SecurityRatty: tag: buffer

Buffer Overflows are like Hospital-Acquired Infections?

2007-09-16 12:35:00 by Security Retentive in Security Retentive

...buffer overflows tricky. Not impossible, but tricky. Given the attention to buffer overflows, the fact that we have tools to completely eliminate them from regular code, I'd say they fall into the same category as surgical tools left inside the patient - negligence A key quote from Lucien Leape of the Harvard School of Public Health Today,...

Tags: buffer overflows, infections, patient, buffer overflows tricky, errors, patient differences, avoidable errors, tricky, blatant surgical errors

SQL Server PerfMon counters for access methods and buffer manager

2008-04-29 13:18:07 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

...buffer manager in SQL Server, that is, keep an eye on lazy writer, page utilization and how quickly pages age out of the buffer

Tags: sql server, sql server counters, buffer manager, buffer, sql server dba, perfmon counters, quickly pages age, access method counters, lazy writer

SQL Server memory configurations for procedure cache and buffer cache

2008-06-10 11:11:06 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

To determine how much memory your SQL Server database uses for buffer cache and procedure cache, factor in the SQL version you're using, whether it's x86, x64 or Itanium and the amount of memory allocated to the SQL Server instance. SQL Server expert Denny Cherry lays out how the system configures memory and how to allocate the amount of buffer...

Tags: memory, procedure cache, buffer cache, buffer, system configures memory, sql server instance, sql server database, sql version, amount

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

2008-06-09 00:36:29 by Editor in Irongeek's Security Site

...buffer overflows and memory corruption Ive recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intels term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with...

Tags: dep, data execution prevention, memory corruption, windows, configure dep protection, configure, memory corruption attacks, vista, buffer overflows

Buffer overflows can be prevented by GS cookies

2008-07-01 09:25:40 by Joel Scambray in WhatIs: Enterprise IT tips and expert advice

Buffer overflows have plagued Windows users for years, but by using a compile time technology known as GS cookies, you can prevent them from damaging your Windows shop

Tags: buffer overflows, compile time technology, cookies, windows users, windows shop, prevent

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...Buffer Overflow OverflowVulnCount Deployment Vuln Testing Tools Injection Flaws InjectionFlawCount Runtime Pen Testing Improper Error Handling NoErrorCheckCount Design Static Analysis Insecure Storage PercentServersNoDiskEncryption Runtime Manual review Application Denial of Service Runtime Pen Testing Insecure Configuration Management...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog

...buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil compressed archive is decompressed. A lot of programs will automatically pass compressed data through gunzip, making it an interesting...

Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

...buffer. This overwrites the saved EIP and SEH, and can be exploited for arbitrary code execution Could the SDL have caught this bug? Probably, either through fuzzing, code inspection or static-analysis. All of which are SDL requirements. With that said, integer overflows can be hard to spot. .SAM File Parser Vulnerability This bug is caused...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...buffer overflows is a lot easier than complicated business logic attacks, multi-step attacks against distributed systems, etc We haven't answered whether there are more Architectural/Design defects or Implementation defects, but from an exploitability standpoint, its fairly clear that implementation defects are probably the first issues we...

Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo