Memco nips buffer overflow attacks

WASHINGTON, D.C. - Hackers love buffer overflows. Memco Software hates them, and this week at ComNet/DC '99 the company will demonstrate its Secured for Internet line of tools to thwart Web server and other types of buffer-overflow attacks.

A buffer overflow happens when the stack, a section of computer memory that can execute program commands, becomes overloaded, sometimes crashing. Hackers sometimes inject the data that causes the overflow with viruses or other executable code that can take control of the system, deleting files and stealing passwords.

Hackers can exploit buffer overflows because an operating system's TCP/IP stack is always located in the same place, says Memco President Eli Singer. As a safeguard, Memco's antihacker software intercepts some of the system calls, shuffling the memory addresses so that the would-be hacker can't get root authority.

"We've developed this 'Stack Overflow Protection' for the Netscape and Apache servers, and in the next two months, we will have it for Microsoft, too," Singer says. The software costs $1,995 per server. Memco is also debuting buffer-overflow protection tools for Sendmail e-mail servers, and the Check Point Firewall-1 to prevent unauthorized firewall shutdown.

Sakura Global Capital, which has been beta-testing the software on its mail server, called attempted buffer-overflow attacks a significant threat.

"These attempts are a chronic problem, and it's expensive to have someone pay attention to them," says the firm's director of systems and technology, Presley Acuna.