From Missingno to Heartbleed: Buffer Exploits and Buffer Overflows
Ғылым және технология
Buffer exploits are one of the basic bugs of computer science. They're responsible for glitches in games, for all sorts of viruses and exploits, and any number of technical disasters. Here's the basics of how they work, and a non-technical breakdown of Heartbleed, this week's rather startling attack.
Пікірлер: 859
That smile... I think Tom put it there.
@luarn9176
6 жыл бұрын
Exactly what I thought
@ErikDaGreat
5 жыл бұрын
that smile was very creepy
@sugarrhodestheunitedstateo7777
4 жыл бұрын
SparkySywer It’s a little late to worry about that. Just smile & wave. 🤪 lulz indeed!
@aki_ingason3376
4 жыл бұрын
What smile
@yas8560
4 жыл бұрын
No it’s Robin Seggelman
“If debugging is the process of removing bugs, then programming must be the process of putting them in.” - Edsger Dijkstra
"the technical folks are going to be cringing" network engineer here, this is actually an excellent explanation. well done tom
@mallorystrom7511
2 жыл бұрын
this is so wholesome! 1000% smiles over here
@Unbreakify
5 ай бұрын
agreed@@mallorystrom7511
You know you should worry about your computer when someone in a KZread video fakes a low frame rate and you don't even notice it...
@glichking6812
3 жыл бұрын
...what?
@ananttiwari1337
3 жыл бұрын
@@glichking6812 what do you mean? Mckenna was trying to say that their computer is so bad that they felt that the low frame rates were normal and thus, didn't notice it.
@thaias9654
2 жыл бұрын
Same but with my phone
your blue screen didn't fool me, I know mine look different in windows 10 because i've gotten two in the last 12 hours. ohgodsendhelp
@AbbeyB77
7 жыл бұрын
Run a hard backup of all your files now, because my old computer did that right before the CPU died a terrible death
@AbbeyB77
7 жыл бұрын
No, a CPU doesn't need backups but you can never be too careful that your hard drive might be what goes
@AbbeyB77
7 жыл бұрын
I'm not saying their CPU is dying, I'm saying that multiple blue screens of death is a sign of impending disaster, because that's what mine did
@CrizeR6772
7 жыл бұрын
actually, the last time the BSoD looked like this is Windows 98
@blockbros9299
7 жыл бұрын
Oskar Martin try buying windows 7, it's only like $20
THAT SMILE IT MUST HAVE BEEN TOM
@realcartoongirl
4 жыл бұрын
is him
@iriscandy6377
4 жыл бұрын
What
@chandler1086
2 жыл бұрын
it was the NSA
I was at Defcon 2 weeks ago, at a party, and ran into the security expert that discovered Heartbleed, got to spend quite a bit of time with him. It often surprises me how small a percentage of people that work in the security industry actually do most of the discovery work we hear about. While at these parties, it always the same 50-100 people that are present the entire time, even as the industry continues to explode in personnel numbers.
i'm on linux and i fell for the bluescreen. damnit.
@theLuigiFan0007Productions
8 жыл бұрын
+oakeydokey I also use Linux. If I had this video fullscreen I would have thought my GPU crashed and poked the reset switch. Does that often enough since I'v been tweaking odd driver options to desperately try getting OpenGL working. Screen goes blue and grey (occasionally a hint of pink and lime) smears when it does. Yeah I know, I have to install the non generic drivers soon. I just hate reverse engineering and backporting ATi's code.
@CoffeeOnRails
8 жыл бұрын
Same here. I legit panicked but then laughed when it went back to Tom.
@TheMegalusDoomslayer
8 жыл бұрын
+oakeydokey Recommended fix: don't use full screen
@TheMegalusDoomslayer
8 жыл бұрын
theLuigiFan0007 I rarely use full screen on my laptop. (I'm a computer junkie and I can't imagine not seeing an interface in front of me. It makes me nervous.) It just looked like a buffering issue to me until I saw the BSOD.
@theLuigiFan0007Productions
8 жыл бұрын
Megalus Doomslayer Pretty much the same here. Since I use Linux with the Enlightenment desktop, I set the dock to always be on top, and no application can cover it.
