Programming | What programming language should I start with?

Page 2 of 3 [ 35 posts ]  Go to page Previous  1, 2, 3  Next


Was this helpful on you programming language selection?
Poll ended at 12 Jun 2014, 7:40 pm
Yes 33%  33%  [ 1 ]
No 67%  67%  [ 2 ]
Total votes : 3

Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 46,462
Location: Over there

24 Mar 2014, 1:49 pm

Kurgan wrote:
Furthermore, since Linux doesn't care about file extensions, you can put malicious code in anything.
:lmao: Ah, the gift that just keeps on giving...

There's so much more and I'd normally suggest someone stops digging - but in your case:
[img][200:200]http://kovaya.com/img/shovel.jpg[/img]


_________________
Giraffe: a ruminant with a view.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 32
Gender: Male
Posts: 4,130
Location: Scandinavia

24 Mar 2014, 2:47 pm

What's funny is that Linux fanboys actually resort to ridicule rather than to counter any arguments. I've yet to see a fanboy give me one good reason to switch to a desktop version of Linux. Malicious code has been injected in both picture files and PDFs in Linux.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 46,462
Location: Over there

24 Mar 2014, 7:01 pm

What's funny is the assertion that OS security is related to a filename.


_________________
Giraffe: a ruminant with a view.


sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 33
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

24 Mar 2014, 7:36 pm

Kurgan wrote:
If I get your password, I can just use chown and chmod and access these binaries anyway (or I could program something with the help of GCC/G++ which would do it for me). Most NT based Windows versions have had UAC.


No, you can't.

Quote:
NTLM is no longer used (because when someone actually does manage to reverse engineer a security system by Microsoft, it's either phased out or heavily modified). The security holes in SAM were filled after Windows 2000. For comparison, if I want your root password, I just need to decrypt what's inside etc/shadow. AES is developed by professional cryptographers and is a government approved standard.


NTLM is both a hashing algorithm and an authentication mechanism. NTLM as used in authentication was phased out in favor of Kerberos for AD systems (developed at MIT for, you guessed it, unix systems) but the hash stored in SAM is still NTLM. And the NTLM hash is conveniently also used as the Kerberos encryption key. Pass-the-hash attacks are *still* possible with Windows.

You don't want to go toe-to-toe with me on AAA systems - it's a big part of my area of expertise.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 32
Gender: Male
Posts: 4,130
Location: Scandinavia

24 Mar 2014, 8:54 pm

sliqua-jcooter wrote:
No, you can't.


If you use an open source distro which you haven't modified, then I can. If you have modified it, then of course it's a whole different matter.

Quote:

NTLM is both a hashing algorithm and an authentication mechanism. NTLM as used in authentication was phased out in favor of Kerberos for AD systems (developed at MIT for, you guessed it, unix systems) but the hash stored in SAM is still NTLM. And the NTLM hash is conveniently also used as the Kerberos encryption key. Pass-the-hash attacks are *still* possible with Windows.

You don't want to go toe-to-toe with me on AAA systems - it's a big part of my area of expertise.


Attacks are possible on any system, regardless of how secure it is; if enough intruders want to break into something, at least one will succeed. The fact that reverse engineering the security systems on Windows and publishing your findings is a felony, does a lot to prevent intruders, though. NTLM is depreceated, and isn't used in any Server version of Windows anymore.



Last edited by Kurgan on 24 Mar 2014, 9:00 pm, edited 2 times in total.

Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 32
Gender: Male
Posts: 4,130
Location: Scandinavia

24 Mar 2014, 8:58 pm

Cornflake wrote:
What's funny is the assertion that OS security is related to a filename.


I didn't say that it was directly related to a filename. Since you trick someone into installing a virus on Linux the same way as you do in Windows, you can put malignant code in PDF files and images, though, and not just .EXE files and archives. For this to be possible on Windows, you need to find a security hole or an exploit in the application that will load the file.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 46,462
Location: Over there

25 Mar 2014, 8:05 am

Well, have fun telling yourself that and playing with FUD and generalities.
"since Linux doesn't care about file extensions, you can put malicious code in anything"


_________________
Giraffe: a ruminant with a view.


sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 33
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

25 Mar 2014, 3:08 pm

Kurgan wrote:
sliqua-jcooter wrote:
No, you can't.


If you use an open source distro which you haven't modified, then I can. If you have modified it, then of course it's a whole different matter.


Ever heard of SELinux? Obviously not...

