equal
deleted
inserted
replaced
59 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
59 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
60 \begin{frame}[c] |
60 \begin{frame}[c] |
61 \frametitle{Smash the Stack for Fun\ldots} |
61 \frametitle{Smash the Stack for Fun\ldots} |
62 |
62 |
63 \begin{itemize} |
63 \begin{itemize} |
64 \item {\bf Buffer Overflow Attacks} or\\ |
64 \item \alert{\bf Buffer Overflow Attacks (BOAs)} or\\ |
65 {\bf Smashing the Stack Attacks}\medskip |
65 {\bf Smashing the Stack Attacks}\medskip |
66 |
66 |
67 \item one of the most popular attacks, unfortunately\\ |
67 \item unfortunately one of the most popular attacks\\ |
68 ($>$ 50\% of security incidents reported at CERT are related |
68 ($>$ 50\% of security incidents reported at CERT are related |
69 to buffer overflows) |
69 to buffer overflows) |
70 \begin{flushright} |
70 \begin{flushright} |
71 \small\url{http://www.kb.cert.org/vuls} |
71 \small\url{http://www.kb.cert.org/vuls} |
72 \end{flushright} |
72 \end{flushright} |
401 \item heap-smashing attacks\\ |
401 \item heap-smashing attacks\\ |
402 \textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip |
402 \textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip |
403 |
403 |
404 \item ``zero-days-attacks'' (new unknown vulnerability) |
404 \item ``zero-days-attacks'' (new unknown vulnerability) |
405 \end{itemize} |
405 \end{itemize} |
406 |
|
407 \end{frame} |
|
408 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
409 |
|
410 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
411 \begin{frame}[c] |
|
412 \frametitle{Format String Vulnerability} |
|
413 |
|
414 \small |
|
415 \texttt{string} is nowhere used:\bigskip |
|
416 |
|
417 {\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip |
|
418 |
|
419 this vulnerability can be used to read out the stack |
|
420 |
406 |
421 \end{frame} |
407 \end{frame} |
422 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
408 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
423 |
409 |
424 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
410 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
562 \footnotesize |
548 \footnotesize |
563 \hfill\url{https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability} |
549 \hfill\url{https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability} |
564 \end{frame} |
550 \end{frame} |
565 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
551 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
566 |
552 |
|
553 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
554 \begin{frame}[c] |
|
555 \frametitle{Format String Vulnerability} |
|
556 |
|
557 \small |
|
558 \texttt{string} is nowhere used:\bigskip |
|
559 |
|
560 {\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip |
|
561 |
|
562 this vulnerability can be used to read out the stack |
|
563 |
|
564 \end{frame} |
|
565 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
567 |
566 |
568 |
567 |
569 \end{document} |
568 \end{document} |
570 |
569 |
571 %%% Local Variables: |
570 %%% Local Variables: |