back to article Idle Computer Science skills are the Devil's playthings

Ah, the sweet, sweet smell of Monday. What better way to start your week than combining it with the latest confession of wrongdoing from The Register readership in the form of our weekly Who, Me? column. Today's blast from the past comes from a somewhat unrepentant reader we shall refer to as "Charles". Take yourself back to …

Page:

      1. Ken Hagan Gold badge

        Re: Minor note

        The "rule" usually cited in this context is that quotes gravitate to the more distinguished culprit. How sad for poor old LBJ. :)

        1. Bill Gray

          Re: Minor note

          The "rule" usually cited in this context is that quotes gravitate to the more distinguished culprit.

          If you really want people to take your comment seriously, tell them Winston Churchill said it first.

          -- Benjamin Franklin

          How sad for poor old LBJ. :)

          I'd prefer to think "good on ol' Sir Pterry; he's risen to the ranks of quotation magnets" (among whom Churchill, Franklin, Mark Twain, and Oscar Wilde are prominent), but I do see your point.

    1. big_D Silver badge

      Re: Hire immediately

      I agree totally.

      And I've also managed to bring a few mainframes and minis to their knees over the years.

      The classic, related here before, was on a DEC VMS Admin course in Reading. I was bored, the course was covering stuff I already knew, so, for a laugh, I did show users and started logging people off our VAX (each course had their own VAX). It worked fine, so I knocked up a quick bit of DCL that exported the user list to a file and went through the file and logged everybody but big_D off...

      Worked a treat. So I went one step further, I turned it into a self-submitting batch file. Submitted it and sat back and relaxed and looked around at frustrated faces as people kept getting logged off...

      Only I then made the fatal mistake of logging off myself. That was when I found the fatal flaw in my logic. During the login process, you don't have a username, but you do appear in the "show users" list as <login> and a process ID. ZAP! The login process just wasn't quick enough to get me from <login> to big_D before the batch job had killed my process.

      Luckily the instructor saw the funny side, even when he couldn't log onto the console in the computer room. In the end, we had to do a hard reset.

    2. cream wobbly

      Re: Hire immediately

      I cannot think of a single more fitting, nor more horrifying punishment.

  1. Shadow Systems Silver badge

    Oops.bat.

    :Loop; type Alt+256>a.txt; type Alt+256>b.txt; Type a.txt>b.txt; type b.txt>a.txt; goto loop.

    The faster the CPU, the more RAM it has to play with, & the larger the drives it starts on, the greater the "fun" that results.

    You'll need a boot CD/USB device handy so you can delete the two text files to regain control over your computer.

    Kiss all the free CPU cycles & drive space goodbye.

    The fun you can have when someone challenges you to crash their system without triggering the anti virus routines.

    *Ominous maniacal laughter*

    1. Pascal Monett Silver badge

      Re: Oops.bat.

      Test in Windows command prompt :

      Type a>a.txt <ctrl>

      The system cannot find the file specified.

      So, unless you've already created file a.txt and b.txt, your script is going to fail to do much more than use CPU cycles and fill the command prompt buffer.

      And, as soon as you kill the window, the problem is gone.

      1. Shadow Systems Silver badge

        Re: Oops.bat.

        Do you *really* think I'd post actual code that could be copied & pasted into a CLI that would run?

        I just wanted to get the concept across. Those that want to make it function will know how, those that don't will either RTFM to learn or will get nowhere.

        Sorry for the confusion.

    2. Anonymous Coward Silver badge
      Devil

      Re: Oops.bat.

      It would be far more effective if the first two 'type's were 'echo's.

      Of course the second one could be removed if you wanted to reduce your typing.

      It was also be more effective if the redirects were '>>' and therefore appending rather than overwriting.

    3. Doctor Syntax Silver badge

      Re: Oops.bat.

      The Unix equivalent is

      cat a >> a

      where a is a non-empty file. Or at least it used to be - maybe the cat's been neutered but for some reason I haven't checked for a good while. Handy for overwriting disks before returning a rented box.