Quote:
Attacks are possible on any system, regardless of how secure it is; if enough intruders want to break into something, at least one will succeed. The fact that reverse engineering the security systems on Windows and publishing your findings is a felony, does a lot to prevent intruders, though. NTLM is depreceated, and isn't used in any Server version of Windows anymore.


Rather than point out all the things that are wrong in those statements, it's going to be faster and easier for me to point out what's right. The first part of the first sentence is true. The rest is complete hogwash.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 32
Gender: Male
Posts: 4,130
Location: Scandinavia

25 Mar 2014, 4:59 pm

sliqua-jcooter wrote:
Ever heard of SELinux? Obviously not...


Most people (the vast majority of computer users, who have no use whatsoever for a system where they can add modules or alter the kernel themselves) have no idea how to configure it. It also needs to be installed separatly, and thus, isn't present in most Linux desktops. Moreover, Operation Windigo has proven that SELinux can also be attacked.

Saying that Linux is safe because you CAN install SELinux, is like saying that any car is burstproof because you can buy an immobilizer for it.

Quote:
Rather than point out all the things that are wrong in those statements, it's going to be faster and easier for me to point out what's right. The first part of the first sentence is true. The rest is complete hogwash.


Apparently, you're not familiar with the laws the prohibit the disassembly of copyrighted, proprietary software. As far as NTLM goes: http://msdn.microsoft.com/en-us/library/cc236715.aspx.



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 33
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

25 Mar 2014, 6:22 pm

Kurgan wrote:
Most people (the vast majority of computer users, who have no use whatsoever for a system where they can add modules or alter the kernel themselves) have no idea how to configure it. It also needs to be installed separatly, and thus, isn't present in most Linux desktops.


Wrong *again*. Not only does every major linux distribution include SElinux, RHEL/CentOS/Fedora turn it on *by default* with a permissive configuration, and locking it down is as simple as installing a different configuration that the distributions also provide.

But you conveniently also changed the parameters of the initial inquiry. I told you that I could give you the root credentials for my linux box, and you wouldn't be able to execute any commands or access any file. Then you started going off at the mouth about how you could. Rule number 1: You never open your mouth 'till you know what the shot is.

Quote:
Apparently, you're not familiar with the laws the prohibit the disassembly of copyrighted, proprietary software.


I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.

Quote:


Like I already tried to explain to you once, NTLM is not just an authentication protocol. It is *also* a hash. So, while the NTLM protocol is no longer used for authentication, the hashes that are stores in the account database on your computer are NTLM. The thing is, I know a little something about security systems. I know what I'm talking about, and I'm not desperately trying to google stuff to back up the blubber coming out of my mouth. This link (http://www.microsoft.com/security/sir/s ... ord_hashes) contains a nice table of the hash mechanisms in use by all Windows systems. I suggest you choke on it.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


MrOddBall
Velociraptor
Velociraptor

User avatar

Joined: 3 Feb 2014
Age: 121
Gender: Male
Posts: 426
Location: Here, there, and everywhere

25 Mar 2014, 7:54 pm

Kurgan wrote:

I'd recommend C# in favour of Java (with Xamarin, whatever you write in C# will also run well on Android and iOS). When it comes to C, I find that C++ is superior; having classes and objects really make development easier. :)

For an excellent demonstration of what JavaScript can do, check out some of the WebGL tech demos. I really like this one.


Don't forget the other options like Python and Ruby, which are easier to start off with because C or C++ might be a bit intimidating for a beginner, but Java is okay I suppose ...

The OP should check out Pygame if he has the chance :D It's python for creating games with everything you need, plus documentation on writing games :)



polarity
Veteran
Veteran

User avatar

Joined: 15 Feb 2006
Age: 42
Gender: Male
Posts: 502
Location: PEBKAC

26 Mar 2014, 4:02 am

sliqua-jcooter wrote:
I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.


The law is also affected by this little thing called jurisdiction. There are plenty of people who aren't remotely concerned about it being a felony to disassemble Windows, because they don't live in the U.S.


_________________
You aren't thinking or really existing unless you're willing to risk even your own sanity in the judgment of your existence.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 32
Gender: Male
Posts: 4,130
Location: Scandinavia

26 Mar 2014, 3:06 pm

sliqua-jcooter wrote:
Wrong *again*. Not only does every major linux distribution include SElinux, RHEL/CentOS/Fedora turn it on *by default* with a permissive configuration, and locking it down is as simple as installing a different configuration that the distributions also provide.


Fedora, CentOS and RHEL, I have no experience with. Nevertheless, they all have less than 10% of the Linux desktop share combined. It wasn't present in neither Ubuntu or Slackware back when I was using it--and thus, simply knowing the root password gave me full power of a computer. Because of this, making malware was basically a DYI activity.

