Security Vulnerabilities: Heartbleed & Buffer Overflow.

740 views

Published on

This presentation explains the mechanisms of Heartbleed security flaw, which had place worldwide in 2014. It also contains explanations on the reasons of Buffer Overflow, one of the simplest, but also one of the most common vulnerabilities. The presentation will help avoid these problems and guarantee online security.

Presentation by Nazar Mota (Developer, GlobalLogic, Lviv), EmbeddedTechTalk, Lviv, 2014.
More details -
http://www.globallogic.com.ua/press-releases/embedded-lviv-techtalk-2-coverage

Published in: Engineering, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
740
On SlideShare
0
From Embeds
0
Number of Embeds
264
Actions
Shares
0
Downloads
18
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security Vulnerabilities: Heartbleed & Buffer Overflow.

  1. 1. Security vulnerabilities Heartbleed & Buffer overflow By Nazar Mota © 2014 GlobalLogic Inc.
  2. 2. © 2014 GlobalLogic Inc.
  3. 3. Agenda Ø Heartbleed Ø Buffer overflow Ø Q&A © 2014 GlobalLogic Inc.
  4. 4. © 2014 GlobalLogic Inc. Heartbleed
  5. 5. © 2014 GlobalLogic Inc. Heartbleed ● Is called one of the biggest security threats the Internet has ever seen. ● Described as catastrophic by experts: 'On the scale of 1 to 10, this is an 11'. ● Since 1.03.2012(!) - 7.04.2014 ● Reveal up to 64k of memory to a connected client or server ● Allows stealing the information protected, under normal conditions
  6. 6. © 2014 GlobalLogic Inc. Impacts ● 1/3 of Internet (According to the Internet security company Netcraft, around 500,000 sites) ● Dropbox, Google, Yahoo, Facebook, Istagram, Flickr, Youtube, Github ● Online banking, VPN ● IP phones, Routers, Medical devices, Smart TV sets, embedded devices and millions of other devices
  7. 7. © 2014 GlobalLogic Inc.
  8. 8. © 2014 GlobalLogic Inc.
  9. 9. © 2014 GlobalLogic Inc.
  10. 10. © 2014 GlobalLogic Inc.
  11. 11. © 2014 GlobalLogic Inc.
  12. 12. © 2014 GlobalLogic Inc.
  13. 13. © 2014 GlobalLogic Inc.
  14. 14. © 2014 GlobalLogic Inc.
  15. 15. © 2014 GlobalLogic Inc.
  16. 16. © 2014 GlobalLogic Inc.
  17. 17. © 2014 GlobalLogic Inc.
  18. 18. © 2014 GlobalLogic Inc.
  19. 19. © 2014 GlobalLogic Inc.
  20. 20. © 2014 GlobalLogic Inc.
  21. 21. © 2014 GlobalLogic Inc.
  22. 22. © 2014 GlobalLogic Inc.
  23. 23. © 2014 GlobalLogic Inc.
  24. 24. Ø Heartbleed Ø Buffer overflow Ø Q&A © 2014 GlobalLogic Inc.
  25. 25. © 2014 GlobalLogic Inc.
  26. 26. © 2014 GlobalLogic Inc.
  27. 27. © 2014 GlobalLogic Inc.
  28. 28. © 2014 GlobalLogic Inc. C – Avoid (no bounds checks): strcpy(), strcat(), sprintf(), scanf() Use safer versions (with bounds checking): strncpy(), strncat(), fgets() Must pass the right buffer size to functions! C++: STL string class handles allocation Unlike compiled languages (C/C++), interpreted ones (Java/C#) enforce type safety, raise exceptions for buffer overflow Safe String Libraries
  29. 29. Thank You Q & A

×