SEARCH RESULTS
 
Showing 1-10 of 36 records
 
Expand article

Buffer Overflows are like Hospital-Acquired Infections?

2007-09-16 12:35:00 by Security Retentive in Security Retentive
 
...buffer overflows tricky. Not impossible, but tricky. Given the attention to buffer overflows, the fact that we have tools to completely eliminate them from regular code, I'd say they fall into the same category as surgical tools left inside the patient - negligence A key quote from Lucien Leape of the Harvard School of Public Health Today,...
 
Tags: buffer overflows, infections, patient, buffer overflows tricky, errors, patient differences, avoidable errors, tricky, blatant surgical errors
 
 
 
 
Expand article

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

2008-06-09 00:36:29 by Editor in Irongeek's Security Site
 
...buffer overflows and memory corruption Ive recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intels term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with...
 
Tags: dep, data execution prevention, memory corruption, windows, configure dep protection, configure, memory corruption attacks, vista, buffer overflows
 
 
 
 
Expand article

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

2008-06-09 00:36:29 by Editor in Irongeek's Security Site
 
...buffer overflows and memory corruption Iâve recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intelâs term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability...
 
Tags: dep, data execution prevention, memory corruption, windows, configure dep protection, configure, memory corruption attacks, vista, buffer overflows
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...Buffer Overflow OverflowVulnCount Deployment Vuln Testing Tools Injection Flaws InjectionFlawCount Runtime Pen Testing Improper Error Handling NoErrorCheckCount Design Static Analysis Insecure Storage PercentServersNoDiskEncryption Runtime Manual review Application Denial of Service Runtime Pen Testing Insecure Configuration Management...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil compressed archive is decompressed. A lot of programs will automatically pass compressed data through gunzip, making it an interesting...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

MS08-067 and the SDL

2008-10-23 01:09:00 by sdl in The Security Development Lifecycle
 
...buffer overflow inside a loop; finding buffer overruns in loops, especially complex loops, is difficult to detect with a high degree of probability without producing many false positives. At a later date I will publish more of the source code for the function The loop inside the function walks along an incoming string to determine if a...
 
Tags: manual code review, code review, vulnerabilities, reduce security vulnerabilities, sdl, windows, windows server, sdl process fails, sdl process
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil compressed archive is decompressed. A lot of programs will automatically pass compressed data through gunzip, making it an interesting...
 
Tags: image, evil tiff file, evil, malicious image file, image height, evil image, libtiff image, tiff header values, values
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...buffer. This overwrites the saved EIP and SEH, and can be exploited for arbitrary code execution Could the SDL have caught this bug? Probably, either through fuzzing, code inspection or static-analysis. All of which are SDL requirements. With that said, integer overflows can be hard to spot. .SAM File Parser Vulnerability This bug is caused...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle
 
...buffer overrun defenses follows a somewhat similar pattern we started by prescribing coding techniques, banning the use of some APIs, and building tools that detect coding constructs that look like buffer overruns. As we gained a deeper understanding of how buffer overruns can be exploited, we enhanced the /GS compiler flag and added ASLR in...
 
Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers