Busted Buffer: How To Prevent It - InformationWeek
IoT
IoT
Feature
News
7/1/2005
01:00 PM
50%
50%

Busted Buffer: How To Prevent It

The best defense against buffer overflows is to write code properly to prevent them in the first place.

Buffer overflows are a common weapon in the attacker's arsenal. In a basic buffer overflow, the attacker sends a specially crafted attack to a computer running software that's known to be vulnerable to buffer overflows. This attack has more data than can be contained in a section of memory known as the buffer. The excess data flows out of the buffer and into another area of memory and changes the normal process by which the computer operates. The computer will then execute the attacker's code as if it were part of the regular application or program.

If the attacker has written the attack code correctly, the computer will follow whatever instructions are in the code, such as enabling remote access, executing a program, or getting the attacker closer to complete control of the target. If the code is flawed, the application--and possibly the computer--will crash. Thus, even an unsuccessful buffer-overflow attack can disrupt service or otherwise harm the target.

The best defense against buffer overflows is to write code properly to prevent overflows in the first place. Unfortunately, a great many software applications still are created with overflow vulnerabilities, which means other defenses must be employed. Many host-based intrusion-protection systems include buffer-overflow protection as part of a larger defense against malware.

The classic paper describing buffer overflows is titled Smashing The Stack For Fun And Profit, by Aleph One. You can find it online at www.phrack.org by searching for issue 49-14. Also check out the books Security Warrior (O'Reilly, 2004) by Cyrus Peikari and Anton Chuvakin and Building Secure Software (Addison-Wesley, 2001) by John Viega and Gary McGraw.

Illustration courtesy of Andrew Shachat/Veer

Return to main story, Keep Attackers At Bay

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
Getting DevOps Wrong: Top 5 Mistakes Organizations Make
Bill Kleyman, Writer/Blogger/Speaker,  11/2/2018
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll