Detecting source code modification attacks

Security Lessons: Modified Code Attacks

Article from Issue 131/2011

Learn how to protect yourself against malicious attacks by modified source code.

Normally, when I think about intrusion detection, my thoughts go straight to solutions for things like network- and hostbased intrusion detection – in other words, the usual suspects (Snort, OSSEC, Prelude, event logging and analysis, etc.) [1] – but an often overlooked area of intrusion detection is source code modification attacks.

In the past few months, several highprofile source code modification attacks have taken place. Fortunately, two of the largest were quickly detected and dealt with, but only because pre-existing systems and processes were in place that could detect the attack and allow it to be handled.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Security Lessons: Signing Code

    Kurt looks at the practice of code signing and examines why so few upstream open source projects actually do it.

  • Security Lessons: Checking Signatures

    How to avoid malicious code on Linux.

  • Security Lessons

    When it comes to security, public disclosure of vulnerabilities and working exploit code is now common. We look at why this can be both harmful and helpful to securing your systems.

  • Security Lessons: TUF

    Downloaded software can be compromised in several ways. You need a software update system that handles various attacks and provides end-to-end signing of the data. TUF can help.

  • Security Lessons: HPC

    In a high-performance environment, you want speed as well as security. Kurt looks at some approaches to security that won't slow things down.

comments powered by Disqus

Direct Download

Read full article as PDF:

058-059_kurt.pdf (940.41 kB)