Buffer Overflows | The Basics - 2 For Programmers
As discussed earlier buffer overflow is nothing but overflowing memory space, it can exist in any kind of software either it executes locally on your desktop or it is software which requires to connect different system remotely, a website, a web application server etc. You may have heard it from several security professionals that existence of buffer overflow shows that in spite of spending so many years of writing and developing programs we still don't have knowledge how to program.
I feel that above statement is partially true, because though we still don't have very sound knowledge of programming, there is one more thing due to which many software become vulnerable. And that thing is intentionally trying to boost performance of software rather than trying to use good and better hardware.
Why ? Because whenever a boost in performance is needed original code is replaced by its similar code variant using assembly codes or programming languages which uses assembly routines (example C, C++) because they produce results much faster. And to give better performance dynamic memory allocation is used, memory is locked and then freeing is also done (example: creation of link list with undetermined number of nodes, remember commands like, malloc, calloc and free).
Such codes are harder to maintain, harder to understand, bigger in size and even harder to debug. If you have been working as system level programmer the above stuff must not be difficult for you to understand.
Though buffer overflows can exist in any kind of program, not all of them are vulnerable, also at present criminal hackers are more interested in finding and exploiting applications that need internet connection. For those who can understand this I mean programs in which Application Layer vulnerability exits and provides remote execution of programs.
Why Buffer Flow Vulnerabilities Are Easy To Exploit?
This is biggest myth that they are easy to exploit because unless you are hardcore programmer there's no way you could ever exploit buffer overflow vulnerabilities. They are easily exploitable just because new exploits are found everyday and patches are released once a month. But this doesn't stop programming masters, they go on work to develop a code to exploit it and as soon as it gets ready, if not 1000s but 100s of different codes that can exploit same vulnerability in different way gets published on 1000s of website.
Easy availability of exploit makes it easy to exploit, but if you don't know programming these codes will be of no use to you.
Why Buffer Overflow Information Gets Easily Available To Everyone?
Stupid Commercialization Stuff : Information security companies are always in race to find vulnerabilities first and tell world that they did it first. But rather than telling software owner they declare it in public by their website, security magazines, e-zines and newsletters. They do this because they get commercial reputation due to publicity that we were first.
Actually they can tell software owner about vulnerability patch it and then declare. But by doing so there might be catch, what if after patching vulnerability software owner declares the vulnerability never existed or they found and patched it. They will loose reputation that might have brought them more projects. Need not to say, but too much commercialization is not only making suffer our personal security and personal life but also online security and e-commerce sites.
No Protection Against Hardware Protocol Analyzer :
You might have seen in several movies a hacker attaches a device on network of wires and he gets all data running from it. Though they do more show off than real hacking stuff to make it appear (which surely its not), those devices do exist and are known as hardware protocol analyzer. Hardware Protocol Analyzer may be of different kind. Google it for more information.
One way to provide protection is to use high level encryption before transmitting data which of course will increase cost of infrastructure. So pay less for infrastructure and get vulnerable. Note that this protection is needed because some buffer overflow attacks are hardware dependent.
Why Windows Systems Are More Vulnerable Than Linux Or Unix :
In windows operating system all files are explicitly associated with some program. Whereas in Unix and Linux systems every file is treated as text file unless you explicitly associate it with some other program. Other problem is autoplay.inf and DLL files in windows, in windows auto-play option is enabled by default and if you can write autoplay.inf file, then you can exploit any windows system very easily.
Third thing DLL files also known as dynamically linked libraries, are actually programming components that can be used by different programs. DLL hooking is a process via which one DLL file can be easily linked to another DLL file. The file is already dynamic in nature as its name states and it can also be linked with another DLL file, such things don't exist in Linux or Unix because in them programs are single, small binaries, you can write programs to call them simultaneously or one by one but direct linking is not possible.
Above discussion doesn't mean Linux and Unix systems aren't vulnerable, it just means windows is more vunerable.
I hope you find this article useful as basic because in future posts we'll take everything to more advanced level. Don't forget to subscribe to keep getting updates. Thanks for reading and have a nice day.