Gandhi was originally a nuke loving monster in Civilization because of an overflow error. In Civilization 2, Gandhi was programmed to be pacifist, so he had a "desire to use nukes" value of 1 out of 10. The game designers also decided that any AI Civs that adopted democracy would have their "desire to use nukes" value lowered by two. For all the other civs, this was fine, however, for Gandhi, it caused his "want to use nuke" value to "drop" to 255, turning him from a friend to a nuclear monster that desired nothing but to watch the world burn. In Civilzations V, the game designers, in a nod to the glitch and the "Gandhi nuked me" memes, gave Gandhi a 12 out of 10 desire to use nukes, higher than anyone else in the game.
@jaclegonetwork
9 жыл бұрын
notbobby125 I was wondering why I kept getting nuked by gandhi
@sorg3ns
9 жыл бұрын
And those memes will probably be a while before they go away too haha xD Civilization 5 is awesome
@stensoft
8 жыл бұрын
notbobby125 That's actually not buffer overflow but value overflow/underflow, it's a different type of error you can experience even in JavaScript or other buffer-overflow-safe languages (there's actually very small number of languages that are not susceptible to that and most of them are functional). Similar error in UFO: Enemy Unknown caused really experienced soldiers to have something like lateral sclerosis (their stats overflowed to very low values, way below novice soldiers).
@RylanEdlin
8 жыл бұрын
+Jan Sten Adámek I imagine designing a programming language to avoid overflow errors would make it really inefficient.
@stensoft
8 жыл бұрын
Rylan Edlin Most functional languages are immune to overflows but yes, it can be pretty inefficient. C# is also immune to overflows but it throws an exception. This also brings some overhead. Moreover it's debatable how safe that actually it. It avoids the overflow but it does not avoid the logic error that lead to it and who knows if that does not just move the error to another place in the program's logic, eg. in C#, it usually crashes the program so it can be used for DoS attacks. There are also statically-verifiable languages where no error can happen but it is pain in the ass to program in those.
Ahaha that smile at the end after he says "who put that there in the first place" it was almost guilty ;D
@Unknown-yd5tv
10 жыл бұрын
:D
That grin at the end xD
@TricksterRad
9 жыл бұрын
Ioan Dragomir Well, he put it in :D, so why not. (I'm obviously kidding.)
@vikasbswami
8 жыл бұрын
Ioan Dragomir I'm still laughing at that grin :D
@Quasihamster
8 жыл бұрын
+Ioan Dragomir As if he wanted to say, yeah right, that was ME, bitches!
@KhanggiTanka
8 жыл бұрын
+Ioan Dragomir asi f to say i did that
@TricksterRad
8 жыл бұрын
Uhh, guys, I said the exact same thing, like half a year ago...
I was on mobile, your blue screen doesn't fool me
@codygarland6365
8 жыл бұрын
The lag got me on mobile
@dubsy1026
8 жыл бұрын
+Codaddict28 I didn't for me. it seemed so fake. my phone just stops when it happens
@TheSimonarne
7 жыл бұрын
i'm on linux and the windows bluescreens are different now for the newest versions
@martypines2321
7 жыл бұрын
I was on Mac. And not in full screen. I HAVE WON THE INTERNET!(not really...)
@TheSimonarne
7 жыл бұрын
Marty Pines i would have installed linux on that machine and then I HAVE WON THE INTERNET with a mostly overpriced system running a free operative system that you can do basicly anygthing on
I was quietly hoping Tom Scott put a secret message in the fake bluescreen, but all I got was "o¿ù³Ô" You disappoint me Tom :D
@KangasniemiJerri
7 жыл бұрын
produKtNZ OE: 016F: BFF9B3D4 is actually an error code from Win ME. It's an exception (error) that was commonly associated with your graphics card drivers being bad, thus throwing an exception during rendering of certain graphical elements.
I was disappointed by the lack of Pokemon in this video.
@joshuahadams
8 жыл бұрын
There was a screenshot that said "Wild "" M. Appears!".
@SKyrim190
8 жыл бұрын
+jimpikles I was expecting he would explain the Missigno bug in Pokemon...was disappointed...