      1. Waseem Alkurdi Silver badge

        Re: Oops.bat.

        root@waseem:~# cat a >> a

        cat: a: input file is output file

        I'd do this when overwriting disks though:

        root@waseem:~# dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress*

        __________

        * only with newer versions of GNU coreutils

        1. GrumpenKraut Silver badge

          Re: Oops.bat.

          if=/dev/urandom looks a bit paranoid to me. If if=/dev/zero does not cut it, you'll want to destroy the disk anyway.

          1. whitepines Silver badge
            Boffin

            Re: Oops.bat.

            In the days of spinning rust, perhaps. In the days of solid state storage, urandom is a good compromise between tricking the disk write routines (i.e. ensuring blocks are erased instead of marked for garbage collection) and having to constantly buy and dispose of destroyed media.

            If anything's going to cross security domains, physical destruction is important of course. If it's just being wiped for reuse at the same security level, and the recipient isn't authorized to access the stored data, urandom does a pretty good job of wiping things out.

            1. GrumpenKraut Silver badge
              Pint

              Re: Oops.bat.

              > In the days of solid state storage, ...

              Today I learned something form the el Reg comments... again! Thanks.

  2. Andrew Norton

    Friend did something similar

    He worked for a government lab while also getting his PHD in particle physics, and during some downtime created some code which generated a recursive zip file, and not just a straight one directory, recursion etc. no it had 4 directors at the top level, which looped back at various points after various other named directories. He then wanted to run the code through his code analyser at work at the government lab, where his major coding tools were (he worked on a major project involving creating software for new research models) so, as you do, he emailed it to his work address (because they don't like taking media and plugging it in, that way lies espionage, and virii and such.

    And now you've probably guessed what happened....

    1. whitepines Silver badge
      Paris Hilton

      Re: Friend did something similar

      While I can guess, I'm still trying to figure out what kind of idiot firewall / scanner compiles code it comes across and runs it. Or was there something left out about sending a few samples of the output along with the code?

    2. Loyal Commenter Silver badge

      Re: Friend did something similar

      So I'm assuming here that he sent a sample of the recursive zip file to his email address and the virus scanner picked it up and...

      What happens next is the interesting bit. Any competent virus scanner would (hopefully) be able to detect a malformed zip file and not try and parse it for eternity, and then remove it from the email. I'm guessing this is not what happened, which strongly implies that the bit of software designed to explicitly look for malicious code is pretty poor at finding it.

      The severity of the result is going to depend on whether this is a single instance 'scanning' all email, or a separate thread for each email, and whether it has been designed with any sensible timeout. On balance, I think I'd probably design such a thing to use a thread pool, and scan each email on an idle thread, queueing them up if the thread limit is exceeded, and putting a sensible timeout on the processing (maybe 60 seconds which should be more than ample for most cases), with the timeout configurable. There may still be some other attack vectors to cause a denial of service, for instance flooding with multiple malformed messages, so perhaps limit the processing to one message per sender simultaneously. That's not going to deal with multiple malicious emails fro multiple senders, but that's the sort of thing that's getting into DoS prevention/mitigation territory and it has its own solutions.

      1. Dr Dan Holdsworth
        FAIL

        Re: Friend did something similar

        There used to be quite a few virus scanners that would try to open any zip file they came across. Cat /dev/zero | gzip > nasty.zip was a quick way to create the magic expanding zip file, which when the simple-minded virus scanner found it would crash the system after eating all of its memory.

        In a similar sort of theme, the senior staff of a certain Yorkshire university discovered that they had a problem with pornography being emailed around the place, and insisted upon punishment for anyone receiving such filth by email.

        Inside of oh, about five minutes, the entirety of the senior faculty were magically receiving both barrels of "rule 34" pornography; indescribable stuff that presumably someone somewhere likes, but which otherwise triggers gag and vomit reflexes whilst at the same time violating anti-porn rules in quite a staggering number of ways.

        The rule was rescinded remarkably quickly, with quite a few senior academics forswearing off computers for life.

