« White House Relents on Warrantless Surveillance Documents ... A Little | Main | Is Your Privacy on Facebook a Perk? »

October 26, 2007

Library Randomization & Other Leopard Security Enhancements

TidBITS Safe Computing: How Leopard Will Improve Your Security:

"The most significant security update in Leopard is one that you'll never notice, but that will cause the bad guys no end of frustration. It's an anti-exploitation technology Apple calls Library Randomization (also known generically as Memory Randomization and as Address Space Layout Randomization in Windows Vista). To understand Library Randomization we need to take talk about vulnerabilities, exploits, and buffer overflows.

"Buffer overflows are the class of vulnerability that are responsible for most of the successful attacks on computers today. Most malicious programs (worms and viruses) rely on buffer overflows to take control of your system. In security, we define a vulnerability as a flaw or defect that could allow someone to violate confidentiality, integrity, or availability. Think of it as a weak lock or a broken window the bad guy can use to get in. Buffer overflows are a vulnerability where an attack enters more data into an input than expected; if the programmer who wrote the software forgot to limit that input field, the data can flow past the expected limit and overwrite other parts of memory. Since memory on most of our computers is just a big stack of commands mixed with data, if you know exactly how much extra data to put in, you can trick the computer into running an arbitrary command by overwriting a spot where it expects a legitimate instruction with your new instruction."

Also on the list:

  • download tagging (so you can tell an app came from the 'net)
  • application signing (so you can tell an app hasn't been tampered with)
  • sandboxing: limits the reach of certain applications to keep them from being leveraged for privilege escalation attacks

And several other "oh, also" sorts of things, including SMB packet signing, firewall enhancements, keychain improvements and VPN improvements.

There's also a bit more on input managers and whether they'll be permitted or not. Reports vary. Personally, I count on Pith Helmet and would hate to lose it. It also points to a link worth singling out: "Are Input Managers the Work of the Devil? ".

Anyhow, Ed is twittering from his local Apple store, where he's standing in line to get his copy of Leopard. Mine's on pre-order from Amazon and I'm hoping to see it Monday or Tuesday. I have a lot of backups to do before then.

Tags: , ,

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 5:25 PM | Add Comment

Leave a comment











Type the characters you see in the picture above.

 




JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers