Twisting timing in your favour
- Type
- Video
- Tags
- vulnerability
- Authors
- Lisa Thalheim
- Event
- Chaos Communication Camp 2007
- Indexed on
- Mar 27, 2013
- URL
- http://dewy.fem.tu-ilmenau.de/CCC/CCCamp07/video/m4v/cccamp07-en-1996-Twisting_timing_in_your_favour.m4v
- File name
- cccamp07-en-1996-Twisting_timing_in_your_favour.m4v
- File size
- 100.4 MB
- MD5
- 8d387992c839f6e3bb4ff9f91e900638
- SHA1
- b053b5c7f2405693e3b1c663cfd5d753f6a78871
This lecture wants to make the audience a bit more familiar with a species of bugs that is not yet as boring and overfished as your vanilla buffer overflow: concurrency issues. Bring your debugger and some rubber gloves, because when investigating these beasts, you will need them. Concurrency of operation can be found in most larger software systems; think multi-threading, think UNIX signals, think asynchronous I/O operations, to give just a few hints. However, since concurrency always adds complexity in non-obvious ways, there are all kinds of things that it can make go wrong. Usually, this boils down to the violation of assumptions the system's developers have made - and violated assumptions have always been a hacker's best friend. After a brief introduction to what concurrency issues actually are, this presentation will show how to approach finding and exploiting these issues in software systems and highlight some of the challenges the nosy hacker faces in doing so. The presented material will be supported by examples from real-world software.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
