In Return-Oriented Programming how can the machine execute unaligned instructions?

I am reading “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)”.

The author claims that x86 code is like English written without punctuation or spaces, so that the words all ru… Continue reading In Return-Oriented Programming how can the machine execute unaligned instructions?

Stack Overflow Discloses Digital Attack against Production Systems

Stack Overflow, a popular question and answer site for programmers, disclosed a digital attack in which bad actors accessed its production systems. Mary Ferguson, VP of Engineering at the company, publicly revealed the incident on 16 May. In a statemen… Continue reading Stack Overflow Discloses Digital Attack against Production Systems

Hackers Breach Stack Overflow Q&A Site, Some Users’ Data Exposed

Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident.

Stack Overflow, one of the largest question and answer site for programmers, revealed… Continue reading Hackers Breach Stack Overflow Q&A Site, Some Users’ Data Exposed

Cannot exploit stack-based buffer overflow with ASLR-disabled, since RSP differs heavily between executions?

I have made a little toy program, compiled with ALSR disabled, that I want to exploit using stack-based buffer overflow:

// gcc stackexec0x1.c -Wl,-z,execstack -no-pie -fno-stack-protector -o stackexec0x1

#include <stdli… Continue reading Cannot exploit stack-based buffer overflow with ASLR-disabled, since RSP differs heavily between executions?

Popular coding advice doesn’t necessarily equal secure coding advice

Stack Overflow is a hugely popular online forum/Q&A site that many programmers and software developers use to find answers to particular programming problems. Unfortunately, researchers recently found that a considerable portion of the information… Continue reading Popular coding advice doesn’t necessarily equal secure coding advice