About this page.

This blog was originally just going to be my Security assignment for electronic logs, but it has now evolved just a bit. In this blog will will find my notes and anything else we do in these classes.

Thursday, February 9, 2012

More Chapter 3

Sorry about the order!  I had an appt in Johnson City on the second and had to get the notes.  Here they are, in all the out-of-order glory!


Test Today on Chapter 2

Client-Side Attacks cont'd

  • Session hijacking
    • Attacker attempts to impersonate user by stealing or guessing session token
  • Malicious addons
    • Browser extensions provide multimedia or interactive Web content
    • Active X addons have several security concerns

More after the Break!

  • Buffer overflow attacks
    • Process attempts to store data in RAM beyond boundaries of fixed-length storage buffer
    • Data overflows into adjacent memory locations
    • May cause computer to stop functioning
    • Attacker can change "return address"
      • Redirects to memory address containing malware code
    • Normal process:
      • Program instructions
      • Buffer storing interger data
      • Buffer storing character data
      • Return address pointer
      • Jump back to start
    • Buffer overflow process (corrupted)
      • Program instructions
      • Buffer storing interger data
      • Buffer storing character data  [Malware]
      • [Fill and overflow buffer]
      • Return address pointer [New pointer]
      • Jump back to Malware
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)