Log in

View Full Version : project/tool ideas


nukleuz
10th September 2004, 14:16
Im a software development student tryin to think bout possible ideas for a academic year project, kinda business orientated but can be anything I have a personal interest in, so tryin to look into different areas.

So can anyone toss a few ideas my way??

Was thinking bout a tool to check authenticity of a file, so no tagged viruses. I know jpeg’s and bitmaps have headers to identify them, what about avi files or even word docs??

How about digital signatures, can these be added 2 any file??

If anyone could offer advice, ideas or places to look, it would be very much appreciated.

Have been looking at/for threads where people have suggested tools they would like to see, so if any ideas/suggestions no matter what area, please reply.

Have seen many tools come and ago through the doom9 community, would be cool if I could try n give summit back.

Mainly a java programmer with a little C++ experience, but have time to learn new languages.

Thanks for reading

nuke :D

DaveEL
11th September 2004, 19:06
This is a big one which keep coming up every now and then. I know in theory it would be possible (might need GigE to make it practical but it can be made to work) but noone has ever invested the time to make it happen.

DaveEL

esby
18th September 2004, 03:34
"Was thinking bout a tool to check authenticity of a file, so no tagged viruses. I know jpeg’s and bitmaps have headers to identify them, what about avi files or even word docs?? "

if you really want to check authenticity that means using a checksum and to check the file vs an original checksum....
various implementation exists,
- using crc (16 or 32) (weak, should be only used for error control)
- using sha , better in term of security.
- using other algorithms.

Now if you want to check filetype, header will help; keyword will too; sometimes extensions; depending what the file is supposed to be, and on which OS, and it can be trully a nightmare sometimes.

And don't forget that identifying a jpeg is not recognizing it as being harmless. For example, if a jpeg contain a buffer overrun exploit, it will probably be recognized as a 'jpeg', but it will crashes the application reading the jpeg and allow unautorized commands to be run... (or something like that.)

And don't forget that most of the time, the weakest part of the chain is still the human being using the computer. I have seen passwords written on post-it so many times... And I'm not talking of the secretary opening mail from an unknow person with outlook, and double clicking on the attachment spontaneously...

esby