Quite a number of hacker and virus attacks on information systems across the globe are successful because the hacker, or virus, is able to exploit weaknesses in common software and gain unauthorized system access, mostly to do damage. What is commonly referred to as a flaw or a bug is often a useful function that has dangerous side effects. Flaws result in security holes that render your software (could be your operating system or any application you use), and your network vulnerable to attack.
Hackers, who are of course professional programmers, seek out these flaws and exploit them. The zlib compression library, for example, is an open-source data-compression library that has been ported and modified to work on a wide variety of operating systems and applications. There is a security vulnerability, discovered on November 2002, in zlib 1.1.3 that can be exploited by providing a specially crafted invalid compressed data stream to zlib's decompression routines that results in zlib attempting to free the same memory twice. On many systems, freeing the same memory twice will crash the application. Such "double free" vulnerabilities can be used in denial-of-service attacks. This, in English, means you won't be able to do anything on your computer for some time.
A new version of zlib has been released, zlib 1.1.4, that eliminates this possibility of a 'double-free', and thus eliminates the vulnerability. The bug in the old version of zlib results from a programming error that causes segments of dynamically allocated memory to be released more than once. This is what hackers will try to exploit, if they get the chance.
More recently, a Server Resolution service buffer overrun flaw in SQL Server was exploited by a 'worm', SQL Slammer. The worm has the unintended payload of performing a Denial of Service attack due to the large number of packets it sends. The SQL worm itself is file-less and resides only in memory. It does not create or delete files but actively scans for other vulnerable MS SQL servers. The aggressive scanning done by SQL Slammer overloaded many networks on January 25, 2003, slowing Internet traffic. If the 'Hacker' that created this worm had more sinister intentions, he could have done much more than simply slowing down the Internet.
Software flaws are usually useful functions with side effects. The useful function in the zlib compression library, version 1.1.3 is the ease with which it frees memory, so to speak. The side effect is the ease with which it can be made to free the same memory twice.
How can flaws be eliminated? They can't! New programs will always have flaws. The only sure way of being protected is to download and install patches and security updates and hope that hackers don't attempt to exploit these flaws before you are even aware of them.
Sometimes, the application of a patch might introduce new flaws. Are we going round in circles?
Hackers, who are of course professional programmers, seek out these flaws and exploit them. The zlib compression library, for example, is an open-source data-compression library that has been ported and modified to work on a wide variety of operating systems and applications. There is a security vulnerability, discovered on November 2002, in zlib 1.1.3 that can be exploited by providing a specially crafted invalid compressed data stream to zlib's decompression routines that results in zlib attempting to free the same memory twice. On many systems, freeing the same memory twice will crash the application. Such "double free" vulnerabilities can be used in denial-of-service attacks. This, in English, means you won't be able to do anything on your computer for some time.
A new version of zlib has been released, zlib 1.1.4, that eliminates this possibility of a 'double-free', and thus eliminates the vulnerability. The bug in the old version of zlib results from a programming error that causes segments of dynamically allocated memory to be released more than once. This is what hackers will try to exploit, if they get the chance.
More recently, a Server Resolution service buffer overrun flaw in SQL Server was exploited by a 'worm', SQL Slammer. The worm has the unintended payload of performing a Denial of Service attack due to the large number of packets it sends. The SQL worm itself is file-less and resides only in memory. It does not create or delete files but actively scans for other vulnerable MS SQL servers. The aggressive scanning done by SQL Slammer overloaded many networks on January 25, 2003, slowing Internet traffic. If the 'Hacker' that created this worm had more sinister intentions, he could have done much more than simply slowing down the Internet.
Software flaws are usually useful functions with side effects. The useful function in the zlib compression library, version 1.1.3 is the ease with which it frees memory, so to speak. The side effect is the ease with which it can be made to free the same memory twice.
How can flaws be eliminated? They can't! New programs will always have flaws. The only sure way of being protected is to download and install patches and security updates and hope that hackers don't attempt to exploit these flaws before you are even aware of them.
Sometimes, the application of a patch might introduce new flaws. Are we going round in circles?
Buy on AliExpress.com