Buffer overflow x monkeyuser.com
Everyone enjoys their coffee hot… As long as the amount of coffee fits perfectly into the cup. Otherwise, the exact moment it overflows the edge, it turns into a malicious liquid that makes lots of mess in the kitchen, and you are not exactly in a cleaning mood.
When it comes to computers, it’s exactly the same. We like our data in the place it’s supposed to be, the data length as intended, not overwriting other data and receiving unexpected results.
Read more and check our tips.
Let’s start with a brief history lesson and take a look at the Morris worm, one of the first of its kind. It exploited a buffer overflow vulnerability in a popular version of a finger daemon, which was used to exchange information about computer systems and its users. This incident shut down 10% of the global internet. Well except Finland, which was not connected to the internet back then.
Another famous worm – SQL Slammer – comes from 2003. It exploited a buffer overflow issue in Microsoft SQL Server and Desktop Engine found 6 months earlier by a researcher. Even though the patch had been already released at that time, it was left unfixed by many institutions, allowing the worm to affect 75000 victims in 10 minutes.
Heartbleed is also an interesting case – not exactly buffer overflow, but a so-called buffer over-read, which means that a program proceeds to read more than expected. It was possible to access web server memory and get for example POST requests data from other users. Curious? Check out Computerphile.
And what about an integer overflow? Imagine an odometer with all digits set to 9. What happens after one more kilometer? That’s right – it’s all zeros again! Anyway, if you’re interested in a real-case scenario, we recommend this.
Also, have you heard about Axis Communications security camera and Devil’s Ivy? An integer overflow in gSOAP resulted in an RCE. Exploited, allowed an attacker to access the video feed, which is definitely not something we expect from a security camera.
As you can see, this problem is pretty simple to fix. If your espresso cup is only 30ml, don’t trust coffee machine settings – check it! Or else you may end up with coffee on your shoes…
Remember – input validation is the first line of defence, not only against buffer overflows.
Subscribe our newsletter and stay in touch with us.
The comics were created in collaboration with monkeyuser.com