How ASLR protects Linux systems from buffer overflow attacks

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.ASLR is used today on Linux, Windows, and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each one.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here

What does ASLR do for Linux?

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.ASLR is used today on Linux, Windows, and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each one.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here

What does ASLR do for Linux?

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable and, thus, flaws or vulnerabilities associated with these processes will be more difficult to exploit. ASLR is used today on Linux, Windows and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each OS.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here

Wi-Fi Mesh: What to know about enterprise mesh networks

Wireless mesh has been around since the early times of Wi-Fi, and it's getting more attention lately in the consumer world. There are mesh systems available from Google, Eero, Linksys, Netgear, and nearly every networking brand that targets homes and small offices. But there are Wi-Fi mesh solutions for the enterprise market as well, and advances in wireless technology have increased the viability of deploying enterprise mesh networks, particularly in settings where it's not practical to run cabling.The idea behind Wi-Fi mesh networks is that not all the access points (AP) have to plug into the wired infrastructure. Those that aren't plugged in get their network connection wirelessly from a nearby mesh AP. Small mesh networks might require only a single mesh AP plugged into the wired network. Larger networks require multiple mesh APs to be plugged into the network to support those that are connected wirelessly.To read this article in full, please click here

NAE: Automation and Time

Time is the enemy of everything in the field of IT. It doesn’t matter whether you are a designer or operator. Time is your sworn enemy.

In all the training and certifications I’ve ever done, all that is missing is a knighting ceremony in which a sword is laid on your shoulders and you’re sworn in to be an enemy of the phenomena.

Time

Time is a speculative investment, time is relative, highly subjective and makes us emotional. It offers us unsolvable yet predictable challenges. We only ever hear "we need more time". Managers demand it and engineers beg for it. Everything costs time and nothing will give us time back. Given that last statement, high return time investments are key.

In software, we’ve moved to agile, which lets us split software releases up in to super tiny chunks. Instead of a huge development cycle followed by huge deployment and troubleshooting window, we’ve moved to a tiny slice model, in which we do a tiny amount of design, a tiny amount of coding and a tiny amount of deployment and troubleshooting. This move allows us to target the highest priorities quicker and target more accurately, which results in appearing to Continue reading

Network Automation Is More than Just Ansible

One of the attendees of my Building Network Automation Solutions online course sent me this suggestion:

Stick to JUST Ansible - no GitHub, Vagrant, Docker or even Python - all of which come with their own significant learning curves.

While I understand how overwhelming the full-blown network automation landscape is to someone who never touched programming, you have to make a hard choice when you decide to start the learning process: do you want to master a single tool, or understand a whole new technology area and be able to select the best tool for the job on as-needed basis.

Read more ...

ICANN housecleaning revokes old DNS security key

The Internet Corporation for Assigned Names and Numbers (ICANN) this week will do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October, ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017), but the process wasn’t complete because the old key, KSK-2010 remained in the zone. On Jan. 10, ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book — the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here

ICANN housecleaning revokes old DNS security key

The Internet Corporation for Assigned Names and Numbers (ICANN) this week will do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October, ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017), but the process wasn’t complete because the old key, KSK-2010 remained in the zone. On Jan. 10, ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book — the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here

ICANN housecleaning will revoke old DNS security key this week

The Internet Corporation for Assigned Names and Numbers will this week do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017) but the process wasn’t complete as the old key, KSK-2010 remained in the zone. On January 10 ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book – the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here

ICANN housecleaning will revoke old DNS security key this week

The Internet Corporation for Assigned Names and Numbers will this week do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017) but the process wasn’t complete as the old key, KSK-2010 remained in the zone. On January 10 ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book – the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here

Percentage of HTTPS (TLS) Encrypted Traffic on the Internet ?

Reviewing a Threat report from Fortinet Networks suggests that 73% of internet traffic is now encrypted. Thats a substantial change in five years for a network protocol. More than I expected but good news that the status quo CAN be changed. I wonder what happened to telcos that were selling data extracted from capturing HTTP […]

The post Percentage of HTTPS (TLS) Encrypted Traffic on the Internet ? appeared first on EtherealMind.

IoT devices proliferate, from smart bulbs to industrial vibration sensors

While the IoT is already a well-known phenomenon in the tech world, the specifics of IoT implementations are sometimes less than obvious. Here’s a quick-and-dirty overview of the wildly diverse and still evolving landscape of the IoT devices themselves, divided for your reading pleasure into the consumer and enterprise realms.Consumer IoT devices The consumer side of the IoT is mostly about inserting Internet connectivity into objects that a person born before 1990 wouldn’t really have thought needed it – from the toaster and refrigerator in your kitchen, to the locks on your doors, to your car and your wristwatch.[ Read also: 20 hot jobs ambitious IT pros should shoot for ] Smart home IoT devices are, arguably, the biggest deal on the consumer side of things – some people really like the idea of being able to control their lights, door locks and so on from their smartphones. Smart lightbulbs, locks and their ilk are big business, according to Statista, which estimated the total revenue from their sales at nearly $12 billion in 2018. The devices themselves have a wide range of sophistication – a smartlock could be as simple as a device with a servo to move Continue reading

New Year, New Post, NFDx!

You may be thinking “Wait, he hasn’t posted in ages.. how lazy is he?” but thankfully I haven’t been entirely slothful for the last seven months. Most recently I authored a series of six posts related to SDN and automation on the Solarwinds Orange Matter blog. I can’t republish that content here, but I will be sharing links to the posts in the coming days and I hope you’ll find them interesting and thought-provoking.

Cisco SP – Networking Field Day Exclusive!

More immediately, I’m preparing to start the new year with a quick trip to see Cisco’s Service Provider group at a Networking Field Day Exclusive event. I’ve seen the proposed agenda, and it looks like it’s going to be an intense day filled with the kind of topics that I know my readers will appreciate. As always, I’ll be posting about some of the topics covered (maybe even all of them…who knows?), but it’s even better if you can take part too.

The event takes place on Tuesday, January 15th, 2019. If you can, I recommend hopping on the live stream on Tech Field Day and then using the #TFDx hashtag on Twitter to join in the Continue reading

1 1,349 1,350 1,351 1,352 1,353 3,835