Chapter 13

What motives were behind the break-in of the NORAD computer system in the movie WarGames?

Use/Leverage. Maybe a bit of Challenge/Prestige.

True or False: Threat modeling is an informal process done by the software testers to decide where best to apply their tests for security vulnerabilities.

False. It is a formal process performed by the entire team.

The JPEG Virus was caused by a buffer overrun bug. Look back to the Generic Code Review Checklist in Chapter 6. What two categories of checks best describe why this overrun occurred?

Computation Errorsthe value was only expected to be positive. When it went negative, it became a huge positive number. Data Reference Errorsbecause when the value became a huge positive number, the destination buffer was not limited to the size of the comment (65533 bytes).

The Most Recently Used (MRU) file list that appears when you attempt to open a file in a standard Windows application is an example of what type of data that could be a security vulnerability?

Latent Data.

What are the two types of extra, potentially unsecure, data that can be unintentionally written when a file is saved to a disk?

RAM Slack and Disk Slack.