD
  • 2,531
  • 2
  • 18
  • 32
13
votes
7 answers

Are all security threats triggered by software bugs?

Most security threats that I've heard of have arisen due to a bug in the software (e.g. all input is not properly sanity checked, stack overflows, etc.). So if we exclude all social hacking, are all security threats due to bugs? In other words, if…
gablin
  • 17,377
  • 22
  • 89
  • 138
10
votes
5 answers

What are unique aspects of a software Lifecycle of an attack/tool on a software vulnerability?

At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing…
David Kaczynski
  • 1,376
  • 1
  • 10
  • 28
8
votes
3 answers

What is the best way to learn how to develop secure applications?

I would like to get into computer security in my career. What are the best ways to learn how to program securely? It seems to me that, besides textbooks and taking classes in the subject, perhaps learning how to "hack" would be one of the best ways…
Kenneth
  • 2,703
  • 2
  • 21
  • 30
8
votes
6 answers

What are the cases where keeping source code secret is justified?

When I worked as a freelancer, I encountered lots of cases where customers were protecting their ideas and source code of their projects (such as web applications) as much as possible, no matter how unimportant, uninteresting and unoriginal were the…
Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513
7
votes
2 answers

Contributing to open source software (how to hack)

Possible Duplicate: How do you dive into large code bases? I am currently a student and started programming a few years ago. I am able to write complete working software in many languages. However, there is something that bugs me about…
J-F
7
votes
4 answers

Is separate QA team, redundant in development life cycle?

Background: Developer is the best person to know/understand the dark corners after any development/enhancement of enterprise software, compared to QA technician. Developer can assess the depth/breadth of production problems that can arise from such…
overexchange
  • 2,245
  • 2
  • 17
  • 47
4
votes
3 answers

Possible hack aftermath

After being hacked companies often give numbers and details on how much of their data was compromised e.g "13K user and passwords". After a possible intrusion how do you know what the hacker did in your server?
amosrivera
  • 329
  • 3
  • 17
3
votes
6 answers

How does a website become hackable?

I know websites are hacked because of loose ends but how are they hacked via a form? Is it because the website owners didn't validate the form and the way they structured?
KPO
  • 147
  • 5
3
votes
1 answer

Is this possible to re-duplicate the hardware signal on Linux?

Since that every things is a file on the UNIX system. If I have a hardware, for example, a mouse, move from left corner to right corner, it should produce some kinds of file to communicate with the system. So, if my assumption is correct, is this…
Ted Wong
  • 1,589
  • 1
  • 15
  • 19
3
votes
6 answers

Is scanning the ports considered harmful?

If any application is scanning the ports of other machines, to find out whether any particular service/application is running, will it be considered harmful? Is this treated as hacking? How else can one find out on which port the desired…
Manoj R
  • 4,076
  • 22
  • 30
3
votes
4 answers

Are there laws to protect us from hackers who disclose vulnerabilities prior to alerting the vendor?

Take the example of the recent ASP.NET (and Java Server Faces) vulnerability disclosure at a Hacker conference in Brazil. It's my understanding that the poet tool was demonstrated before Microsoft was even aware of the issue. Are there laws to…
makerofthings7
  • 6,038
  • 4
  • 39
  • 77
1
2