Comp Security- Week 3 Flashcards
Low level security
Related to programming language itself
High level security
Related to security properties/objectives
bug
a place where real execution behavior differs from expected behavior
control flow hijack objective:
gain control of instruction pointer %eip
denial of service objective:
cause program to crash or stop servicing clients
information disclosure objective
leak private info such as saved pass
control flow hijack attacker goal and ex
goal to take over target machine by executing arbitrary code by hijacking applications control flow
ex. make eip change to what attacker downloaded
ex. buffer overflow and string format attack
heartbleed attack
SSL protocol allows you to secure web
The magic word is sent to clients to make sure theyre still connected to server and the server responds back
Problem: if magic word is 6 letters and an attacker sends more than that it causes a buffer overflow since the server is forced to write more when there was only space dedicated for 6 so extra letters are written in memory in a place that wasnt dedicated for that
the server overwrites and when it responds back it also sends what was prev saved in memory
for heartbleed what does attacker need to know
the cpu and os in target machine