I see there is a very clear trend towards computer safety precautions. AMD is building anti-buffer-overflow measures into there chips. Intel will soon follow suit. Compilers are getting better and better at finding vulnerable code. Measures against various interpreter code injection is getting better and better. Auto-Update features are now wide spread(Imagine an 0-day worm!). If an admin really wants to they can stop advanced sql injection.

I don't know how advanced anti-buffer-overflow software is. It seems very possible for a debugger to detect vulnerable code. Is the acid test of this anti-buffer-overflow software that vulnerability are still being found? Or are people just no using this software?

So where does this leave black hat hackers? Do you think buffer-over-flow based attacks will soon be a thing of the past? What types of attacks will remain? It seems that social engineering will be the only thing left. It seems to work quite well. It was Kevin Mitnick most powerful tool. Look how fast e-mail worms spread. You would think that eventually people will wise up, I think they will but it will take time.

It seems that soon all the vulnerability will ether be in old software and old machines.

What about errors in the overall logic of a program? I assume that these will always exist. All of these vulnerability found in IE are logic errors. However I haven't really seen logic vulnerability in other software. Do you know of any reasons for this? Is it because of how IE works so closely with the windows os? According to "Exploiting Software" the line between OS and Software is starting to blur and it will eventually be nonexistent. Will this mean more logic errors? Do you think that right now logic errors are as abundant as buffer-over-flows?

Do you think that there will be a day where hacking is no longer possible?

I am really curious what the "hacker" community has to say about this.

Peace out

Don't know about the Black Hats but I suspect that as long as Man has curiosity there will always be a desire to hack. These particular devices are created by Men and thus may have their own flaws in them. And if not those, something new will probably be created and quite possibly more sophisticated than what we see today.

Well i think that there is also a way to bypass security. And maybe there will be a new kind of method instead of Buffer overflows.

So i agree with MsMittens

As long as ppl are too lazy patching their system, microsoft too lazy to test their software/os really good, and ppl dont want to switch os, it'll last a while then

"you can stop me, but you can't stop us all"
they make new security, we find other ways to exploit it... it'll be around forever probably... actually, i wish it would become more complicated so script kiddies can't use their same stupid techniques

and you thing that all people will going to change all computers ??? I don t think
When you hack and you see against P133 processor you can think that tha hacking enjoys buffer overflow for long days

P.S : AMD = SUXOR

3com tried the same fing wwiv the built in firewalls for NIC( thats netwoprk interface card), iut never took off, u get me, we will see,
there are always trojans and other ways :-)

So long as a system is created there will always be a flaw in it, even if only just one. Also, as the complexity of the system increases, so does the possibility of flaws/errors/expoits.

The fact that humans are using these human made programs, often with no idea how they work, means there will always be problems.

Sure, people can make the hardware block/resist certain types of attacks, but people will be the real problem. As you can see, these different components, when pulled together mean there will always be numerous holes/mistakes in programs and in operating them.

In the short, my answer is no, I don't think hacking will ever go away. Curiosity will always be the over-riding reason for hacking, and hopefully in future better security will put off script kiddies who have no idea about what is happening and are happy to click a button.

there will never be an end to hacking. many many companies actually RELY on the assessors and the destructors. this is one of the many other ways man makes the almighty dollar. if you didnt hack anything, then security companies wouldnt make shit. and right now, computer security is one of the fastest growing careers. if there was an end to hacking and an end to exploitation, then allllllllllllllllllll those people who went through their $1000 a day training at some shitty place at the age of 30 something, would of been doing it for nothing at all. AMD and Intel will never do that. its probably some rumour or something extremel less advanced at the point where its extremely easy to get around. theres always ways to get around.

how secure a system is, always depends on the weakest part in the chain...

and this is and will be forever human mankind, which is using these devices..

so no matter how secured and patched a system is, there will always a way round it...

the mentioned techniques like buffer-overflow checking built-in in processors will stop the most security-breaches from happen (yes, its proven that there are ways around it, like there are ways around IDS´s).

so this will help mostly the admins to be protected from untargeted hackers, that are only about to get their str0s up and running, but will never stop a sophisticated and targeted hacker.

just my 0.02$

As long as there are computers to program, and as long as humans are involved in the programming process, there will be security issues.

As more concrete measures are being taken to prevent buffer overflows, hackers will find weaknesses in these systems. For example, it was first assumed that implementing non-exec stacks into operating systems would almost eliminate the possibility of buffer overflow issues, but certain people suggested that all that was needed was a return into an already existant routine - also known as returning into libc.