@Alex_Off-Beat
8 жыл бұрын
+Luiz Sarchis It's the same principle, when you use the glitch to encounter Missingno. on the coast of Cinnabar Island the game goes to pick a random pokemon from the list of pokemon that can be encountered in that area. However the programmers never put in a list of random encounters for that certain area of Cinnabar Island so the game ends up reading some other data as encounter data (It actually ends up reading a part of memory that stores the players name) which causes things to happen that weren't expected.
@kondzior553
8 жыл бұрын
+Alex Golembeski Close, but not quite. The game never reads any different part of memory, it's that the part of memory in question contains something it normally doesn't. How this works exactly is: you go to Cinnabar Island and surf across the east coast. The programmers accidentally set this strip of water as being equivalent to grass. Water routes have no specific data related to wild grass encounters, so data that was in the section of the memory related to said encounters is never overwritten when entering the route and whatever was there before stays there. That's where the classic "talking to the old man" part comes in. Because when you're being taught how to catch Pokemon the name of the character changes from yours to the Old Man's, yours has to be temporarily saved somewhere else. Since Viridian has no grass encounters, that section of memory is where the name is being written into. Normally it would've been overwritten as soon as you enter some route with grass encounters, but because you Fly directly to C. Island which, like Viridian City, has no grass, the data (currently your name), as stated before, stays where it was. Here's the actual Missingno./M. part. You have your name saved to the grass encounters section of the memory. Fly from Viridian to C. Island, still no grass encounters, data stays where it was. Going from island to the shore, same story, data stays where it was AND, because we're now on a grass-like tile according to game's logic, we can encounter Pokemon with in-game values corresponding to wild encounters data or, in that case, characters in our name. Problem is, our name is 7 characters at max. Random encounters section reads up to 11th and because in most cases characters after 7th (or however long your name is) are blank, we get the buffer underflow-like scenario and an encounter with M. Pokemon at level 0. The Missingno. are a bit different since they are leftover data from removed Pokemon and don't appear because of blank data being where it shouldn't, but that another story :).
@feoranis26
6 жыл бұрын
i was disappointed by the lack of ACE(arbitrary code execution) in this video.
Oh, Tom. You are the man. "Cockup before conspiracy" will live forever in my heart. #CBCForever
@VoidKing666
2 жыл бұрын
CBC doesn’t mean what you think it means
1:56 I totally started cursing at my internet connection. Fucking genius :D
@IceMetalPunk
10 жыл бұрын
I panicked more than that before I realized what happened. Tom Scott (or perhaps Brady)...you are evil. *EDIT* Okay, not Brady, this isn't Computerphile after all...
@thephpjo
10 жыл бұрын
i was pissed, cause this was the first video in a time i watched using windows and for a second t thought it was going to crash. Until that bluescreen came up. We are not using XP anymore. Todays bluescreens have smileys on them
I really don't mind buffer overflow, at all. it gave me 128 master balls, so I see no issue!
@jayuppercase3398
4 жыл бұрын
And all the rare candy 😈😈 everyone on level 100
@usualunusualkid7149
4 жыл бұрын
That's value underflow.
@tekayo63
2 жыл бұрын
Hope you don't mind the Hall of Fame...
@redtachyon2718
2 жыл бұрын
@@PyPylia When you encounter Missingno, the sprite decompression causes a buffer overflow and corrupts your Hall of Fame.
@ConstantDerivative
2 жыл бұрын
@@usualunusualkid7149 underflow**
That smile at the end as it's fading to black though... Bwahahahahahahahaha
While I appreciate your paranoia, I think the better question is, "How the hell did they forget to check the length of the input?" I mean, alright, sure, we all make mistakes. But it's a security library; you'd think they'd be careful to sanitize and verify all input >_< .
@Binary10100
10 жыл бұрын
Yeah, unless they did, and then some malicious guy intentionally removed that check.
@JelmerBorst
10 жыл бұрын
Binary10100 But even then, that needs to go through revision you'd reckon
@lobaxx
10 жыл бұрын
I haven't read the code myself, but from what I've heard from people who have, it's daunting spaghettified mess. Or to use their words, _"after a few hours, I wanted to stab my eyes out with a fork"_. It's equal measures human error, and equal measures horrible, convoluted code base that let's these error go unnoticed for so long. OpenSSL is in desperate need of an audit and a re-write.
