adplus-dvertising
frame-decoration

Question

How does the use of a pseudorandom number as a cookie prevent an attacker from fooling the cookie verification code?

a.

The attacker has no way of knowing in advance what the cookie is going to be.

b.

The attacker can add the cookie’s value to the overflowing payload.

c.

The attacker can stop program execution immediately.

d.

The attacker can execute malicious code.

Posted under Reverse Engineering

Answer: (a).The attacker has no way of knowing in advance what the cookie is going to be. Explanation:The use of a pseudorandom number as a cookie prevents an attacker from fooling the cookie verification code because the attacker has no way of knowing in advance what the cookie is going to be.

Engage with the Community - Add Your Comment

Confused About the Answer? Ask for Details Here.

Know the Explanation? Add it Here.

Q. How does the use of a pseudorandom number as a cookie prevent an attacker from fooling the cookie verification code?

Similar Questions

Discover Related MCQs

Q. What is stack checking?

Q. How does stack checking work?

Q. Why must the cookie be a random number in stack checking?

Q. Can stack checking completely eliminate the problem of buffer overflow bugs?

Q. How can an attacker defeat stack checking?

Q. What is nonexecutable memory?

Q. Which processors provide support for nonexecutable memory?

Q. Which operating systems support nonexecutable memory?

Q. Does nonexecutable memory completely eliminate the problem of buffer overflow attacks?

Q. What is the most popular strategy for attackers to overcome the hurdles imposed by nonexecutable memory systems?

Q. Which option is used for returning values to the caller in functions?

Q. Which type of vulnerability is required for an attacker to exploit the buffer overflow bug?

Q. What is the purpose of stack-checking mechanisms embedded into programs?

Q. What is a heap overflow?

Q. How does a heap overflow attack work?

Q. How are heaps arranged?

Q. What causes the program to crash in a heap overflow attack?

Q. How can attackers take advantage of the heap's linked-list structure?

Q. Why are heap overflows less common than stack overflows?

Q. What is the most common example of overflow attacks?