Spot the Vulnerability: Loops and Terminating Conditions
In memory-unsafe languages like C, special care must be taken when copying untrusted data, particularly when copying it to another buffer. In this post, we’ll spot and mitigate a past vulnerability in Linux’s NTP daemon.
In 1997, a flaw was discovered in how Linux and Windows handled IP fragmentation, a Denial-of-Service vulnerability which allowed systems to be crashed remotely.
Art & Logic has worked on an increasing number of security and privacy-related projects in recent years. Through my consulting work on these projects, I’ve gotten to know several security consulting firms — very smart folks like the Citadel Information Group and Digital Maelstrom. If you want to make yourself too anxious to sleep at night, take a security expert out to lunch and ask them about all of the ways in which your personal information is vulnerable at home, work, and on the internet. It will be an eye-opening experience! You’ll hear about encryption standards, key management, multi-factor authentication, SQL injection, DDoS attacks, men in the middle, attack vectors, AppSec, OWASP, Pen Tests, social engineering, black hats, white hats, grey hats and one hundred different terrifying data breaches (Target, Sony, Anthem, Home Depot and the like).
Are you thinking about the Internet of Things (IoT)? Maybe you should be — a whole new class of devices with previously unthought of capabilities is beginning to appear on the market. Corporate juggernauts and lean startups can both play the game, with home and personal devices from names like Google, Amazon, and Apple shelved alongside smartwatches from Pebble, connected LED bulbs from LIFX, and doorbell cameras from August.
The age of the Personal Area Network and the fully-connected, automated home is on the horizon, with some estimates expecting 26 billion IoT devices connected globally by 2020. Other estimates say 40 billion. Consumers and businesses have proven that they’re interested, and there are some exciting possibilities emerging for a company with a good idea.
So, now that you’re thinking about the Internet of Things, are you thinking about security for your IoT devices?
You most definitely should be. (more…)