Official Discussion 7x06 - The Crack in the Code

  • Avatar of BarryWeen3

    BarryWeen3

    [41]Feb 27, 2012
    • member since: 09/28/05
    • level: 14
    • rank: Autobot
    • posts: 2,145

    From the Futon Critic,


    As FOX shuffles the schedule around for Spring...


    Bones will return a little bit earlier than expected on April 2 as FOX moves Bones to Mondays at 8PM followed by House at 9PM as House heads to its series finale. Bones will be pre-empted (yeah, I know you thought there wouldn't be any more interruptions ) on May 21 as FOX airs a House retrospective on May 21 at 8PM.


    Here's the link to the article: FOX's Spring Schedule

    You must be registered and logged in to post a message.
  • Avatar of Geri08

    Geri08

    [42]Apr 18, 2012
    • member since: 03/22/08
    • level: 31
    • rank: Blues Brother
    • posts: 11,631

    Really enjoyed the episode...Did not like the baddie one little bit...And loved the potential of BB's new pad (especially as I have seen the finished job in photos ...nice! Loved the look on Booth's face when Bones thought the place was ideal. Just one question...They are buying the place? By some strange FBI auction or such...what's the story on that please if anyone knows. I just heard about the guy in prison who owned it!

    You must be registered and logged in to post a message.
  • Avatar of whatsmyname

    whatsmyname

    [43]Aug 22, 2012
    • member since: 08/21/12
    • level: 1
    • rank: Weatherman
    • posts: 1

    Edwinhubble wrote:


    bmoshier wrote:
    Sigh, though. Your comment on the virus points out the one part of the episode that really got me upset. Many people are going to believe they/you/someone can scan a virus or Trojan Horse into your/their/any computer. You can't!!


    I'm not saying something you scan can't cause your computer to act incorrectly, as it can. What I'm saying is the computer isn't misbehaving because you uploaded/scanned a virus, Trojan Horse, or malware. Why? What you scan is data and computers don't execute data - unless someone sabotages it in advance.


    bmoshier definitely knows what he's (she's?) talking about, and everybody should read his post again. Perhaps if somebody like bmoshier were a writer for Bones we wouldn't have so much bad science hoisted on the viewers for no reason.


    I made this account today because of what I saw on Bones. I'm not trying to troll or anything, I just don't know why the writers, who seem so clever sometimes, resort to such terrible science. I hope that whomever sees this stuff can realize that the characters and story arcs aren't the only fiction in the show.


    I know I'm a little late to the party but I just made this account today to point out that both of you are wrong. I see this kind of mistake that you're making (assuming malformed data cannot lead to code execution) from many junior programmers. The problem in a nutshell is this: all of the data is being processed by some software and all software has bugs. Some bugs lead to security vulnerabilities and some vulnerabilities can be exploited by specially-crafted input data.


    So, yes, the computer is not supposed to execute the data but in reality it often does due to software bugs. For example the bug in the Windows GDI (https://technet.microsoft.com/en-us/security/bulletin/ms08-021) which allowed a specially-crafted image file to cause Windows to execute arbitrary code encoded in the file (this one was actually actively exploited). Or the Windows Media Player bug (https://technet.microsoft.com/en-us/security/bulletin/ms12-004) that allowed a specially-crafted media file to cause arbitrary code execution. And there are thousands of other cases where what is supposed to be "just data" exploits a bug in the software processing the data to cause it to execute code.


    The same thing could happen with the software that analyzes the bones. Obviously it would be much harder since the initial exploit would have to cross from the analog domain into the digital representation, however it is far from impossible. And after the initial compromise, the software has been taken over, so it can now do whatever the attacker wants, including reading the main payload from the "fractal patterns", which would include structure and error correction. It is quite far fetched but absolutely possible even in the real world.


    sasilik wrote:
    It isn't possible to carve some code to the bone and then expect that you get exact same ones and zeroes on computer when you scan it. If you get even one bit wrong then your code is useless.


    The only difficulty is to get the initial exploit, whose payload will read the "fractal patterns" and interpret them as the main payload. After that you can encode the data in a way that will ensure the data can be read reliably (i.e. with appropriate structure and error correction, similar to how QR codes work). Yes, the first stage would be very difficult but if you have many bones and each with many instances of the original exploit, the probability that at least one of them will succeed may not be too bad. And keep in mind that the software isn't just scanning the images and showing them. It is also performing what seems to be quite complex analysis. And the more complex the software is the more likely that such an exploitable vulnerability can be found. So, again: far fetched -- definitely; impossible -- definitely not.


    sasilik wrote:


    And even if you somehow manage to get code intact then it's still only image data. It never will be treated like executable code. I quite don't understand how just the image can do something bad in computer... Program, that loads the image can do something but then there already was some virus/malware in the computer and the code in the bones was just unnecessary boasting.


    Wow. You have WAY too much faith in software. What you claim will "never" happen has indeed happened in the real world many times. See earlier in my post about the images and multimedia cases for just a few quick examples.

    Edited on 08/23/2012 1:14am
    You must be registered and logged in to post a message.