A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack?
A.
Zero-day
B.
SQL injection
C.
Buffer overflow
D.
XSRF
Explanation:
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers
are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the
valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data
integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked
computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen
because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Incorrect Answers:
A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes
aware and hurries to fix it –this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access
to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability
becomes known, a race begins for the developer, who must protect users. This type of attack does not attempt to write too much data to an application’s memory.
Therefore, this answer is incorrect.
B: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field forexecution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when
user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly
executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. This type of attack does not attempt
to write too much data to an application’s memory. Therefore, this answer is incorrect.
D: Cross-Site Request Forgery–also known as XSRF, session riding, and one-click attack– involves unauthorized commands coming from a trusted user to the
website. This is often done without the user’s knowledge, and it employs some type of social networking to pull it off. For example, assume that Evan and Spencer
are chatting through Facebook. Spencer sends Evan a link to what he purports is a funny video that will crack him up. Evan clicks the link, but it actually brings up
Evan’s bank account information in another browser tab, takes a screenshot of it, closes the tab, and sends the information to Spencer. The reason the attack is
possible is because Evan is a trusted user with his own bank. In order for it to work, Evan would need to have recently accessed that bank’s website and have a
cookie that had yet to expire. The best protection against cross-site scripting is to disable the running of scripts (and browser profi les). This type of attack does not
attempt to write too much data to an application’s memory.
Therefore, this answer is incorrect.http://searchsecurity.techtarget.com/definition/buffer-overflow http://www.pctools.com/security-news/zero-day-vulnerability/ http://en.wikipedia.org/wiki/
SQL_injection
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 335