Comp Security- Week 3 Flashcards

1
Q

Low level security

A

Related to programming language itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

High level security

A

Related to security properties/objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

bug

A

a place where real execution behavior differs from expected behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

control flow hijack objective:

A

gain control of instruction pointer %eip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

denial of service objective:

A

cause program to crash or stop servicing clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

information disclosure objective

A

leak private info such as saved pass

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

control flow hijack attacker goal and ex

A

goal to take over target machine by executing arbitrary code by hijacking applications control flow
ex. make eip change to what attacker downloaded
ex. buffer overflow and string format attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

heartbleed attack

A

SSL protocol allows you to secure web
The magic word is sent to clients to make sure theyre still connected to server and the server responds back
Problem: if magic word is 6 letters and an attacker sends more than that it causes a buffer overflow since the server is forced to write more when there was only space dedicated for 6 so extra letters are written in memory in a place that wasnt dedicated for that
the server overwrites and when it responds back it also sends what was prev saved in memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

for heartbleed what does attacker need to know

A

the cpu and os in target machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly