Hackers Beware | DEP's here

By -
This is something that has been around for years and is a simple solution to avoid hackers executing code using buffer overflows/overruns.

From the MSKB 875352
Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.


Software DEP is crap! You need to have a DEP at a processor/bios level. To check if you do, just try this little app by Steve Gibson.




If you're interested in knowing more about DEP, listen to Leo's Security Now! Episode# 78. Buffer Overruns can be understood by listening to Episode# 39. SN! podcasts can be found at http://www.grc.com/securitynow.htm and the RSS podcast is at http://leoville.tv/podcasts/sn.xml

Share with us if you have DEP.

Comments

Post a Comment

Popular posts from this blog

multi-screen mania!

By -
Image
Seems ages ago.. when I gave up on my 15 incher, dug deeper into my pocket and brought home the Samsung 955DF for around 13K (INR). Three years later I still do not have a reason to replace it. It's as good as new and seems to be doing better than when I first switched it on (thanks Displaymate!!). At 100 Watts/hr, this 23 KG giant still leaves me lots of room on my desk. Room for what??? Well that's when I got this crazy idea. Why not do away with application switching? I was hooked onto multi-monitor rigs from the days of Swordfish . Guess What! I plan to retire the 19" CRT and replace it with 2 x 20"/22" LCDs by end of this year. Currently I am watching LCD prices drop. I may not be able to duplicate what John did in Swordfish, but I do plan to have something like what Chris Pirillo has --> http://www.flickr.com/photos/lockergnome/454273055/
Read more

CrossEngine: Seach Engine Mashup

By -
Image
CrossEngine!! I would call this search engine as a mash-up of all search engines. CrossEngine allows us to search across a wide variety of search engines. Here is what I found intresting with this Engine: Clean & Intuitive Dashboard More than 300 search resources No internal ads from CrossEngine Team As per CrossEngine help pages, it was launched as MrSapo.com in Sep. 2004. This search mash-up is owned and operated by Intelways LLC, (Woodstock, GA) . One more intresting feature I found is website customization. We can coupled our website with CrossEngine . How? Try: http://crossengine.com/?window=http://www.msn.com And, you would be able to see the resulting page as your browser's default homepage. Enjoy!!
Read more