Buffer Overflow
A buffer overflow occurs when a program or process tries
to store more data in a buffer (temporary data storage area) than
it was intended to hold. Since buffers are created to contain a finite amount
of data, the extra information - which has to go somewhere - can overflow into
adjacent buffers, corrupting or overwriting the valid data held in them.
Although it may occur accidentally through programming error, buffer overflow
is an increasingly common type of security attack on data integrity. In buffer overflow attacks,
the extra data may contain codes designed to trigger specific actions, in
effect sending new instructions to the attacked computer that
could, for example, damage the user's files, change data, or disclose
confidential information. Buffer overflow attacks are said to have arisen
because the C programming language supplied the
framework, and poor programming practices supplied the vulnerability.
In July 2000, a vulnerability to buffer overflow attack
was discovered in Microsoft Outlook and Outlook Express. A programming flaw
made it possible for an attacker to compromise the integrity of the target
computer by simply it sending an e-mail message. Unlike the typical e-mail
virus, users could not protect themselves by not opening attached files; in
fact, the user did not even have to open the message to enable the attack. The
programs' message header mechanisms had a defect that made it possible for
senders to overflow the area with extraneous data, which allowed them to
execute whatever type of code they desired on the recipient's computers.
Because the process was activated as soon as the recipient downloaded the
message from the server, this type of buffer overflow attack was very difficult
to defend. Microsoft has since created a patch to eliminate the vulnerability
================================= Another Special Announcement - Tune in to my radio interview, on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.
www.amazon.com/author/paulbabicki
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
=============================================================
No comments:
Post a Comment