@Skydmig
10 жыл бұрын
I think OpenSSL needs more support. As it is with all open source projects, they are only as strong as the number of eyes conveying the code.
@XeroOl
9 жыл бұрын
The best question is: "Where's the next bug?"
This video about Heartbleed was so much more understandable to me than the Computerphile video. From CP I just didn't gather what the whole heartbeat thing was at all, but you worked the way up there. Thank you, Tom.
Who put that bug there in the first place. Grab your pitchforks 'cause we're bringing out the ol' git blame.
That evil grin at the end...XD
that sinister smile at the end... :)
01:56 Because I'm from Germany I didn't get the joke with the glitchy Image until the Bluescreen. Our Interne is so shity that this is normal.
Coming back to this 2 years later, and I still love the Cheshire Cat grin at the end.
Great video, love how you keep things simple yet are still so informative. More of this Tom!
@ReasonerUK
10 жыл бұрын
GameDevSPS oh hi there
MissingNo is not a buffer overflow error. The technical side of the error is that different segments of memory have different roles attached to them depending on the part of the game you're in. For example the same part in memory that stores what pokemon are in certain routes also stores trainer data in battle (well probably not but that's just an example). For example the mew glitch works, because you cheat the game into thinking you're in battle while you're not, so other segments of memory are used for different things than normal. And this is an explanation how the old man missingno glitch works: When the old man in the virdian city shows you how to catch a pokemon, you see the battle from his perspective. To do that, the game does a temporary change to your trainer data, while storing the regular trainer data in an unused space - the wild pokemon data space and it doesn't clear it from there. That would be normally no problem, as entering any region with wild pokemon will replace the data. The glitch happens, because shore in cinnabar is coded as place where you can fight wild pokemon. But the Cinnabar City itself has no wild pokemon data so it's not loaded. That means that this little part of the map will use any wild pokemon data provided in memory. Normally it's the last place you visited (neat trick for easy safari zone pokemon in R/B ) but if you have trainer data in there the game will try to make sense of it as wild pokemon data (both are stored in hexadecimals after all). This is why pokemon outside of the regular 151 show up. This is not a buffer overflow because nobody tries to put input longer than place provided for it.
@herrkatzegaming
4 жыл бұрын
Actually, The buffer overflow happens when it tries to write that you have caught that pokemon to the pokedex. Instead of it going to the pokedex, it goes to the amount of items in the 6th item slot.the "buffer" is the memory that the Pokedex occupies and the item data happens to be stored near the pokedex buffer. so there is actually a buffer overflow happening here
@kodekristian
4 жыл бұрын
@@herrkatzegaming It is not the capture flag that causes the item duplication, it is the encounter flag. You can run away or beat it, and you will still receive the item duplication. And from my understanding Dawwy is indeed correct that is is not a buffer overflow; it simply writes to the wrong location in the memory, rather than sending a value that spills over into neighboring data. Also, the Pokémon shown in this video, contrary to what the title says, is in fact not MissingNo. It is 'M, a Pokémon that shares certain traits with MissingNo, but is in fact different in many aspects.
@giulianodepian-composer4517
3 жыл бұрын
@@kodekristian The hall of fame corruption though is caused by a buffer overflow because when it decompress the big glitched sprite, the game writes the sprite way pass the pokemon buffer
@ZT1ST
2 ай бұрын
It's my understanding that MissingNo is a buffer overflow error in the pokemon generating step - it's reading pass the buffer of indicated Pokemon, because it doesn't know what to wrap around the valid space of Pokemon. Ergo, "Missing Number", because the Pokemon doesn't have a number where it should be, and the image sprite is based on whatever it can read there, which is why sometimes the name and sprite change depending on which version you find.
It was Tom all along!
I remember this... I remember going out in pijamas driving like crazy down to my office to check the server... update (downgrade) OpenSSL, and recheck, then I had to change all my certificates the next day. #HappyTimes
@MelBrooksKA
8 жыл бұрын
+Luis Daniel Mesa Velasquez That sounds like a fun day of doing everything you didn't want to do
You scared me with that fake crash! :D
@BanterEdits
9 жыл бұрын
OMG yeah I thought that, too! omg that was fcking scary!
