The most famous buffer overflow attacks

Buffer Overflow Attack Prevention

Introduction

Buffers are regions of memory storage that temporarily store data while it’s being transferred from one location to another. A buffer overflow, also known as a buffer overrun, takes place when the volume of data is more than the storage capacity of the memory buffer. Resultantly, the program that tries to write the data to the buffer replaces the adjacent memory locations. If a user enters 10 bytes, that is 2 bytes more than the buffer capacity, the buffer overflow occurs. This problem generates a security breach in the system. For example, log-in credentials take 8 bytes in the memory buffer to write username and password.

In this article, we will explore what is Buffer Overflow attack, what are its types, why is it so dangerous, and what are preventive measures.

Most Famous Buffer Overflow Attacks

SQL Slammer: In 2003, a bug – termed as SQL Slammer – was implanted in Microsoft SQL. The bug was spread like a wildfire that doubles the size of the buffer after every 8.5 seconds, resulting in a loss of mobile phone coverage and internet outages across the world.

The Morris Worm: It was a buffer overflow attack that occurred in 1988 and resulted in the compromise of more than 60,000 machines. This fraud was also convicted under the Computer Fraud and Abuse Act.

Buffer Overflow Attack Prevention

Avoid Using C and C++ Languages: C/C++ are high-level programming languages that are vulnerable to buffer overflow attacks. Prefer using other programming languages such as Python, Java, and COBOL. These languages don’t allow direct access to memory.

Buffer Overflow Protection: The security of executable programs should be executed by detecting buffer overflows on stack-allocated variables.

Static Code Analysis: Use static application analysis tools such as Kiuwan to scan your code for buffer overflow vulnerabilities.

Bounds Checking: Avoid using standard library functions that do not bound checked such as strcpy, scanf, and gets. In fact, bounds checking in abstract data type libraries can reduce the occurrence of buffer overflows.

Executable Space Protection: Memory regions should be marked as non-executable. Doing so will prevent the execution of machine code in these regions.       

Use Modern Operating Systems: Modern operating systems have runtime protections that help mitigate buffer overflow attacks, such as randomly rearranging the address space locations of the main data areas of a process, avoiding knowledge of the exact location of important executable codes and assign a binary value, whether it is “executable” or “non-executable” in a memory area, protecting the non-executable area from exploits.

Conclusion (The Way Forward)

Threat actors exploit buffer overflows by overwriting the memory of the application. Doing so would prevent the normal functioning of the program. The most famous buffer overflow attacks are SQL Slammer and The Morris Worm. Buffer overflow attacks can be prevented by using modern operating systems, executable space protection, bounds checking, static code analysis, and avoid using C and C++ languages.

References

https://www.imperva.com/learn/application-security/buffer-overflow/

https://www.kiuwan.com/prevent-buffer-overflow/

https://www.synopsys.com/blogs/software-security/detect-prevent-and-mitigate-buffer-overflow-attacks/

https://www.cloudflare.com/learning/security/threats/buffer-overflow/

Access management in IT

Role of Identity and Access Management in Cybersecurity

Introduction

In IT security debates, projects aimed at managing access and identifying users are considered fundamental. However, the processes and technologies for controlling permissions have proved challenging. To solve this dilemma, what is now called Identity Access Management (IAM) was created, which involves the definition and execution of identification processes related to the most critical businesses for a company. For example, e-banking companies implement strict rules to verify identities before allowing them access to their websites.

In this article, we will examine how IAM helps and why it is important today.

The Consequences Of Problematic Access Management

When we do not have access control, it is practically impossible to guarantee that features are used only by their target users. If a problem occurs, the person responsible for the system is unable to track the person responsible for it. The lack of permission management allows users to have access to services not needed by them, making room for improper access and possible application failures. This may result in data breaches that cost millions of dollars and reputational damage.

Continue reading

5 Important Points of SIEM Evaluation Checklist

Over the past couple of years, the Security Information and Event Management (SIEM) solution has been recognized as an effective tool in the Security Operation Center (SOC) of organizations. Whether it comes to managing the multiple tools or meeting the compliance standards, SIEM has always been playing its crucial role. However, since there is a multitude of SIEM solutions available in the IT market today, selecting the right one is an extremely important but difficult task for enterprises. To this end, organizations must be familiar with the benefits of SIEM technology.

In this article, we will explore a 5-point checklist that would help you when you evaluate a SIEM system for your company.

Continue reading

Soar-case-management

What is Security Case Management?

A Security Orchestration, Automation, and Response (SOAR) platform enables your security team to focus on high-priority security events while the low-priority events are automatically dealt with. A SOAR platform helps in decreasing the response time while increasing the overall efficiency. Orchestration, Automation, and Response are three components of a SOAR platform that allow an organization to manage incidents comprehensively, automate repetitive alerts, streamline and collaborative for incident investigations, better defense against threats, and high return on investment (ROI).

Continue reading

coronavirus-and-cybersecurity

Coronavirus Impact on Cyber Security

The Coronavirus (COVID-19) pandemic is increasing tremendously and disrupting the global health at large extent, in addition to the damages to economics, social and political systems. More importantly, the digital world is also on the verge of destruction because, due to this menace, the people at large scale are compelled to work remotely and doing so will make them rely heavily on remote communication and digital tools. The cyber attackers are capitalizing this situation and attempting to compromise the confidentiality, integrity, and availability of data.

Continue reading