A Little Cyber Puzzle …
A Little Cyber Puzzle …
We were interviewing a while back for a research post, and I asked the candidate — as a starting point for a deeper question — about the number of bytes that are typical used to store an integer on a computer. “Is it one?”, “Nope”, I said. “Is is none?”, “Definitely, not”, I said. “Well, I don’t know”.
To me, the core understanding of cybersecurity should start at the lowest level, and work up. If you don’t understand how data is actually stored and processed … with little-endians and big-endians, and in bits and bytes— then it’s equivalent to a bridge engineer not knowing about how the bolts holding a bridge together will actually work, or a medical doctor not knowing about how blood vessels work.
Our syllabus for cybersecurity should thus make sure there is a strong foundation in the understanding of how computers actually work, and how we convert bits into different representations and formats, and then operate on them. A core skill for all must be the strong understanding of machine level activity, and in bit-wise operations. But, for some reasons, the core skills in bit twiddling and the understanding how data is actually processed and stored is a little lacking in places.
So, here is a little problem for you. In this code, we allocate in blocks of 64KB, and restrict the program to twenty 64KB blocks. But an intruder can easily exploit this code with a simple operation:
Can you work out the vulnerability?