BUILDS in the News

buildscc | 20 Apr 2010 | | news

Since our inception at the beginning of this year, BUILDS has appeared regularly in student news outlets and in the official university press, BU Today. Check out what the 4th Estate has to say about our space:

BU Today Article – “A Place to Hack or Just Hang”

A great article that goes a bit more in-depth about the philosophy and inner-mechanics of the BUILDS hackerspace.

Daily Free Press Article – “‘Hacker Space’ Invites Free Creativity, Collaboration…”

A great article from the DFP about the BUILDS Open House – slash- hackerspace unveiling last January.

Daily Free Press Article – “ID Numbers Found Online Raise Student Concern”

An article introducing the BU ID Audit Project. Also, a great example of why it’s important to edit your robots.txt file when working on a sensitive security audit over mediawiki

Older · View Archive (146)

BUILDS Project: Buffer Overflows in gsubmit

In mid February, BUILDS found a Buffer Overflow exploit in gsubmit, an assignment submission tool actively used in the Boston University Computer Science Department. Upon discovering the vulnerability and authoring a proof of concept exploit, the CS Department and Lab Administrators were made aware of the problem. A new version of gsubmit which fixed these problems was installed on March 19, 2010, the day that BUILDS presented a poster and demo on this topic at the BU Computer Science Research Open House.

In the course of this project, work started on developing a tool that can statically analyze an ELF binary object for potential security vulnerabilities. Dubbed “Low Hanging Fruit”, this tool aims to discover possible problems in the binary, such as unchecked buffers, potentially dangerous library calls (such as the system() function), format string exploit attack vectors, etc. Development is ongoing, using the libelf and libdisasm libraries.

Submitted poster (with a full writeup of the hack)

Project contact: Kyle Brogle broglekATbuDOTedu


What is BUILDS?


What is BUILDS?

The poor student, Jack, had been seeking for at least four years. He was a hard seeker; he was very, very honest and sincere. He practiced all that was told to him, he visited many masters, he undertook many internships. He did all that was humanly possible. He practiced coding katas, he mastered Matlab, he did this and that – but all to no avail. Nothing was happening; in fact, his frustration was growing more and more. The more the methods failed, the more and more frustrated he became.

He had read all the Hacker scriptures – there are hundreds of them. It is said about this Jack that he had the Art of Computer Programming in his room, and he was constantly reading, day and night. And his memory was so perfect he could recite whole passages of the Jargon File – but still nothing happened.

Then one day he burned his whole library. Seeing those scriptures in the fire he laughed. He left the university, he left his advisor, and he went to live in a ruined temple. He forgot all about coding kata, he forgot all about matlab, he forgot all about practicing this and that. He forgot all about virtue; he forgot all about discipline, and he never went inside the university to code again.

But as he was living in that ruined temple it happened. He was mowing down the weeds around the temple – not a very techie thing to do. Not anything specific, not anything special, just taking the weeds out. When he threw away a bit of broken tile, it clattered against a bamboo tree – in that moment it happened. In that very clattering of the tile against the bamboo, a shock, a jerk happened and his mind stopped for a moment. In that very moment he realized BUILDS.