• What do these threats have in common
    		•

    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg




    Download 58.92 Kb.
    bet4/15
    Sana30.03.2021
    Hajmi58.92 Kb.
    #13786
    1   2   3   4   5   6   7   8   9   ...   15
    What products are susceptible?  All types of software products may be subject to these threats.

    Tampering with data



    What's the threat?  Modifying system or user data with or without detection. An unauthorized change to stored or in-transit information, formatting of a hard disk, a malicious intruder introducing an undetectable network packet in a communication, and making an undetectable change to a sensitive file are all tampering threats.

    What do these threats have in common?

    • Modification of data that should not be accessible.

    • Causing a trusted entity to modify data improperly.

    • Elevation of privilege can enable tampering

    Examples

    • Packet injection attacks where data on the wire is modified. The vulnerability that exposes this threat is a lack of integrity on data sent on the wire.

    • Modification of file data without authorization checks. The vulnerability that exposes this threat is missing access checks, buffer overflows, no integrity checks, and so on.

    • Data corruption due to execution of erroneous code. Vulnerabilities include unhandled memory allocation failures, uninitialized memory, use of freed memory resources, and miscalculations like divide by zero.

    • Data corruption or modification by Trojans and viruses. The vulnerability is the software's susceptibility to Trojans.



    Download 58.92 Kb.
    1   2   3   4   5   6   7   8   9   ...   15




    Download 58.92 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg

    Download 58.92 Kb.