SEARCH RESULTS
 
Showing 1-10 of 24 records
 
Expand article

Buffer Overflows are like Hospital-Acquired Infections?

2007-09-16 12:35:00 by Security Retentive in Security Retentive
 
...buffer overflows tricky. Not impossible, but tricky. Given the attention to buffer overflows, the fact that we have tools to completely eliminate them from regular code, I'd say they fall into the same category as surgical tools left inside the patient - negligence A key quote from Lucien Leape of the Harvard School of Public Health Today,...
 
Tags: buffer overflows, infections, patient, buffer overflows tricky, errors, patient differences, avoidable errors, tricky, blatant surgical errors
 
 
 
 
Expand article

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

2008-06-09 00:36:29 by Editor in Irongeek's Security Site
 
...buffer overflows and memory corruption Ive recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intels term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with...
 
Tags: dep, data execution prevention, memory corruption, windows, configure dep protection, configure, memory corruption attacks, vista, buffer overflows
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...Buffer Overflow OverflowVulnCount Deployment Vuln Testing Tools Injection Flaws InjectionFlawCount Runtime Pen Testing Improper Error Handling NoErrorCheckCount Design Static Analysis Insecure Storage PercentServersNoDiskEncryption Runtime Manual review Application Denial of Service Runtime Pen Testing Insecure Configuration Management...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil compressed archive is decompressed. A lot of programs will automatically pass compressed data through gunzip, making it an interesting...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...buffer. This overwrites the saved EIP and SEH, and can be exploited for arbitrary code execution Could the SDL have caught this bug? Probably, either through fuzzing, code inspection or static-analysis. All of which are SDL requirements. With that said, integer overflows can be hard to spot. .SAM File Parser Vulnerability This bug is caused...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle
 
...buffer overrun defenses follows a somewhat similar pattern we started by prescribing coding techniques, banning the use of some APIs, and building tools that detect coding constructs that look like buffer overruns. As we gained a deeper understanding of how buffer overruns can be exploited, we enhanced the /GS compiler flag and added ASLR in...
 
Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers
 
 
 
 
Expand article

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive
 
...buffer overflows is a lot easier than complicated business logic attacks, multi-step attacks against distributed systems, etc We haven't answered whether there are more Architectural/Design defects or Implementation defects, but from an exploitability standpoint, its fairly clear that implementation defects are probably the first issues we...
 
Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...buffer overflows, format string vulnerabilities, and type mismatch errors A deeper reading of the cryptographic concerns (page 29 in report) notes concerns (amongst others) over the use of a flawed implementation of the SHA hash algorithm and use of the Data Encryption Standard (DES) algorithm. The SDL has specific policies outlining...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

Corrupted Heap Termination Redux

2008-06-07 04:00:00 by sdl in The Security Development Lifecycle
 
...Buffer overrun: the next block header size does not match the expected current block size Buffer underrun: same as above, but the previous block header size does not match the expected current block size Attempting to free a free'd block (double-free bug Attempting to free a non 8-byte aligned block Passing a bogus heap handle, it could...
 
Tags: heap, free block list, block, handle, bogus heap handle, invalid, invalid heap, custom heap, block header