The best defense is a good offense. Security experts are expected to not only know how to keep your computers safe, but how a computer could be unsafe. It’s really the only way to keep up with vulnerabilities and threats. Here are three tools that can be used to break into your computer.
A fuzzer is a kind of program that seeks to crash another program based on inputs. Think of it in terms of a sweater: it starts smooth, but as time goes on it becomes fuzzier. Fuzzers have legitimate uses, too: like many other tools that hackers use, security auditors can use them to discover vulnerabilities and issue patches accordingly. There’s a very technical blog article which talks about using fuzzers to create images from scratch. For fun, here’s an animation that shows a fuzzer trying to generate its own logo.
If you’re doing good security, then your passwords are stored in an encrypted format. That means that the way it is stored is not the same as how you type it in. So, in order to retrieve passwords, having the secure versions of them isn’t good enough. A rainbow table is a very large file, containing hundreds of thousands of potential passwords. They are text files, but they are a thousand times larger than a regular document, unless your document is somehow longer than the Affordable Care Act and the Dodd-Frank Law put together. Using a rainbow table takes a while, but it is easy. Just a simple script – a list of computer instructions that are run – and you can compare the useless, encrypted password with hundreds of thousands, or potentially millions, of potential matches. If you have a ton of passwords, like if you’ve made off with someone’s user database, you’ll probably have some number of hits.
If you are concerned that your password has been leaked, I invite you to check out this tool, which compiles publicly-leaked information and tells you if your email address or user name is in it. My email address is out there, as a result of leaks from Adobe, Yahoo, and a video game forum.
This is a pretty common vector. Basically, computers have limited amount of memory – who hasn’t experienced a total freeze because a program decided it wanted ALL the memory available? This is just a bit more insidious. Because computers have limited memory, when a program is run it is given a certain amount of memory. A buffer overflow occurs when memory outside of its pool is accessed. Normally, the operating system will assign it more memory when it’s running low, but it is possible to skip over that process and see what’s next. Say you start your web browser, like Firefox. Earlier, you started up a compromised program that is vulnerable to buffer overflows. While that program is chugging along, someone initiates the overflow, and suddenly that program is accessing Firefox’s assigned memory! In effect, this is an attack that breaks a common expectation, that a program only does its own thing and doesn’t interfere.
Buffer overflows are solved all the time – we can manage your updates with our Premium tier of remote management software. $5 a month and you don’t have to worry about out-of-date software breaking your computer.