A vulnerability can be anything from “Dude behind the keyboard never set a password” to “Something fundamental to the hardware allows for exploitation.” The former is by far the most common exploit, but the latter does exist and everything in between exists.

The thing about the code you’re imagining is that it’s vast, it’s the product of tens of thousands of hands and decades of work in the case of something huge like an OS. Complexity and obscurity make it almost impossible to perfect, and as long as there’s a huge intrinsic reward to finding cracks in that edifice, hackers will exist. Sometimes it’s down to finding an existing flaw, like discovering the ability to inject code by forcing an error state. Sometimes it comes down to essentially *creating* a flaw that was never considered, like [Van Eck Phreaking](https://en.wikipedia.org/wiki/Van_Eck_phreaking)

It’s sort of like how people build houses and they put locks on the doors and windows and weatherstrip everything and make the roof watertight and they stand back and bask in their own triumph of engineering, satisfied that the building will keep out everything from hurricanes to bears.

​

And then the ants come along.

​

Hackers are basically the ants. They find small gaps that either people didn’t know about or dismissed as too trivial to fix, and then they exploit those gaps for gain.

I like the existing explanations and I’ll add a little bit of context: All major operating system kernels (Linux, Windows, iOS/macOS) are written in C (sometimes with a bit of C++). C is a great language in many respects, but it was designed in the 1970s and lacks the security related features of modern languages.

Computer hardware itself, like RAM chips, can have vulnerabilities too. There was a crazy hack a few years ago called Rowhammer that exploited those issues.

USB and FireWire had security issues where hackers could root (take over) a computer via a memory stick.

The gist of it is that there are security issues from the chips to the kernels to the applications and even the network protocols. There are millions of lines of code involved so eyeballing it isn’t really sufficient to create secure systems.

Unlike, say, a refrigerator, a computer is designed to be extensible via software and networkable with every other computer in the world. This makes them very hard to protect.

The short answer is that it is difficult to write perfect code.

The more complex the task, the more often you have to choose between “quick and dirty” and “long and careful” coding.

For example, SQL had a famous “vulnerability” where a person putting the following data into an input would mess things up at the other end.

DROP TABLES

this is so famous there is an XKCD comic

https://xkcd.com/327/

A vulnerability could be something that’s in code, something that’s part of the hardware, something vulnerable on the human side of things (like the way someone enters information into a system), and everything in between.

Some code might not check if the computer requesting the information is supposed to have it. There are lots of exploits like that in software that are known, but aren’t a problem because an update fixed it. But not everyone updates their software! A lot. A lot of people don’t. Just by doing some research, someone could find old software and exploit all the security problems it has.

It’s a lot of poking around and seeing what happens. You poke around until you find something you can use. For example, when you put code in a text box of an online form, it accidentally runs that code. Once you figure that out, you can write code that installs something on their computer and gain access. That’s a pretty old example, but it gets the point across. Vulnerabilities can be something of cutting edge research into hardware, or just something stupid no one’s tried before.

As is usual on this subreddit, I see answers with great analogies, and not very good explanations, so I’ll try to give you a very normal one.

This is an example of an attack called a buffer overflow.

Let’s say you have a form on a website, that lets users enter their username. Since usernames are only limited to, say, 20 characters, you allocate 20 blocks of memory in your code to load the username (it’s okay if they aren’t all filled up).

Now, suppose a malicious user comes along and enters a name that is 100 characters long.

If you did everything correctly, this wouldn’t work and he would be blocked. But, every now and then, a developer fucks up (increasingly, vanishingly rare these days, but still). Now, your code loads the entire 100 characters into those 20 blocks of memory you had allocated. But what happens to the extra 80 characters? Well they OVERWRITE the blocks of memory that appeared after the block of memory that contained the name.

This overwritten block might contain code that is to be executed in the future, so, by overwriting it, the hacker is able to execute code of their choice on your computer. It could be to spit out passwords, bank account details, to crash the program, transfer money around, block your access, or any number of things.

This is just one example, but it should help you get the gist!

Code is written by humans, humans make mistakes. One of the most popular methods of exploitation isn’t even code, it’s exploiting humans themselves with phishing campaigns. Getting someone to click a link or emailing out fake emails to people pretending to be someone higher up at a company. Humans are the weakness when it comes to hacking.

Aside from hacking actual code, most ‘Hacking’ nowadays comes from ‘Phishing’ attacks. And more and more, are coming as text messages on phones, or in emails…”Your account on <something> has been blocked for non-payment, click this link to resolve it”.

NEVER click that link, ever. Go to the actual site.

Hell, my Netflix account has been ‘blocked’ hundreds of times over the past year. So has my AppleTV account (don’t have one).

Social engineering is the biggest hack, since they can get your email info, credit card info, everything.

You talk about the size of holes. Think about a castle. We only need a big enough hole to sneak a few guys in to raise the portcullis in the middle of the night.

Its because you are not thinking like a criminal. It is hard for a good and decent person to think like a scoundrel, so the fact you can’t see or understand how could there be gaps is good.

If I was going to hack a company, my first task would take me all of 100$ and 30 mins of my time to do it. I would buy in bulk a shit ton of USB sticks. I would find the company logo, print them out on my printer on label and affix the labels to the USB sticks. I would put key loggers among other shit onto the USB stick and then I would go into a company parking lot and just drop 100 of these USB sticks all around. I drop 100, 3-7 employees will plug them into their computers on average. If they got a very good IT and security department, this number drops to 0-2. It is never 0 because you always got that person whose curiosity overshadows all their training to never, ever, ever, ever, plug a USB stick into their computer that IT did not give to them, and now I am in.