Free Linux software blocks hackers

Information and the Libsafe source code

Related Links

Certain electronic intruders will have to find a new way to wreak havoc

thanks to free Linux software released Thursday by Lucent Technologies'

Bell Labs.

The software blocks hackers who use the common technique of overflowing

an application's buffer memory to gain access to a computer.

Buffer overflows were the most common form of computer vulnerability exploited

over the past 10 years, according to a recent report funded by the Defense

Advanced Research Projects Agency and published by the Oregon Graduate Institute

of Science and Technology.

Lucent's new Libsafe software was designed specifically to prevent those

attacks.

A buffer is a region of computer memory that application programs use to

temporarily store information. A problem occurs when programs write information

to buffers without properly checking the buffer size, which leaves them

vulnerable to attacks that cause a large amount of data to be written, overwriting

the memory immediately outside the buffer region. The overflow injects additional

code into an application program and then hijacks control of the program

to execute that code.

Linux, an open-source operating system, has been gaining momentum in the

government for the past few months. It has become prevalent in high-end

technical and network missions at agencies including NASA and Defense Department

research laboratories.

Libsafe does not require access to the source code of the application programs

and protects all such programs running on a system, said Lucent spokesman

Dan Coulter. "It prevents this kind of attack even if the code is not written

right," he said. "Libsafe still protects the information even if the [buffer]

wasn't written to the right size."

Linux distributors including Red Hat Inc., Linux-Mandrake, TurboLinux Inc.

and Debian GNU/Linux are working with Bell Labs to incorporate Libsafe into

their software releases, according to representatives from each company.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.