@Kevin15047
9 жыл бұрын
Me too. I had to go back and make sure it was part of the video.
@Penguin_Spy
6 жыл бұрын
Sc2mapper117 my wi-fi was crapping out right before he did the blue screen too.
Wow, I loved this video. My favorite part: that grin at the very end. Was scarier than all the horror movies I've ever watched in my entire life put together.
5:47 That smile at the end............. It basically means........... “You're screwed”.😁
1:52 For nostalgic feeling. (Thanks...)
We totally need more of these! :)
I had to make sure I wasn't on Computerphile for a second
@blenderpanzi
10 жыл бұрын
I only noticed because of comments like yours.
@IceMetalPunk
10 жыл бұрын
Oh, wait, what? Hey, look at that, this ISN'T Computerphile. Totally didn't realize that.
Nice job, Tom! another great video! this certainly has been an interesting day. please do make more like this, computerphile doesn't film you often enough!
Thank you. This has actually helped me understand what's been going in in these past few days.
As always, great video and also very fast, when i was just getting up to date with Heartbleed. Thanks!
Very nice explanation. Your closing thoughts also made me smile - like you, I'm not that paranoid but it's an interesting thought! Many thanks.
Love videos like this. The more technical the better.
Great explanation of Buffer overflow and general exploits.
Love that little grin at the end ahahaha
He who smelt it dealt it. Has Tom been a naughty boy?
@fullyverified7491
8 жыл бұрын
really?
@erictaylor5462
8 жыл бұрын
No, not really, It's a joke!
@fullyverified7491
8 жыл бұрын
Eric Taylor i know but...
@erictaylor5462
8 жыл бұрын
Fullyverified Butt? I guess Tom HAS been naughty.
@fullyverified7491
8 жыл бұрын
Eric Taylor yes yes quite right
Excellent explanation and very interesting, Tom. Thanks.
This is five years old and I think taht last line will never get old.
@ZT1ST
2 ай бұрын
4 years since your comment, and XZ utils makes it stand out even more.
"If you are using a high level language like JavaScript you don't have to worry about a buffer overflow" WebKit exploit for Nintendo Switch...
@beesree39
3 жыл бұрын
Still doesn't exist
that smile at the end
You sir, just dropped my jaw with that last line. Well done.
I'm gonna go with The NSA for 200 Alex.
@andrewboz8990
10 жыл бұрын
Eddy Proca Only shitty websites were affected (Yahoo) and frankly dont care that Homophobic cunts might be exposed (Yahoo Answers)
@p00ky76
10 жыл бұрын
Andrew Boz open ssl is used by about 66% of the internet, sure, not all will be using the problem versions, but the problem has been there for 2 years, I'm pretty sure more than yahoo were effected.
@Kissaki0
10 жыл бұрын
***** Using it does not make you vulnerable yet. It was only an issue for specific 1.0.1 versions.
@p00ky76
10 жыл бұрын
***** turns out that the FBI were effected hehe
@theLuigiFan0007Productions
8 жыл бұрын
+Alexander Soloviev So.... was the NSA spying on the FBI? XDDDDD
Thanks Brady. I just updated my BIOS before watching this video and the BSOD at 1:59 almost gave me a heart attack!
The stressful bit is Tom waiving around an uncapped Sharpie
5:50, that smile! :D Very well done video!
Another winner, Tom. Thanks much.
Needs more missingno.
as far as I remember, missingno wasn't a buffer exploit but a design fault temporarily storing the user's name at a location that's referenced as a pointer elsewhere, so you're not really overflowing data into RAM, but redirecting later pointer dereferencing.
@connorhorman
4 жыл бұрын
Kyra Zimmer The Item Duplication when you “See” Missingno. is a buffer overflow, its setting the high order bit of the 32nd byte of something a lot smaller then 32 bytes.
Love this video like all of them, but found I learned a lot more in this one then most :D
Such a good explanation that the hardest bit to comprehend was a solitary tab on a browser window…
Thank you for posting this video.