        1. Loyal Commenter Silver badge

          Re: Friend did something similar

          At one place where I used to work, I can remember someone being hauled over the coals for receiving a dodgy email of some description. In true Kafka-esque style, TPTB would neither tell the individual involved who had sent it, nor what it contained, but were determined to punish him for it anyway.

          Needless to say, that particular company no longer trades.

      2. Vincent Ballard

        Re: Friend did something similar

        When you say that a competent virus scanner should be able to detect a malformed zip file, I think you may be missing the point. I understood the zip file to be well formed. It's certainly possible to make a zip quine, and although I've never personally seen it done it should in principle be "straightforward" to extend the technique to a valid zip file which contains multiple copies of itself with different names.

        1. Michael Wojcik Silver badge

          Re: Friend did something similar

          Yes. There are various sorts of well-formed pathological zip files (and similarly for other archive formats), well-documented in forums such as BUGTRAQ and VULN-DEV. The topic may have come up in an article in PoC||GTFO, too; I have a vague memory of that.

          Anyway, this is why modern malware scanners generally have configurable limits on directory depth, expansion factor, and nesting for archives and other compound file formats. If a limit is reached, the scanner treats the file as malicious.

          Of course this is an arms war, with attackers finding new looping constructs the scanner developers forgot to limit, creating polyglot files that scanners interpret incorrectly (or at least not in the way that end users interpret them), and so forth.

          1. jake Silver badge

            Re: Friend did something similar

            Pathological archive files was a common concept on RISKS Digest, starting in the mid '80s.

    3. JulieM Silver badge

      Virii

      What is a virius?

      1. Anonymous Coward
        Trollface

        Re: Virii

        He's the chap you employ for being virile. Shall I send you my application?

  3. Giovani Tapini Silver badge

    Error in PseudoScript at line: 3

    Error - Label "start" not defined...

    Script Terminated

    Pseudo>_

    1. Giovani Tapini Silver badge
      Trollface

      Re: Error in PseudoScript at line: 3

      Those thumbs down ... did I forget to indent or capitalise properly, or just because I omitted the joke icon? maybe each line should be terminated with a ;

      as this was El, Reg's own script language does that mean I have to commit Regicide?

  4. Andy Taylor

    BTDT...

    Myself and a fellow student once filled a system by writing scripts that fired emails back and forth to one another. Swapping the serial connectors conveniently placed in the corner of the terminal room was another favourite pastime.

    1. jake Silver badge
      Pint

      Re: BTDT...

      People like you are the reason that today's proper MTAs detect and quash mail loops. Thank you! Beer?

      1. Anonymous Coward
        Anonymous Coward

        Re: BTDT...

        I think you'll find that executives forwarding their home email to their work email while simultaneously forwarding their work email to their home email "so I don't miss anything important" had a lot to do with loop prevention.

        1. Korev Silver badge

          Re: BTDT...

          Not to mention the "Please remove my email from the mailing list" storms

          1. Anonymous Coward
            Anonymous Coward

            Re: BTDT...

            Please remove my email from this mailing list

            1. jake Silver badge

              Re: BTDT...

              ME TOO!!!!!!1!1!!!

  5. Anonymous Coward
    Anonymous Coward

    "including a small program emulating a login screen, that dumped the entered username and password in a file."

    I did exactly the same with old novell dos logon. Whilst they taught you useful things in C or Pascal class , they never seemed to bother with the finishing touches - like compiling and packaging your program. So i had to leave my my malware running in the IDE thingy.

    Got found out too, Still got the written warning . very proud of it .

  6. jake Silver badge

    Back in the day ...

    ... such shenanigans were considered part of the coursework, if unofficially.

    These days, it'll get you expelled and put on a terrorism watch list.

    Back in the day, the computer revolution happened. These days, companies like Apple patent paper bags and rounded corners, and charge $999 for simple, nondescript monitor stands. Coincidence? You decide.

    1. Waseem Alkurdi Silver badge

      Re: Back in the day ...

      and charge $999 for simple, nondescript monitor stands.

      <sad Apple geek>

      How dare you call it simple and nondescript! Shhh, she's going to hear you!

