Political Forums  

Go Back   Defending The Truth Political Forum > Discussion > Science and Technology

Science and Technology Science and Technology Forum - For topics and discussions about the sciences and technology


Reply
 
LinkBack Thread Tools Display Modes
Old March 15th, 2010, 03:00 PM   #1
Senior Member
 
HotshotGG's Avatar
 
Join Date: Jan 2006
Location: Boston, MA
Posts: 244
In Repsonse to the Mozilla Firefox 3.6 0-day exploit and other software exploits:

Question: A lot of people often ask how malware actually ends up on a compromised machine?



Answer: The most common ways this occurs is through "buffer overflows" [1][3]. An effective way to create a counter attack against this for security reasons so that it doesn't happen is safeguard against "buffer overflows" in most programming languages off the bat is not to leave any "dangling pointers" if you are doing memory allocation routines for example in a language like C. This article shows you how memory can spill over into adjacent block on the stack and provides you with some examples if you want to see how to protect against if for security reasons and your a software developer or I.T person in the "know". You need to know how to work with a compiler like GCC in Linux for example and how to write code in C [3] at last at the introductory level or else you will be completely lost and trust me it's best to not try compiling or playing around with this until you understand it up to intermediate level at least with pointers! One way developers are avoiding this is to use "type" safe languages, but even then there are still issues with that.



Example: The "Code Red" virus in 2001 did just that. It exploited a buffer overflow in Microsoft IIS 4.0 Web Servers back in 2001 [2] and allowed the attacker to server causing it to redirect to sites were it could be used to spread malware! (DNS Cache Poisoning) or sometimes "Pharming". Back then though malware was primitive and they weren't any sophisticated attacks like the one mentioned above nor did large scale botnets exist!



References:



1. Linux Journal. "Buffer Overflow Attacks and Their Countermeasures". http://www.linuxjournal.com/article/6701 accessed 15 Mar 2010. 10 Mar 2003.

2. Zou, CC. "Code Red Worm Propagation Modeling and Analysis". 2002. accessed 21 Aug 2010. http://www.google.com/url?sa=t&sourc...0TPCyQ&cad=rja

3. Erickson, Jon. Hacking: The Art Of Exploitation Second Edition. No Starch Press. 2007. ISBN-13: 9781593271442.
HotshotGG is offline  
Reply

  Defending The Truth Political Forum > Discussion > Science and Technology

Tags
0day, exploit, exploits, firefox, mozilla, repsonse, software



Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disgraceful Media Exploits Childrens Horror And Suffering skews13 Current Events 7 December 17th, 2012 09:17 AM
Hershey Exploits East European Exchange Students garysher Current Events 0 October 17th, 2011 06:36 PM
Anti-Virus Software 0-Day Exploit "Showdown"! HotshotGG Science and Technology 0 June 5th, 2010 08:34 AM
Mozilla Firefox 3.6 plenitude String 0-day exploit Dude111 Science and Technology 3 March 16th, 2010 06:32 AM
Firefox 3.0 ready to go! mikelew007 Science and Technology 10 June 26th, 2008 12:13 PM


Facebook Twitter RSS Feed



Copyright © 2005-2013 Defending The Truth. All rights reserved.