Jump to content

Talk:Exploit (computer security)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by H2g2bob (talk | contribs) at 20:21, 19 October 2008 (wpp). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconComputing: Security Stub‑class
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing
StubThis article has been rated as Stub-class on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computer security (assessed as High-importance).
Things you can help WikiProject Computer security with:
Article alerts are available, updated by AAlertBot. More information...
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.

An exploit may or may not 'extend privileges'. It could cicumvent access control, or entend it to provide or extends access to a feature _or_ allows a feature to be used in a manner not intended by the softwares developers.

there are always such misfeatures, bugs, holes, whatever you wanna call 'em. It's best not to distinguish but imagine software itself as swiss cheese that one grabs onto by fumbling fingers in the dark, some of which give access to the center and let you grab the whole cheese, take it out of the dark, adn eat it.

This is supposed to be an encyclopedia, its whole premises is centered on completeness and accuracy.

This is not computer science

The term "exploit" as defined here is not a computer science term. It is a term from computer security operations. I propose that this article be moved to Exploit (computer security). Any objections? --FOo 14:29, 18 Aug 2004 (UTC)

Well, nobody objected in a few months, so moved it is. --FOo 04:24, 4 Feb 2005 (UTC)

Numerious problems

I really feel that this article could be brought up to the level of wikipedia's other computer related articles, but as I am not a hacker or person skilled in computer security, I do not feel comfortable attempting to do this myself. A number of problems that concerned me about this article follow. I have restrained myself to improving the initial definition to be a bit more broad and complete.

The first problem is the distinction between a remote and local exploit. While these are terms that should be discussed, as they are in common usage, not all exploits will fall into one of these two catagories and is therefore not a universal classification.

I feel that a more general description of an exploit should include that an exploit is something that "exploits" a programming bug, setup bug, or abuses a feature. Does anyone have any comments on this? Immediately talking about common types of exploits misses that these are all types of bugs, and that exploit finding is really a subset of bug finding.

It's pedantic of me to point this out, but the term super-user is unix/linux/bsd/*nix specific. Going back to my broader definition, I would like to use a hypothetical example. Many (all?) elevators in the United States have telephones in them for communication with the elevator's users durring an emergency. An unintended or incidental behavor exists however, in that in some elevators it is possible, given the correct phone number, to call the phone inside the elevator and listen to people inside. I would consider this an unintended use of an elevator feature, and therefore an exploit. This does not include getting extra access to a computer, any of the vulnerablity types mentioned, and appears to be outside the current stated scope of the article. Would this be considered an exploit?

I really think that this article could be brought up to the level of one of wikipedia's computer science articles, include broad examples, and include a holistic aproach to viewing exploits as a subset of bug finding.

Lastly, return to libc is not an attack, it is a technique used when control of a return address on the stack has been obtained. Please correct me if I am wrong about this.

-- Unfortunetly not anonymous user, November 7, 2006

Comments on numerous problems

The typical problem with any computer/information security discussion on wikipedia is nobody agrees on (and fewer people have a correct understanding of the nomenclature). This article confuses exploits, vulnerabilities and threats. I'd suggest dropping all the unsourced statements and start again. —Preceding unsigned comment added by 142.46.212.114 (talk) 19:55, 23 October 2007 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Exploit_(computer_security)&oldid=246353295"