Pure Binary

Just now I listened to a brdocast by MIT guy on Malware threats and I encountered an attack technique known as Buffer Overflow Attack. I had heard about this attack before but to know how it works I did some research. I am posting what I understood and perhaps you will like it.

Buffer overflow is one of the most common attack techniques used by hackers. Most importantly it is often undetectable, and above that, most of the home build programs or code are vulnerable to such threats. I can gaurantee that all the codes that you wrote since your school and all the applications you build till date is vulnearable to buffer overflow attack. Code wriiten in unsafe languages such as C++ are more prone to such threats. Infact these days buffer overflows are a favorite exploit for hackers. You will be surprised to know that the vast majority of patches that Microsoft releases oftten in its updates actually fix unchecked buffer problems. However the applications developed in our house just as susceptible as commercial applications to buffer-overflow attack. And this is the only reason why freewares are not accepted as standard software in IT firms.

A buffer overflow takes advantage of a program that is waiting on a user’s input. Buffer overflow attacks can of two types – first is stack based and the other is heap based. Heap is nothing but a free pool of memory used by compilers to dynamically allocate the memory to running program. Heap-based attack basically flood the memory space reserved for a program, however this attack is rare due to the complexity involved. On the other hand stack-based buffer overflow is much easier and often used.

I could explain you this in my own words but it would be better if I quote from a technical article published at SearchWindowsSecurity.com as it would an unaltered version for you. Article goes like this:

“In a stack-based buffer overrun, the program being exploited uses a memory object known as a stack to store user input. Normally, the stack is empty until the program requires user input. At that point, the program writes a return memory address to the stack and then the user’s input is placed on top of it. When the stack is processed, the user’s input gets sent to the return address specified by the program.

I hope you liked this article from SearchWindowsSecurity.com. Please post your comment and some other security issues if you have encountered or solutions which think is applicable. If you want to know about how You can prevent buffer-overflow attacks then follow the link associated.

Tags: Security Issues by Deepak
No Comments »

Those who have some knowledge about the Computer Networks and Network Security, Kerberos might not be a new term. Kerberos Protocol is basically an authentication service which was originally worked out at Massachusetts Institute of Technology (MIT) as a part of Project Athena. Kerberos is the term derived somewhere from the Greek Mythology. Kerberos in Greek Mythology is a three headed dog and serpent tail who guard the entrance of Hades. The function of Kerberos in computer networks is analogous to that, authentication, accounting, and audit being its three heads. However the later two have not been implemented yet. Kerberos enable the servers in the distributed environment to restrict access to authorized users and to authenticate requests for service for the users at workstations. In distributed environment server can not always identify the users correctly as one may impersonate and gain access to the network. Moreover there is always the risk of Eavesdropping which can result in allowing the unauthorized user to gain the access the services restricted otherwise. That is why Kerberos came to existence as it provides a centralized authentication server that uses Symmetric Encryption techniques to authenticate the users to servers as well as server to users.

Kerberos have 5 known Versions of which first three versions were the just the development versions. Kerberos Version 4 was implemented as the original Kerberos. However Kerberos Version 5 has also evolved which corrects some pitfalls of the previous version. You should refer to RFC 1510 for detailed description of the versions of Kerberos.

Tags: Security Issues by Deepak
No Comments »

If you are very interested to know about the victory of Barack Obama in the US presidential elections or any other information about Barack Obama on the internet then you could be the easy target for spams, Trojans and viruses. Don’t get surprised, it isn’t personally related to US president but the attackers and the hackers are exploiting the people’s curiosity about the election result. You must not trust any link which you think can open a video or give information you need about the election results as they may redirect you to the malicious website downloading Trojans and rootkit to your PC, and may steal some vital information from your system. Recently when users were trying to open a video link to listen to the Obama’s acceptance speech, Trojan got installed to their system via malicious website. According to some websites hackers also infected and stole information from a renowned Travel Website in similar fashion. The Trojan file’s name was BarackObama.exe. Earlier this year some ticks such as a survey on the election etc were used to spread the virus.

So do not trust on any anonymous links or video. View the result and reviews on trusted and known websites, such as news channel websites. Do not give your credits card details at any website which promises to offer you the free gift. It could be phishing website i.e. fake website simulating the authenticated websites like PayPal etc. Nothing is free in this internet world my dear and you need to believe this. Phishing Websites may use the name of good brands and reputed names like CNN, Time Magazine etc. So beware and stay safe.

Tags: Security Issues by Deepak
No Comments »

Gone are those days when low capacity Floppy diskettes were used for storing and transferring the data. Not only were they slow but also had short life time. After floppy disks, technical world switched to the Compact Disks. Re-Writable disk was a great achievement in this regard. But the 700 MB CDs are definitely not sufficient in today’s data centric world. So DVDs largely replaced CDs. Though both are still in use, but advent of USB i.e. universal serial bus technology has changed the trend followed in data. USB drives also known as PEN Drives are smaller than Floppy disks and depending on the prices it can have capacity varying from 64 MB to 64 GB. It offers an advantage over all the above as it is highly portable and has comparatively longer life. Owing to its low cost, low power consumption and small size it is now choice of every user, and needless to say that it has already reached to hands of most of the users. But the latest trend observed in the computer security breaches and spread of virus and worms have revealed that USB devices have become the easiest tool ever to spread the worm, infect your PCs and Laptops and attack other computers connected to your computer. USB drives are very insecure as mostly they are not write protected. Whenever you insert your USB drive to any infected PC, worms can ride on your USB data traveler, and when you use the device again with other PCs it get transmitted. USB allows the threat to spread even faster than plague. So before you use your USB you should be careful as either your USB or the machine you are working on may contain the virus. Your antivirus suit must be updated otherwise your PC can be infected easily while you are surfing on internet.

Actually autorun feature enables the virus to load into memory as soon as you insert your PEN drive. These threats were with CDs and DVDs too but since they could not be over written so the threats were limited. But in case of USB, worms get collected from all the PCs it was used with and the result could be disastrous. One of the recommended steps is to disable the autorun from the registry and scan the USB drive every time you plug it in. If your antivirus is out of date then view the content of USB drive using command prompt. I use the same procedure and it has worked well till now. Don’t know why but with command prompt the virus in the device were inactive. It could be due to the disabling the autorun from registry.

To disable the Autoplay visit How to disable Autoplay at ALC2005.com.

You can follow what I do often to check myself for worms and viruses:

1. Start|Run|cmd

// To open command prompt
2. I:

// changing the drive to USB’s drive assuming that it is I drive.

3. Dir /AH

// this is the DOS command to view the hidden content of the directory. It is highly useful especially when you “folder options” is disabled by the Trojans.

4. See the contents of the directory by above command and find if there is any unwanted file with suspected extensions such as .exe, .vbs or the file with multiple extensions such as xyx.txt.exe.

5. If such file exists then delete it forcefully as they may not be deleted by simple delete.
Type following:
I:> del /f /AH

Apart from this you should always access your PEN drives by right click and explore option. Hope these steps would help you. Please write comments for any queries and related threat problems.

Tags: Security Issues by Deepak
No Comments »