Smashing the Stack
Tue, Mar 19
We already know from earlier lectures about the underground hacking scene's pivot to Internet-related matters in the 1990s. In today's lecture we'll do a deeper dive into the Unix operating system and its associated vulnerabilities in the dotcom era of the Internet. This will help us better understand the state of technology at that time, along with the figures and associated tools that would help create the computer security industry as the 1990s turned into the 2000s. By uncovering serious vulnerabilities in critical infrastructure, hackers ultimately helped the Internet to become more secure and more useable over time. We have two learning goals for today. By the end of our lecture class, you will:
- Gain a basic understanding of the major strategies used by hackers to break into Unix systems in the 1990s and early 2000s.
- Appreciate the social history behind major Unix vulnerabilities.
The digital artifact for today is the Buffer Overflow Exploit.
The slides for today's lecture are available here.
Read This:
Hackers in the early 1990s would have been familiar with the basics of the use of the Unix operating, which before Linux was typically found only in corporate and government environments, through textfiles authored by groups such as the Legion of Doom who were interested in sharing technical knowledge. One such example was authored by The Prophet.
Elias Levy (a.k.a. Aleph One) penned the most famous guide to writing buffer overflow exploits in Issue 49 of Phrack Magazine (1996): Smashing the Stack for Fun and Profit.
Playing defense, Bell Labs researcher Bill Cheswick studied a hacker in the wild using an early honeypot system, designed to lure hackers into a contained environment where there activities and tools could be monitored. He authored the classic Unix security text "An Evening with Berferd" in 1992.
Do This:
Writing Reflection 04
See the instructions posted on the assignment's page.
This writing reflection is due on 3/26 at 5pm.
Once you have completed the readings, fill out the following quiz. It is based on both the readings for this week's classes. If you can't see it, try this direct link.