Busted Buffer: How To Prevent It - InformationWeek
01:00 PM

Busted Buffer: How To Prevent It

The best defense against buffer overflows is to write code properly to prevent them in the first place.

Buffer overflows are a common weapon in the attacker's arsenal. In a basic buffer overflow, the attacker sends a specially crafted attack to a computer running software that's known to be vulnerable to buffer overflows. This attack has more data than can be contained in a section of memory known as the buffer. The excess data flows out of the buffer and into another area of memory and changes the normal process by which the computer operates. The computer will then execute the attacker's code as if it were part of the regular application or program.

If the attacker has written the attack code correctly, the computer will follow whatever instructions are in the code, such as enabling remote access, executing a program, or getting the attacker closer to complete control of the target. If the code is flawed, the application--and possibly the computer--will crash. Thus, even an unsuccessful buffer-overflow attack can disrupt service or otherwise harm the target.

The best defense against buffer overflows is to write code properly to prevent overflows in the first place. Unfortunately, a great many software applications still are created with overflow vulnerabilities, which means other defenses must be employed. Many host-based intrusion-protection systems include buffer-overflow protection as part of a larger defense against malware.

The classic paper describing buffer overflows is titled Smashing The Stack For Fun And Profit, by Aleph One. You can find it online at www.phrack.org by searching for issue 49-14. Also check out the books Security Warrior (O'Reilly, 2004) by Cyrus Peikari and Anton Chuvakin and Building Secure Software (Addison-Wesley, 2001) by John Viega and Gary McGraw.

Illustration courtesy of Andrew Shachat/Veer

Return to main story, Keep Attackers At Bay

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
AI as a Human Right
Guest Commentary, Guest Commentary,  3/8/2019
How to Become a Master Scrum Master
John Edwards, Technology Journalist & Author,  2/28/2019
TaylorMade IT Spin-Off Taps Cloud Database
Jessica Davis, Senior Editor, Enterprise Apps,  2/15/2019
Register for InformationWeek Newsletters
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll