Cisco Blogs


Cisco Blog > Security

Safety in Situ

Photo credit: RobotshopDANGER, WILL ROBINSON, DANGER! MY SENSORS DETECT THAT YOU LIVE IN A HIGH RISK AREA FOR CYBERCRIME!

According to a recent press release from Symantec, some cities in the U.S. are more “vulnerable” than others, with Seattle at the top of list. Their methodology “analyzed data for each city including the number of cyberattacks and potential infections (data provided by Symantec Security Response), level of Internet access, expenditures on computer hardware and software, wireless hotspots, broadband connectivity, Internet usage and online purchases.”

While an argument could be made about a potential conflict of interest for a press release of this nature, I’d like to focus on what greater access to Internet connectivity means in terms of best practices, regardless of whether you are in Seattle or Shishmaref. As noted in a recent Cyber Risk Report, the study’s real conclusion has little to do with your actual location.

Read More »

Exploring Heap-Based Buffer Overflows with the Application Verifier

Isolating the root cause of a heap-based buffer overflow can be tricky at best. Thankfully, Microsoft provides a great tool called the Application verifier, which makes the process significantly gentler.

In this post, we will look at how to use the Application Verifier to pinpoint the source of a heap overflow in a binary. Due to the fact that it is difficult to find a publicly available and easy-to-trigger heap overflow vulnerability in an application whose EULA does not prevent reverse engineering, I have created a small sample application that contains a heap overflow for this purpose.

Read More »

Don’t blame the computer

“I’m sorry, Dave, I’m afraid I can’t do that.”

- HAL the computer from 2001: A Space Odyssey (1968)

Every day, essential business and physical functions are executed by software, without human oversight.  Many of these functions—automobile braking systems, automatic systems on commercial aircraft and commuter trains, medical equipment—function at speeds and levels of precision that cannot be matched by human beings.  Thankfully, the persistent fear that someone may eventually create software that is intelligent enough to defy us has not come to pass.  If anything, the opposite remains the more immediate concern:  as fallible humans, we continue to generate software riddled with problems, setting the stage for accidents waiting to happen. One such incident was recently made public.

Read More »

Don’t blame the computer

“I’m sorry, Dave, I’m afraid I can’t do that.”

- HAL the computer from 2001: A Space Odyssey (1968)

Every day, essential business and physical functions are executed by software, without human oversight.  Many of these functions—automobile braking systems, automatic systems on commercial aircraft and commuter trains, medical equipment—function at speeds and levels of precision that cannot be matched by human beings.  Thankfully, the persistent fear that someone may eventually create software that is intelligent enough to defy us has not come to pass.  If anything, the opposite remains the more immediate concern:  as fallible humans, we continue to generate software riddled with problems, setting the stage for accidents waiting to happen.  

Read More »

Think Before Plugging In

Many popular software products have frameworks that allow users to extend and customize the application using plugins or add-ons. Examples include Firefox, WordPress and Google Chrome. In fact, even nerd software like irssi allows users to use plugins. Plugins help with productivity and make the software fun to use. However, plugins can also introduce risk to users. Sometimes, these issues are very overt. For example, malware was recently discovered in a Firefox add-on (I was impressed with how this was addressed though). Other times, the issues may be more subtle: perhaps the plugin could introduce a new vulnerability that, with a little research, could be exploited.

Read More »