That's a rather chilling grin you got at the end of the clip Tom! 😂😂😂
I was waiting for him to come back on screen and say, "it was me, i put that bug there ;)"
Is it really so paranoid to think that someone did find this bug, but was smart enough to exploit it on a small scale during those 2 years?
"did someone notice it and not sat anything?" 3 years later we hear about the CIA doing just that...
@absent612
3 жыл бұрын
oh, really?
@ano_nym
3 жыл бұрын
@@absent612 it was another bug, but that NSA kept quite about for 5 years until it was leaked. Called EternalBlue and is what made the ransomware attack back in 2017 possible.
Hehe. Love the cheeky grin at the end, almost like you yourself know who put the bug there. Or even put it there yourself.
That smile at the end! Great video :)
ohhhhh dude, this is a very dangerous exploit! thanks for the very clear and detailed explanation.
@jlcontarino
10 жыл бұрын
Did he say this bug's been in there for 2 years!?! A bug this significant? In a product used by millions of people? How is that possible?? Maybe he's not being so paranoid ...
I wasn't worried at all till that devious smile at the end
Thanks Tom für the explanation!
That smile at the end... However, this is a very good explanation, thanks, :)
love these kind of videos .. remind me of u on computerphile, you should do more like these!!!!
@skalpathal
10 жыл бұрын
I actually thought this was computerphile right up until I read your comment.
i really enjoyed watching this video :) especially the computerphile-style. are you gonna do some more videos for computerphile again?
OMG! That ending! I love it! I need to show this to my conspiracy theory friends.
i loved the ending sentence :D and i wouldn't be surprised at all if the nsa just lost 95% of their data sources
Excellent explanation, thanks! And yes, when you mentioned the exploit, it certainly seemed, at least on this level of abstraction, to be a glaringly obvious bug. Why would a heartbeat not need some kind of upper size limit?
@cyancoyote7366
7 жыл бұрын
xDDDDDDDDDD
@ky5666
7 жыл бұрын
It's hexadecimal and binary. They're the best. :P
@cyancoyote7366
7 жыл бұрын
This somehow reminds me of this XKCD comic, this is my favourite one :D xkcd.com/505/
@DarklinkXXXX
7 жыл бұрын
Seriously though, LISP solved this buffer overflow problem a very long time ago.
@robertlinke2666
6 жыл бұрын
still depends if you give it hardcoded more then it can handle, but then you are just doing for it
That smile is almost as terrifying as that of Cumberbatch’s Sherlock Holmes.
Thanks Tom, well explained. How am I supposed to go to sleep now!
Excellent video!
Turn of events I've just experienced, Watched video - got tinfoil hat and went on to make many a conspiracy theory.
When you described the "buffer underflow", it's basically a buffer overflow except that it occurs while _reading_ from memory instead of when _writing_ to it.
the smile at the end. it feels like this was just one convoluted movie trailer.
Nice touch with the crashing. Absolutely fell for it
That last question reminded me of an incident in a south american bank where a programmer modified the code of the banks ATMs just so that with a private code he could extract any amount of money from the machine. The exploit went unnoticed until after the employee retired - and - some ATMs were missing aertain amounts of money
this man is fucking dangerous !! look at his smile at the end !
only Tom Scott can say something really unsettling right at the end and then follow it with a adorable smile
Love that bit of trolling at the end.
Sweet explanation.
That very last grin in the end is going to haunt me in my dreams 😂😂
That ending was absolutely perfect.
"I'm not paranoid" just makes me think you're paranoid
You should do more computer videos! Either of you own or Tomputerphiles. These are great ones.
Thanks for another great video! Did you defect from computerphile altogether?
Like the jumpscares. That's a good touch. I'll go clean my trousers now I suppose.
Thank you. I feel you are a good person. We need you. My team :)
It is a bit simple, but I didn't cringe. Well done explaining something rather complex in a way that is both understandable and still rather technically correct.
It was you!!! You put it there. :)
that was the creepiest smile at the end of the video.. lol when he said "who put the bug there in the first place?"
A technical explanation an missgno would be awesome
I really like the paranoia bit at the end.
Tom, answering that creepy grin at the end, NSA did it. :-D
The dreaded BSOD has returned! RUNN!! at least its the kind of friendly version that has the press key to continue thing