This both real and a decent metaphor, so it is time for me to re-tell a story.
-
This both real and a decent metaphor, so it is time for me to re-tell a story.
Ever heard of The Ping Of Death?
There was a couple of years there - years, hand to god - where you could throw a single malformed or too-large packet across the network at any IP you could see, and if you malformed it just right for its OS, you could crash the machine. You could kill a Windows machine with one line in cmd.exe.
It was bad, but almost nobody knows how bad.
https://mastodon.social/@Natasha_Jay@tech.lgbt/115719291112552201
-
This both real and a decent metaphor, so it is time for me to re-tell a story.
Ever heard of The Ping Of Death?
There was a couple of years there - years, hand to god - where you could throw a single malformed or too-large packet across the network at any IP you could see, and if you malformed it just right for its OS, you could crash the machine. You could kill a Windows machine with one line in cmd.exe.
It was bad, but almost nobody knows how bad.
https://mastodon.social/@Natasha_Jay@tech.lgbt/115719291112552201
Because the Ping Of Death was an RCE. If you sent _just the right_ kind of malformed or too large packet - and you cleaned up after yourself - you suddenly had a system where you could basically ask any computer you could see to do whatever you wanted, and it would do that for you and then quietly go on its way.
I was temping for Global Affairs Canada in the late 90s, then called DFAIT; I got to hang with some old-school-then, semi-retired CSIS sigint guys.
They thought the internet was great.
-
Because the Ping Of Death was an RCE. If you sent _just the right_ kind of malformed or too large packet - and you cleaned up after yourself - you suddenly had a system where you could basically ask any computer you could see to do whatever you wanted, and it would do that for you and then quietly go on its way.
I was temping for Global Affairs Canada in the late 90s, then called DFAIT; I got to hang with some old-school-then, semi-retired CSIS sigint guys.
They thought the internet was great.
I'm sure the situation has improved - I don't think winsock.dll or Wolverine have ever had a proper pentest teardown, even for historical amusement's sake - but I have to assume, given that we live in a world where there are no specialized chips anymore, and everything from the boutique brand-namiest NICs to the dodgiest junk you'd find in a Shenzhenese dumpster is a general-purpose CPU running some tiny OS of questinably determinate provenance, that... well, you have to wonder.
-
I'm sure the situation has improved - I don't think winsock.dll or Wolverine have ever had a proper pentest teardown, even for historical amusement's sake - but I have to assume, given that we live in a world where there are no specialized chips anymore, and everything from the boutique brand-namiest NICs to the dodgiest junk you'd find in a Shenzhenese dumpster is a general-purpose CPU running some tiny OS of questinably determinate provenance, that... well, you have to wonder.
Because you don't have a "network interface card", you have an ARM cpu, maybe even a whole-ass ARM SOC, handling ethernet frames on one side and talking PCI on the other.
You don't even have SD cards, because "memory cards" don't exist. That terabyte of storage the size of your thumbnail you bought? That's an ARM CPU managing the wear levels on its crap-ass flash backing storage while pretending to be a hard drive on the other side.
You don't know how many computers are in your computer.
-
Because you don't have a "network interface card", you have an ARM cpu, maybe even a whole-ass ARM SOC, handling ethernet frames on one side and talking PCI on the other.
You don't even have SD cards, because "memory cards" don't exist. That terabyte of storage the size of your thumbnail you bought? That's an ARM CPU managing the wear levels on its crap-ass flash backing storage while pretending to be a hard drive on the other side.
You don't know how many computers are in your computer.
(This is not to be a doomsayer, it's always an arms race. But for every NPM worm out there, I often wonder what's happening, quietly, that we can barely see because we don't know where to look. Sometimes I wonder if the Museum Of Malformed Packets - hi, @lcamtuf, much respect - shuttered before we recognized that it shouldn't have been a museum, it should have been a social network.)
-
(This is not to be a doomsayer, it's always an arms race. But for every NPM worm out there, I often wonder what's happening, quietly, that we can barely see because we don't know where to look. Sometimes I wonder if the Museum Of Malformed Packets - hi, @lcamtuf, much respect - shuttered before we recognized that it shouldn't have been a museum, it should have been a social network.)
As an aside: I sometimes wonder how much of modern computing efforts are spent making computers pretend they're something they are manifestly not.
CPUs pretending to be single-thread-single-core devices, so programmers build elaborate dispatch multiplexers on top of them, OSes aping PDP11s for their guest code,. SOCs pretending to be hard drives, etc etc.
There's this wild live-action plato's cave metaphor-psychodrama going on in all of our machines all the time and ... nobody knows that.
-
As an aside: I sometimes wonder how much of modern computing efforts are spent making computers pretend they're something they are manifestly not.
CPUs pretending to be single-thread-single-core devices, so programmers build elaborate dispatch multiplexers on top of them, OSes aping PDP11s for their guest code,. SOCs pretending to be hard drives, etc etc.
There's this wild live-action plato's cave metaphor-psychodrama going on in all of our machines all the time and ... nobody knows that.
@mhoye the whole of floating point is pretending we have real numbers rather than integers
but then again, the whole of a computer is pretending we have a discrete device made from entirely analogue parts
-
@mhoye the whole of floating point is pretending we have real numbers rather than integers
but then again, the whole of a computer is pretending we have a discrete device made from entirely analogue parts
@tef It's kind of amazing that if you're designing a circuit to handle floating point arithmetic with a computer that we start with analog, and we make it pretend to be digital and then we make the digital pretend to be analog again, and then we use that analog to pretend to make something digital and test it by seeing if can handle analog again.
p.s. i am not a crank
-
@tef It's kind of amazing that if you're designing a circuit to handle floating point arithmetic with a computer that we start with analog, and we make it pretend to be digital and then we make the digital pretend to be analog again, and then we use that analog to pretend to make something digital and test it by seeing if can handle analog again.
p.s. i am not a crank
@mhoye yeah the last time i tried saying these words i sounded like i was very high
-
@mhoye yeah the last time i tried saying these words i sounded like i was very high
@mhoye a friend pointed out to me how cross domain clocks work and how we basically convert things into digital with two flip flops and probablistically it's pretty good
and apart from a general sense of respect for the difficulty of rad hardening a computer, i came away with a new sense of underlying terror
a feeling i normally get from talking to someone who pentests scada systems for a living
-
J jaddy@friend.enby-box.de shared this topic
