Don't leave holes in your patching policies

Tuesday, 16 December 2003, 3:50 PM EST

If the IT industry was subject to the same restrictions as the car industry, the number of equipment recalls would be so huge that many companies would go out of business.

Bugs are an inevitable problem in a sector where companies are driven by shareholders to rush out equipment before it is ready. From a security perspective, this presents users with a huge problem. Empirical evidence suggests that the average device - whether it is a perimeter network resource such as a firewall or router, or a core device such as a server - has more holes in it than a piece of Gruyere.

One of the rarest but most devastating security vulnerabilities in host computers is the buffer overflow error, said Gary Jones, professional services manager of security consultancy MIS Corporate Defence Solutions.

Simply bombarding user-facing memory space with data can cause data to overrun pre-allocated memory, forcing the input into an executable part of the memory. Hackers can use this to run code of their own and possibly gain control of the system.

[ Read more ]

Related items




Spotlight

DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Jan 26th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //