You’ve probably noticed cybercrime has raised unbelievably in the last few years. Password’s stealing trojans are “hosted” on the millions of computers all over the world. There’s no surprise a lot of user’s accounts are hacked and robbed. For many users IT security doesn’t have as high priority as it should, but it’s always better now than let’s say 5 years ago.
Continue reading Why use firewall?
|
|||||
|
Although there are a lot of great papers about buffer overflow in Linux, I think that Windows IT professionals don’t have so many sources to understand Windows buffer overflow issues. If you are interested in Windows and want to understand the principles of buffer overflow attacks, this article would be just for you. What is buffer overflow?Buffer overflow is one of the most exploited vulnerabilities today. Although it’s one of the oldest ones, many professional Windows administrators don’t understand it well. The reason of the problem is copying the higher amount of bytes to the memory than it really has allocated. For example take a look at the sample array with 30 allocated bytes – char some_array[30]. The whole user input (let’s say from username field) will be copied to 30 byte’s long array– strcpy(some_array, username_array). Everything’s right, unless the inputted user name is 29 chars long or less. If you inputted 30 or more chars, the application would crash and Windows shows up an error message. Right now, we should take a look at the technique what is used by hackers to exploit the buffer overflow vulnerabilities and how to avoid buffer overflow bugs. I will show you the base of the buffer overflow in the simple proof-of-concept application and how easy it is to launch certain code by hackers. This exploitation demonstrate just redirecting the code flow instead of launching own shellcode. I decided so to keep this example as simple as it can be and to be easily understood by the most of readers. This test vulnerable application and exploit was written in Dev-Cpp, which uses mingw32 compiler. The vulnerable application is really simple. It takes an argument and try to copy it to the 56 bytes length char array (the 56th byte is zero byte). That means application can hold at most 55 bytes (chars)+ zero byte. If you filled the application with 56 or 57 chars, it wouldn’t probably crash, but it is possible. Very much depends about the compiler settings and it’s optimization level, however 100 chars is really enough to crash this application for the most times. 9 . Web browser history and saved passwords The next lines are especially important to read for the users who are using web from public computers (internet cafe, libraries etc.). There is a lot of surfers who don’t bother to delete web browser’s history in the end and some of them even allow the browsers to save their passwords.
You can delete Firefox’s history in Tools->Clear Recent History
And check off what to delete and the time range And again in the most cases that’s because of low knowledge in this area. But everybody of you probably know it’s very common to not just small number of users to click at every question box on the answer “Yes”. If you clicked on “Yes” that’s not the browser’s fault if it saves your login name and password. |
|||||
|
Copyright © 2012 WinIntSoft.com - All Rights Reserved |
|||||
