desktop security software  
security desktop order software software library technical support

security desktop

Home

Desktop Security

Internet Security

PC Time Limit

Protect Files

Security FAQ

Windows Tips

Internet FAQ

 

limit, kids, pc, time, security, desktop, child, online, limits, password, control, user, restrict, access, protect, privacy, internet, children

 

 

 

Weaknesses in How Protocols and Software Are Implemented

Even when a protocol is well designed, it can be vulnerable because of the way it is implemented. For example, a protocol for electronic mail may be implemented in a way that permits intruders to connect to the mail port of the victim's machine and fool the machine into performing a task not intended by the service. If intruders supply certain data for the "To:" field instead of a correct E-mail address, they may be able to fool the machine into sending them user and password information or granting them access to the victim's machine with privileges to read protected files or run programs on the system. This type of vulnerability enables intruders to attack the victim's machine from remote sites without access to an account on the victim's system. This type of attack often is just a first step, leading to the exploitation of flaws in system or application software. Software may be vulnerable because of flaws that were not identified before the software was released. This type of vulnerability has a wide range of subclasses, which intruders often exploit using their own attack tools. For readers who are familiar with software design, the following examples of subclasses are included: race conditions in file access non-existent checking of data content and size non-existent checking for success or failure inability to adapt to resource exhaustion incomplete checking of operating environment inappropriate use of system calls re-use of software modules for purposes other than their intended ones By exploiting program weaknesses, intruders at a remote site can gain access to a victim's system. Even if they have access to a nonprivileged user account on the victim's system, they can often gain additional, unauthorized privileges.

Internet FAQ top
 

l Security Officer l Internet Explorer Security l Protect Files l User Time Control l Security Desktop l Site Map

Copyrights 2006 Eugene Mihailov. All rights reserved