Category: Security


A memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed. The consequences of such an issue depend on the application itself. Consider the following general three cases:

Case Description of Consequence
Short Lived User-land Application Little if any noticable effect. Modern operating system recollects lost memory after program termination.
Long Lived User-land Application Potentially dangerous. These applications continue to waste memory over time, eventually consuming all RAM resources. Leads to abnormal system behavior
Kernel-land Process Very dangerous. Memory leaks in the kernel level lead to serious system stability issues. Kernel memory is very limited compared to user land memory and should be handled cautiously.

Memory is allocated but never freed.

Memory leaks have two common and sometimes overlapping causes:

* Error conditions and other exceptional circumstances.
* Confusion over which part of the program is responsible for freeing the memory

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition

Advertisements

Previously when someone in China used to type 法輪功 or “Falun Gong” into Google’s search engine from Beijing (www.google.cn), then suddenly his Web browser becomes unresponsive for about a minute…
Now thanks to google for switching its search engine operations from mainland china to HongKong there is no censorship on this spiritual movement banned by the Chinese government and many other search phrases like Tibet and searches for missing Chinese activist lawyer Gao Zhisheng, jailed Chinese dissident Liu Xiaobo, Chinese President Hu Jintao and “June 4 incident” — known elsewhere as the 1989 Tiananmen Square crackdown.
Now when you open http://www.google.com.cn it redirects to http://www.google.com.hk/

Recent searches for taboo topics from Beijing generally produced “page cannot be displayed” errors. The user’s browser stops working for about a minute, longer if one tries to access forbidden sites in quick succession. In other words, it’s not just the links to those sites that don’t work; the results don’t come back at all.

Yet the filters aren’t exact, and English-language sites have a greater chance of slipping through, partly because the government is more concerned about the vast majority of citizens who speak only Chinese. And even as the Great Firewall blocks Twitter and sensitive blog postings, excerpts do show up on Google’s search results page.
Before Google killed its mainland search service Monday and redirected “Google.cn” traffic to its existing Hong Kong-based site, Google returned censored results with a note explaining that some items had been removed. Google needed to comply with Chinese laws, but it wanted users to know about the omissions in hopes they would pressure their government to lift restraints.

But Google announced January 12 that it was no longer willing to censor those results after it discovered it was the target of hacking attacks originating from China. Unable to reach agreement with the ruling party on running an uncensored search service, Google decided to send mainland users to Hong Kong, a Chinese territory that is semi-autonomous because of its past as a British colony.

While looking for a freeware tool or plug-in to check current session level cookies I found a firefox extension that allows me to watch selected cookie in a statusbar.
It is a simple extension. It helps testing web applications – it quickly can wipe ‘session’ cookie or it helps to identify cluster node in clustered environments using cookie value.

Download it here.

~Himanshu~