944,212 Members | Top Members by Rank

Community Center > IT Professionals' Lounge > Checking vulnerabilities without access to the source code?
Ad:
Permalink
Nov 30th, 2006
0

Checking vulnerabilities without access to the source code?

Expand Post »
hi,

we often hear that a certain software product has security holes as claimed by research firms/ hackers and security solutions vendors. i just came across one article as follows,
about sql server and oracle rdbms.

http://www.theinquirer.net/default.aspx?article=36000

as far as i understand, in order to know in what sense a software is having a security issue/hole/vulnerability, one needs to have access to the source code of the product in question. but many a time it looks like that source code is not made available to these companies/hackers etc and still they report the problems. how does this work? thanks.
Similar Threads
Reputation Points: 15
Solved Threads: 0
Junior Poster
tech291083 is offline Offline
181 posts
since Oct 2006
Permalink
Feb 28th, 2007
0

Re: Checking vulnerabilities without access to the source code?

It is not required, you can learn a lot from windows internals books,oracle handbook, you already have some opensource like postgresql/linux to play with and list down what all are the main bugs, try to attack a simmilar database/os using the knowledge you have gained
Reputation Points: 769
Solved Threads: 128
Banned
ithelp is offline Offline
1,910 posts
since May 2006
Permalink
Mar 1st, 2007
0

Re: Checking vulnerabilities without access to the source code?

Click to Expand / Collapse  Quote originally posted by ithelp ...
It is not required, you can learn a lot from windows internals books,oracle handbook, you already have some opensource like postgresql/linux to play with and list down what all are the main bugs, try to attack a simmilar database/os using the knowledge you have gained
Brilliant, cheers mate. Appreciated.
Reputation Points: 15
Solved Threads: 0
Junior Poster
tech291083 is offline Offline
181 posts
since Oct 2006
Permalink
Apr 6th, 2007
0

Re: Checking vulnerabilities without access to the source code?

Part of the problem Microsoft has, is that programmers are not fools. Back in the 80's M$ stole software sure that they had enough lawyers to keep a programmer in court forever. SO- programmers began inserting "back doors" into their code, strings of assy bytes, that if called could call external subroutines you know as viruses.

So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Day Brown is offline Offline
23 posts
since Nov 2006
Permalink
Sep 21st, 2007
0

Re: Checking vulnerabilities without access to the source code?

Click to Expand / Collapse  Quote originally posted by Day Brown ...
Part of the problem Microsoft has, is that programmers are not fools. Back in the 80's M$ stole software sure that they had enough lawyers to keep a programmer in court forever. SO- programmers began inserting "back doors" into their code, strings of assy bytes, that if called could call external subroutines you know as viruses.

So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.
Reputation Points: 22
Solved Threads: 1
Light Poster
matale is offline Offline
38 posts
since May 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in IT Professionals' Lounge Forum Timeline: dual boot
Next Thread in IT Professionals' Lounge Forum Timeline: I appear to have built a blog





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC