Friday, April 20, 2007

Windows DNS Flaw and Other Code Exploits

It was another fun-filled action-packed week for code flaws. The Windows DNS exploit grabbed the headlines mid-week with this story from Computer World. The next day, they published an FAQ on the exploit followed by an eWeek story about the status of a patch from Microsoft.

Yesterday, a security researcher at Juniper demonstrated a way to attack routers and cell phones with a null pointer error. His presentation was at the CanSecWest security conference in Vancouver.

Null pointers are pesky problems that arise in code when a variable references an empty -- or null -- memory space, hence the name null pointer. This usually happens when a developer doesn't initialize a variable or tries to use a variable that hasn't been created yet. I ran into these many times when I was a Java developer in a past life. That might explain why I'm in security now and no longer a coder. I had created just one too many null pointers.

The Juniper researcher was creative in turning null pointers into an attack vector.

It was just another episode in the continuing saga of malware development. What a great week it was for malware developers.


Post a Comment

<< Home