Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« NIST Releases New Guidelines for Securing Web Servers | Main | Ghost Gave my IT Career a Jump-Start... »

The Best Laid Plans in Code Protection...

Sometimes the best laid plans really do go to waste. Peter Varhol over at Redmond Developer News posts a revealing article about the Law of Unintended Consequences when it comes to implementing code protection techniques into modern O/S's.

You see, developers write exception handlers to catch errors and prevent the system from crashing when malware tries to attack it. But, sometimes the way in which they handle the exceptions actually enlightens the attacker into how to further compromise the system.

Peter talks about two examples where this has occurred recently in Windows Server. The first...

...is the recent and highly publicized ANI file bug. The second is in what he now believes to be the flawed implementation of random assignment of memory pages for certain system code elements.

Peter writes,

"If the vulnerable code is wrapped in an exception handler that catches many errors, a failed attempt won't crash the component and the attacker can try again with a different set of addresses," Howard says in a blog posting.

So the exception handler did exactly what it was supposed to do -- prevent an error within the code it wrapped to cause an application fault. But that same exception handler also prevented the attack simulation tool used by Microsoft to show that there was a potential vulnerability in the code. The simulated attack should have crashed the code, but the well-written exception handler enabled it to continue running. And, of course, that's exactly what it does when a real attack occurs."

Its a great piece and one to read, even if you don't fancy yourself interested in software development. Check it out at:
http://reddevnews.com/columns/article.aspx?editorialsid=1784

Tags:          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on June 21, 2007 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/216

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.