This does not allow for
the operating system to control this type of information flow and provide protection
against possible compromises.
If we peek under the covers even further, we see that thousands of protocols are integrated
into the different operating system protocol stacks, which allow for distributed
computing. The operating systems and applications must rely on these protocols for
transmission to another system or application, even if the protocols contain their own
inherent security flaws. Device drivers are developed by different vendors and installed
into the operating system. Many times these drivers are not well developed and can negatively
affect the stability of an operating system. Device drivers work in the context of
privilege mode, so if they ???act up??? or contain exploitable vulnerabilities, this only allows
the attackers more privilege on the systems once the vulnerabilities are exploited. And to
Chapter 1: Ethics of Ethical Hacking
15
PART I
get even closer to the hardware level, injection of malicious code into firmware has
always been an attack vector.
So is it all doom and gloom? Yep, for now. Until we understand that a majority of the
successful attacks are carried out because software vendors do not integrate security into
the design and specification phases of development, that most programmers have not
been properly taught how to code securely, that vendors are not being held liable for
faulty code, and that consumers are not willing to pay more for properly developed and
tested code, our staggering hacking and company compromise statistics will only
increase.
Pages:
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81