Many other examples exist, but all suggest that anti-hack systems will be circumvented by those dedicated enough to find issues in them. Although certain people on this board would rather systems remain vulnerable to common security issues, I actually find it a good thing that system security is bettering. But, as I said, computer security will always be an issue, and always has, even from the beginning - the first phone phreaks became active in the 1960s or earlier...



-Shaun.

Shaun's dead on in regards to this one. In recent years the number of kiddies has exploded and the number of "hackers" has dwindled. I'd doubt if we ever truly will see a return to the Hacking environment of the 60s/70s/80s, largely because of the intent of large OS manufacturers to make things "easy for the user". Look simply at the curiosity level and you know it's never going to happen. Case in point: this is an outtake of a conversation I actually had with someone a little while ago (I've cleaned up his language so it was understandable and it's paraphrased but I think you'll get my point)

====

<kiddie> teach me how to hack!
<MsMittens>Uh... well you need to know your OS and you need to understand networking, particularly TCP/IP
<kiddie> oh. then teach me tcp/ip
<MsMittens>Uh.. that's going to take a while.
<kiddie>give me the quick 5 minute version
<MsMittens> there is no quick version
<kiddie> what's an OS?
<MsMittens>your operating system
<kiddie> oh.. like Office?
<MsMittens>Uh.. no.. Like Windows XP, NT, 98. Honestly you'll need to do some research and studying to understand how to do this..
<kiddie> isn't there an easy way to do this!?? I don't want to do research and studying.. that's lame!! You probably don't know how to do it anyways!
kiddie leaves at this point

====

I had always heard about these but had never experienced it. It's along the same level as the ones that whine about their girlfriend/boyfriend/significant-whatever is "apparently cheating on them and could you help them hack Yahoo/Hotmail/<insert web email of choice here>". This desire to not do work, not do research, not be curious as to why something happens and not be willing and brave enough to do the "what if I tried this" (I've fried more machines doing the "What if I put this here?" concept) that the Hacker, in it's original sense, will become extinct.

*Meh*

Maybe it's me.

no, its the general public, grown up spoon-fed and think they can go on like this till they are beneath the earth...

most of the ppl are not willing anymore to put a certain amount of time into something to accomplish their goals and are not even a bit interested how something works.

but still they want to be able to do everything they want to do....

well, i guess its time to wake up for these people, it wont work this way.

this "method" may work for other aspects in life, where you can tell other guys to do something for you (fix your car e.g.) but this costs em money then...

to make a long story short, i wonder where mankind will go / be in lets say 10-20 years, if the amount of "easy-minded" ppl will still grow, or if they decide to go a bit back to the roots and be more curious about how things work, how to fix something theirselfes and finally understand whats going on behind the scenes.

we´ll see

msmittens... that conversation is pathetic.... you did the right thing

i think it's just a stage kids go through at sometime... most of these kids are older than me, but still, once they get older, they just don't care anymore (believe me, i see it happening in my school all the time, i hate those kids... GRRR)

This this has taken an interesting turn. Hmm I find it interesting that the fact that America is plagued by ADD causes script kiddies.

I have met a few hackers in real life. Most of them claimed they where hackers and didn't know damn thing. I have met some script kiddies in real life, they say that they have never met anyone as good as them. Its funny I run circles around a lot of them. I talked to this dude that works for the DoD. His job is to secure networks. If you haven't been paying attention the DoD and other government branches got an over all D rating for security. He was given the job after they got the poor rating, his job is to fix it. Interesting dude, he is the only one I have met in real life that might be better than me.

I have had the FBI investigate me. They stopped the investigation because they didn't have any evidence. I found out about the investigation form a friend that worked for the company. My friend said it got really bad. The FBI where going around opening up computers dusting for finger prints. I was on the other side of the country, what a wonderful waste of tax dollar. I didn't' damage anything or cause any problems for them. The only reason why the found out is because I reported the hole in there system. I was just trying to help them out (filtered) moron assholes should burn.

Though I have been called elite there is much I need to learn. I am reading Exploiting Software, I thought finding buffer overflows was harder. It is a very interesting book. I suggest you people read it. You should have a working understanding of API calls, C/C++ and ASM. It tells you exactly what you need to know to find an exploit a vulnerability.

Peace out

I dont think there ever will be...

Security researchers always say that hackers are one step ahead of the times.
Even though compilers are finding vunerable code and some programmers are taking extra time to simplify and program securley somethings ALWAYS happens and always will happen. MS will release a patch and the patch will be hacked...
Its like a never ending game in which we are all a part of...

The computer world is never ending and limitless...
If it can be fixed it can be broken!

Also, the world of software engineering has become very weak, with schedule dates and budgets being the primary drive in software, not secure code. Until the software industry realizes it needs to take the time/money to invest in secure code, it ain't gonna happen too easy.

-niko