Research Team Analyse a Ghost

28/01/2015

News image

Introduction

The security reseach team at Edinburgh Napier University have been analysing the latest bug on the Internet - named GHOST.

Outline

For all the years that Microsoft Windows was probed, it has now pretty much got it's act together, and it's the increasing using of Android. Mac OS X and, especially, Linux, that are the new targets. While Linux has shown itself to be efficient and able to morph itself into many forms, from running wireless routers in the home to creating the majority of the Web infastructure in the world, it is now being showcased as having some pretty fundamental weaknesses. Shellshock showcased sloppy code at the core of it's infastruture, while Heartbleed showed has sloppy code could compromise it's complete infastructure for security.

It has, thus, a problem under its skin, and it was the same problem that OpenSSL had ... it is build with C/C++, which has the ability to:

do whatever it wants with the system, and especially its memory.

With most modern programming languages, like Java and C#, the development environment manages the code, and will typically at build time, make sure everything is checked properly. Unfortunately C and C++ were created in a time when we often checked the boundaries of a program, such as for the inputs and outputs, and there was little though about what was actually happening on the machine. These days there are whole teams of people probing around in the deeper regions of the code, and looking for things that can go wrong.

The rest of the article is here.

 
[Read More]

Associated people

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Resources