Quote:
But you conveniently also changed the parameters of the initial inquiry. I told you that I could give you the root credentials for my linux box, and you wouldn't be able to execute any commands or access any file. Then you started going off at the mouth about how you could. Rule number 1: You never open your mouth 'till you know what the shot is.


Technically, with your root password, I could disable SELinux, but I don't think it's easy to make a virus or a worm that does it for you. My initial inquiry was that anyone with the root password could do pretty much anything inside Linux; implementing a keylogger is no big deal if you pass it as on as a workaround for SecuROM, a codek, an experimental driver, and so on (something you'd also have to do in Windows)--and you can also get the password by decrypting etc/shadow.

Quote:
I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.


Fair use grants you the right to disassembly it for educational purposes, not to use it yourself in open-source code, publish it on the internet, pass it on to a large group of people, sell it, etc.

Quote:
Like I already tried to explain to you once, NTLM is not just an authentication protocol. It is *also* a hash. So, while the NTLM protocol is no longer used for authentication, the hashes that are stores in the account database on your computer are NTLM. The thing is, I know a little something about security systems. I know what I'm talking about, and I'm not desperately trying to google stuff to back up the blubber coming out of my mouth. This link (http://www.microsoft.com/security/sir/s ... ord_hashes) contains a nice table of the hash mechanisms in use by all Windows systems. I suggest you choke on it.


I'm not googling stuff to back up my claims. If you know the basics of C/C++, making malware is a DYI activity. A virus is put in place the exact same way in Linux as in Windows (i.e. the admin makes a careless mistake). The problem with Linux is what a virus could potentially do; in Windows, it's limited to terminating user-space processes without my consent or encrypting files that have copies on GitHub.

The link you posted just explained how the hashes worked; it didn't show any C/C++ code on how they were implemented.



MrOddBall
Velociraptor
Velociraptor

User avatar

Joined: 3 Feb 2014
Age: 121
Gender: Male
Posts: 426
Location: Here, there, and everywhere

27 Mar 2014, 12:01 pm

*Grabs a bag of popcorn* This is entertaining :D



MolinaMegaTech
Hummingbird
Hummingbird

User avatar

Joined: 12 Mar 2014
Age: 19
Gender: Male
Posts: 18
Location: In your CPU

27 Mar 2014, 3:08 pm

I know right... They keep on going back and forth



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 33
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

27 Mar 2014, 8:25 pm

Kurgan wrote:
sliqua-jcooter wrote:
Wrong *again*. Not only does every major linux distribution include SElinux, RHEL/CentOS/Fedora turn it on *by default* with a permissive configuration, and locking it down is as simple as installing a different configuration that the distributions also provide.


Fedora, CentOS and RHEL, I have no experience with. Nevertheless, they all have less than 10% of the Linux desktop share combined.


Why are we limiting ourselves to the "desktop" market. From a security perspective, there is 0 difference between a machine that is a desktop and a machine that is a server. They're all boxes on the network running services for users. It doesn't make any difference whether the system has a GUI or not. And, if you're going to limit the discussion to desktops, take back everything you said about Windows Server.

Quote:
It wasn't present in neither Ubuntu or Slackware back when I was using it--and thus, simply knowing the root password gave me full power of a computer. Because of this, making malware was basically a DYI activity.


In other words, you don't know enough about Linux security to comment about it. Got it.

Quote:
Technically, with your root password, I could disable SELinux, but I don't think it's easy to make a virus or a worm that does it for you.
1) No, you can't - unless you have physical access or remote KVM. 2) You could say the exact same thing about UAC. 3) If you have physical access to a system, you have total access. Period.

Quote:
The problem with Linux is what a virus could potentially do; in Windows, it's limited to terminating user-space processes without my consent or encrypting files that have copies on GitHub.


The entirety of the user's computing experience is in the user land - so this is an entirely moot point. The only thing kernel access gets you is the ability to read whatever is in memory from whatever application. Not useful in the vast majority of cases.

Quote:
The link you posted just explained how the hashes worked; it didn't show any C/C++ code on how they were implemented.


Right, because it's not like you can't do a google search for "NTLM hash generator" and see if anyone has been able to write software to generate NTLM hashes. Oh, wait... http://lmgtfy.com/?q=NTLM+hash+generator

Hey, on the first page there's even a project that does *exactly* that. C/C++ code that implements the NTLM hash mechanism: http://www.codeproject.com/Articles/328 ... -Generator


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.