      </sad Apple geek>

      Anyhow, I really wonder as to why did people give a hoot about this. It's basic capitalism. Sheep willing to pay, and a company willing to sell to the flock. Supposed customers of "Pro" products are willing to splurge $6K - $15K on a display, ahem, reference display, so why not sell a $1K stand if there are customers willing to pay?

      1. Prst. V.Jeltz Silver badge
        Unhappy

        Re: Back in the day ...

        customers willing to piss away tax payers money that should be being spent on nurses , medicine & bandages etc , not lining your office with all the finery you can waste money on just because you think as the head of finance you deserve more expensive equipment than anyone else

      2. jake Silver badge

        Re: Back in the day ...

        There is nothing wrong with turning a profit, Waseem. However, turning an obscene profit is, well, obscene. Separating actual fools from their money is unethical.

        1. Waseem Alkurdi Silver badge
          Thumb Up

          Re: Back in the day ...

          Exactly!

          One point though:

          Separating actual fools from their money is unethical.

          Correct, but crooks have been separating fools from their money since forever. This is nothing, erm, "newsworthy". Or have people believed up until that point that Apple was a charity (or an honest garage-run neighborhood sale), not a big, fat megacorp?

    2. Cederic Silver badge

      Re: Back in the day ...

      No. Back in the day spotting how to do that was almost required, doing it by accident forgiven, finding out how to subvert the system to do it when you shouldn't rewarded with beer and actually doing it on purpose cause for a severe spanking.

      But I went to a university whose admin understood undergrads.

  7. Waseem Alkurdi Silver badge

    Today,

    he'd be called a script kiddie, and punished accordingly. Which he deserves, from an ethical point of view.

    That aside, if I were to be responsible for hiring for any organization which does "serious" work (i.e. security contractor, banking firm, TLA), I definitely won't hire him. Though he's a "deviant soul", thinking out of the box, and creative (mischievously so), this non-conformity could be a curse as well as a blessing.

    1. Ragarath

      Re: Today,

      Script Kiddie? I think not. He actually wrote the script / code.

      Script kiddies just download scripts others have written and run them, hence the name.

  8. Anonymous Coward
    Anonymous Coward

    For even more fun: After recursively creating directories with single character names, when you get to the maximum depth, rename each one to the maximum filename length on the way back up.

    1. Anonymous Coward Silver badge
      Holmes

      Back in the day, you wrote Internet Explorer's Temporary Internet File storage routines, didn't you?

      1. Sir Runcible Spoon Silver badge
        Thumb Up

        Thank you for a proper lol

      2. Jou (Mxyzptlk) Bronze badge

        Back in the day it was good that FAT32 still had the additional 8.3 filename, letting rd /s /q doing its job without much hassle.

    2. Killfalcon Silver badge

      If you ever find yourself having to unpick such a thing in Windows - 7Zip's file explorer will let you rename files that Windows won't.

      You can usually also do tricks with drive mapping to make windows think the filepath is shorter, but that won't work if every individual folder name is already at the limit.

    3. Jou (Mxyzptlk) Bronze badge

      Oh, that is old. With an easy fix.

      md empty

      robocopy empty directory-to-kill /s /e /r:0 /w:0 /purge

      rd empty

      This method even gets the link-looped directories, for example, in the user profile.

      If you want to make it better set obscure rights after creation, and remove all inheritance ;). Easy to solve for those with enough experience, but hard for those who never had to struggle such weirdness before.

      1. Robert Baker
        Gimp

        Easy Fix

        Ah, ROBOCOPY — the future of file-system enforcement! ;-)

        1. Inspector71

          Re: Easy Fix

          Attention all symlinks.....dead or alive, you are coming with me.

  9. JimPoak

    Run for it!

    I have in the past whitest a finished program chewing up the inodes and so disabling disk access.

    Please note I cannot take credit for this and I will take the fifth amendment.

    Recursive algorithms the preferred method of killing a computer.

    1. John 110
      Coat

      Re: Run for it!

      I thought the preferred method of killing a computer was the old "The next statement I make is a lie..." schtick

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020