Santa Cruz introduces the username input! We’ve got multiple locations to write to, new values to corrupt, and our old friend unlock_door
plays a central role.I sat down for this one at the end of the night hoping to take a look at it before bed and get a sense of the problem for tomorrow. Johannesburg turned out to be a fairly small modification of Montevideo and I was able to get a working attempt string in twenty minutes or so.Montevideo adds another layer of indirection to the problem we encountered in Whitehorse. The device is still vulnerable to overflow, but we can’t just encode whatever we want!NCC Group hosts an embedded security CTF game at microcorruption.com. I’m not much of an expert in embedded anything, but the game is quite a bit of fun. I completed the first few levels a few days ago, so this is post-facto write-up, but I intend to write an article as I go for future levels.The way we, as an industry, interview prospective individual contributors is exhausting and ineffective. The goal of these interviews is to hire engineers who can design and implement simple, maintainable software, so why are we asking them contrived questions about dynamic programming? Engineers ought to be at least competent programmers, but the work of software engineering is more often a question of design.