[removed]

A program is a set of computer instructions to do something. A vulnerability happens when someone can trick a program into running something it shouldn’t.

Computer operating systems operate in layers, so if a program has a vulnerability it can offer a chance to elevate code. If, for instance, a browser has a vulnerability then it could give random internet code a chance to run under the user’s rights. Or if a privileged service has one, a user could escalate code into having admin rights.

hackers found out that when you type your password that information can be seen in plain sight, is an example of a vulnerability.

Here’s an example of a common type of exploit which might give you an idea of how it works.

Your computer uses a thing called memory (specifically it’s called RAM, you might have heard that term), where it stores everything it’s currently using or will need in the near future. Your operating system is on there, any programs you’re running are stored in there, that cool jpeg you looked at earlier but forgot to close the window for is in there.

Generally, it’s the responsibility of the program to request its own little space in RAM to put everything it needs, and there are security measures that mean it can read only what’s stored in its own special space. Fruit Ninja can’t read the memory of something allocated to Safari, and visa versa. Importantly, apps are usually VERY separated from the RAM used by the operating system. But sometimes this security system doesn’t work as planned, and an app can read and even write areas of memory not assigned to it! Meaning it can view or change what the app that is allocated to that area is doing. When that “app” is the OS, you can often very easily gain control of the whole system.

Easy example: a webpage is text, which is often created by code. But a webpage can also have JavaScript code in it. So, if the code which makes the webpage is faulty, a malicious user could insert JavaScript code, that all the webpage’s visitors will execute.

This fake server code adds a user’s review to the webpage for a product on a shopping site:

file = open(‘products/’ + submission[‘product_code’]);
file.append(‘<div class=”review_user”>{}</div>”.format(user.name))
file.append(‘<div class=”review_body”>{}</div>’.format(submission[‘review_body’]))

There are two vulnerabilities here, but the one I want to point out is that the review content and user’s name are inserted right into the page, without first clearing away any HTML syntax they might contain. If the user submits a review which contains HTML syntax starting with `</div><script>`, they can embed their own JavaScript into the webpage:

<div class=”review_body”></div><script>alert(“hello!”);</script>

Once this is inserted into the product page, any user that visits this page will see a dialogue box that says “hello!” But JavaScript isn’t limited to just useless dialogue boxes. If you inserted JavaScript that submits a request to change the user’s password, any user visiting that page would have their account taken over.

See if you can spot the second vulnerability: it’s similar to the first one.

It seems like movie hacker jargon but code can have vulnerabilities just like any system designed for security, from the guard rotations at a bank to the structural design of a padlock. It just means an oversight in the way a system was designed which allows for it to be used in unintended ways.

A pretty funny code vulnerability back in the early days of the internet which has since been fixed in nearly all websites is called an SQL injection. SQL is a computer language used to request data from a database, and many websites use it to check their database for your login credentials when you enter them to sign in.

A naïve programmer might code their login page like this: they have a line of SQL with a gap in it where the username should go, and when you press “login” on the page the code copies whatever text is in the “username” field directly into the SQL line and sends the request to the database.

Now, here’s the problem: the user doesn’t have to only type their username into that box. If they know SQL and are clever/evil, they can also type in fragments of SQL carefully in such a way that when the text gets pasted into the other SQL code, the full thing reads as two separate lines and the second line can do whatever the user wants to the database, like… delete everyone’s data. Oops

It’s kind of like walking into a subway and ordering a sandwich and when the server asks what you want inside you say: ham, swiss cheese, a top bread, a bottom bread, and $500 cash. The server gives you a strange look for a second, but since everything up to the top bread is a valid sandwich and all the bottom breads match up with a top bread, they conclude everything is normal and give you what you ordered.

Here’s a great podcast with tons of real world examples and easy to understand explanations of the vulnerabilities: https://darknetdiaries.com/

Imagine a bug or an exploit in your favourite videogame – it wasn’t put there intentionally, and the game designers tried their hardest to code the game perfectly according to their vision. But there are always going to be a few bugs that fall under the radar, because modern videogames are huge and coded by hundreds of different people.

Look at the [early Pokemon games](https://bulbapedia.bulbagarden.net/wiki/List_of_glitches_(Generation_I)) – the memory used by them was strictly controlled and used as efficiently as possible, but there were mistakes in the code that allowed certain player actions to store things in memory that corrupted it in ways that the devs didn’t account for.

From there, you can exploit it to modify game data to create all kinds of crazy glitch Pokemon that weren’t in the game originally, or give yourself items that you shouldn’t have access to, and more besides. For someone who’s studied how those games work, they can use that knowledge to get specific effects out of it – like obtaining a Mew despite it only officially being handed out at licensed in-person events.

Hackers want to make someone else’s program do something that the hacker wants.

Normally the program does something the programmer wanted it to do. But if the programmer makes a mistake, certain inputs can cause problems. Usually when the program has problems, it crashes, or provides wrong output, or whatever. Something random.

But if a hacker knows this bug, and that bug can cause the program to do something the hacker wants… Out of all the possible random things that could happen, some of those things might be useful.

There is another type. Programs typically have separate parts. If one part has an output and another part has an input. You may be able to figure out how to skip one part of the program and provide inputs directly to where you want it. A classic example of this is the pay telephone boxes. Normally you put in a coin and it makes noises. But you can bring your own noisemaker, pick up the phone, and avoid paying for it.

There are a bunch of other vulnerabilities. Timing vulnerabilities. Vulnerabilities related to leaking keys. Emulation is similar but is related to the supplanted input type. Hackers may even use several of these, or even phishing or other social attacks to get what they want.

How does a small error equal entire servers being compromised?