Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Buffer Overflow Attacks", James C. Foster et al

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Buffer Overflow Attacks", James C. Foster et al
Date: Thu, 27 Jul 2006 12:02:42 -0800 
BKBUOVAT.RVW   20060705

"Buffer Overflow Attacks", James C. Foster et al, 2005, 1-932266-67-4,
U$34.95/C$50.95
%A   James C. Foster
%A   Vitaly Osipov
%A   Nish Bhalla
%A   Niels Heinen
%C   800 Hingham Street, Rockland, MA   02370
%D   2005
%G   1-932266-67-4
%I   Syngress Media, Inc.
%O   U$34.95/C$50.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1932266674/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1932266674/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1932266674/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   497 p.
%T   "Buffer Overflow Attacks: Detect, Exploit, Prevent"

As an antivirus researcher, I got used to reading the various blackhat
"zines."  It was instructive to note that there were, occasionally,
cute discoveries or tricks to be found therein, but also that much of
the material was rather banal.  It was also annoying to have to plow
through the turgid prose of these posturing self-proclaimed experts,
full of attitude (of the keepers of the secret, sacred knowledge),
devoid of structure, and without any consideration of the reader's
needs or probable technical background.

Reading this book rather took me back.

I can fully sympathize with the statement that "[b]uffer overflows are
proof that the computer science, or software programming, community
still does not have an understanding (or, more importantly, firm
knowledge) of how to design, create, and implement secure code."  More
and more, we are seeing evidence that software errors are responsible
for huge security problems in our information systems, and buffer
overflows are possibly the largest single class of instances that we
see on a regular basis.  Moreover, buffer overflows, while they have
been around since the first time someone tried to punch 81 characters
onto an 80 character card, are something that we do know how to
prevent.

But this book does not address the topic effectively.

Part one is supposed to be about buffer overflows fundamentals. 
Chapter one, rather ironically entitled "Buffer Overflows: the
Essentials," is a confused aggregation of random information,
contradictory statistics, and a glossary of some programming related
terms.  Chapter two purports to give us an understanding of shellcode,
but doesn't give us any proper definition other than that this is the
type of code that gets used *after* a buffer overflow vulnerability
has been exploited.  As such, this material is more relevant to a
possible discussion of rootkits, rather than buffer overflows.  More
miscellaneous assembly language background, without much depth or
pedagogical value, is provided in chapter three.  The very terse
chapter four mentions, but does not fully explain, stacks and heaps,
and then refers to registers without illustrating them at all.  At
this point in the book there is the first section of "case studies,"
which are little more than pages of various types of exploit code.

Part two purports to cover the exploiting of buffer overflows. 
Chapter five presents a basic (but inferior) explanation of stack
overflows, and then provides (but does not illuminate) lots of C code
(specific to Linux).  Rather than untangling heap corruption, as the
title promises, chapter six lists a variety of C language functions
without demonstrating much about their relevance.  Format string
attacks, in chapter seven, are very poorly defined, although the text
seems to indicate that the authors are referring to a special case of
malformed data that is pertinent only to programs written in C.  Much
of the material that has been presented up to this point is simply
repeated in chapter eight's alleged review of Windows buffer
overflows.

Part three, about finding buffer overflows, consists solely of chapter
nine, which lists various tools for alerting developers to potential
flaws in source code.

Software security has been neglected for too long, and buffer
overflows are an important topic.  However, this work, while it does
have some points to make, is extremely poorly written, and those who
wish to learn about the topic would have a hard time with it.  Even
though they are not specific to the subject, the more general
references of "How to Break Web Software" (Andrews and Whittaker, cf.
BKHTBWSW.RVW) and "Software Security: Building Security In" (Gary
McGraw, cf. BKSWSBSI.RVW) are more helpful in this regard, and
particularly "Exploiting Software" by Hoglund and McGraw (cf.
BKEXPLSW.RVW).  If you want code examples more than explanation you
might want to look at "Building Secure Software" by Viega and McGraw
(cf. BKBUSCSW.RVW).

copyright Robert M. Slade, 2006   BKBUOVAT.RVW   20060705


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
If you write in an amusing manner, even the bitter truth will be
consumed and digested.                               - Martin Luther
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Buffer Overflow Attacks", James C. Foster et al, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] cobit 4.0 mapping, Parthasarathy p.r.
Next by Date:  [CISSP-D] requirements to sit for the CISSP exam, mila18m
Previous by Thread:  [CISSP-D] cobit 4.0 mapping, Parthasarathy p.r.
Next by Thread:  [CISSP-D] requirements to sit for the CISSP exam, mila18m
Indexes:  [Date] [Thread] [Top] [All Lists]