Which of the following is one of the oldest and most common problem in software development that is still very
prevalent today?
A.
Buffer Overflow
B.
Social Engineering
C.
Code injection for machine language
D.
Unassembled reversible DOS instructions.
Explanation:
Buffer overflows are in the source code of various applications and operating systems. They have been around
since programmers started developing software. This means it is very difficult for a user to identify and fix them.
When a buffer overflow is identified, the vendor usually sends out a patch, so keeping systems current on
updates, hotfixes, and patches is usually the best countermeasure.
A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an
allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of anyuse to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the
attacker wants executed. So, the purpose of a buffer overflow may be either to make a mess, by shoving
arbitrary data into various memory segments, or to accomplish a specific task, by pushing into the memory
segment a carefully crafted set of data that will accomplish a specific task. This task could be to open a
command shell with administrative privilege or execute malicious code.
Incorrect Answers:
B: Social engineering is when one person tricks another person into sharing confidential information, for
example, by posing as someone authorized to have access to that information. This is a user issue; it is not a
problem in software development.
C: Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is
used by an attacker to introduce (or “inject”) code into a vulnerable computer program and change the course
of execution. This is not one of the most common problems in software development today.
D: DOS applications are rare nowadays so unassembled reversible DOS instructions is not a prevalent problem
today.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 332, 337