Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Google brings Buzz social networking to Gmail, mobile
•	Virginia firm files encryption lawsuit against tech giants
•	Most smartphones now have touchscreens, research finds
•	Five Ways Early Adopters Have Been Screwed
•	Google Nexus One fee cut follows broad FCC inquiry
•	NASA Endeavour set to dock with, expand International Space Station
•	Cisco, Juniper push new mobility-focused products
•
•	Startup links VMware with Amazon to create secure cloud storage
•	Adobe apologizes for 16-month-old Flash bug
•	Juniper execs share network vision
•	Planning for virtualization? Beware of server overload
•	US National Climate Service to manage world of climate change
•	Google tries to make Gmail more like Facebook, Twitter
•	'Rugged Manifesto' promotes secure coding
•	More breaking news

Memco nips buffer overflow attacks

By Ellen Messmer
Network World, 01/25/99

WASHINGTON, D.C. - Hackers love buffer overflows. Memco Software hates them, and this week at ComNet/DC '99 the company will demonstrate its Secured for Internet line of tools to thwart Web server and other types of buffer-overflow attacks.

A buffer overflow happens when the stack, a section of computer memory that can execute program commands, becomes overloaded, sometimes crashing. Hackers sometimes inject the data that causes the overflow with viruses or other executable code that can take control of the system, deleting files and stealing passwords.

Hackers can exploit buffer overflows because an operating system's TCP/IP stack is always located in the same place, says Memco President Eli Singer. As a safeguard, Memco's antihacker software intercepts some of the system calls, shuffling the memory addresses so that the would-be hacker can't get root authority.

"We've developed this 'Stack Overflow Protection' for the Netscape and Apache servers, and in the next two months, we will have it for Microsoft, too," Singer says. The software costs $1,995 per server. Memco is also debuting buffer-overflow protection tools for Sendmail e-mail servers, and the Check Point Firewall-1 to prevent unauthorized firewall shutdown.

Sakura Global Capital, which has been beta-testing the software on its mail server, called attempted buffer-overflow attacks a significant threat.

"These attempts are a chronic problem, and it's expensive to have someone pay attention to them," says the firm's director of systems and technology, Presley Acuna.

Related Links

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.