(303) 415-1112 Broomfield

(303) 415-1112 Longmont

(970) 541-4777 Loveland

January 2022 - Vol 15, Issue 1
Buffer Overflow - A Great Cyber Security Threat
In April 2014, it was publicly disclosed that a security bug dubbed “Heartbleed” made almost every communication over internet servers, including those performed by the majority of HTTPS websites, vulnerable to extensive data breaches. Private data of hundreds of thousands of devices became accessible, and the Canadian government shutdown online services of the Canadian Revenue Agency (CRA), but not before a hacker obtained about 900 social insurance numbers.

The error was caused by improper buffer overflow handling. A buffer is a low-level region of physical memory storage, which is used to temporarily store information. When reading from or writing to a buffer, many programming languages don’t automatically check that the amount of data you are trying to read or write to matches the size of the buffer. If there is no check, a hacker could read more information than fits in the buffer to access information they are not supposed to. This is the buffer overflow problem that led to so much private data being compromised in the Heartbleed incident.

So how do you prevent the bug?

There are several ways to avoid the bug. One is to simply use a programming language that protects against these vulnerabilities. Java, Python, and .NET for example are strongly typed and have built in checking for these type of issues within the compiler. If a weakly typed language such as C must be used, safe platform-specific functions can be used, such as Microsoft’s “strcpy_s” and “strcat_s” functions.
Finally, if no platform-specific functions are available, you can manually check input and output data by truncating the information to the desired length and adding a null terminating character. For example, say that if a user enters “foo” in a serial terminal, the program should respond “bar”. Since the user input string and the output string should both have a length of 3 characters, only the first three characters should be stored in a buffer and a null terminator should be added onto the end. This prevents crashes from user input larger than the buffer size, and also prevents too much data from being read.

-- BA
IEEE Denver Upcoming Events
The Great Semiconductor Chip Shortage of 2021/2022

The great chip shortage of 2021 is a current topic of discussion, in which the demand for integrated circuits is greater than the supply, impacting several industries and has led to major shortages and queues amongst consumers for video cards, video game consoles, cars and other electrical devices. This talk will give some background information plus a historical perspective as well. Disclaimer: We are not soothsayers, just researchers and purveyors of the facts.

Speaker(s): Sharon Kalwani

Date and Time
  • Date: January 20, 2022
  • Time: 06:30 PM to 08:30 PM
  • All times are MST
If you would like help developing a new product or if your projects are understaffed, CEPD can help. Our staff draws on years of diverse product design experience to provide creative and timely solutions for your product needs. Some of our specialties include:

  • Technical Project Management
  • Embedded Systems Hardware and Software
  • Digital Signal Processing (DSP)
  • Data Acquisition
  • Wireless Sensor and Telemetry Systems (Zigbee, Cellular, VHF, Bluetooth, ANT+, etc.)
  • IoT
  • Control Systems
  • Programmable Logic: FPGA / PLD
  • Analog Circuit Design
  • Switching Power Supply Design
  • Battery Charging (all Chemistries)
  • PCB Design and Layout
  • Analysis, Test and Documentation

We provide cost effective and expedient design options for our clients, regardless of the project's complexity. Our detailed proposals, accurate estimates and time schedules will help you manage each phase of the project. 
The Staff of CEPD, Inc.
Colorado Electronic Product Design, Inc.,
700 Burbank St, Broomfield, CO 80020 (303)415-1112
601 3rd Ave, Ste 205, Longmont, CO 80501 (303)415-1112
1339 S. Garfield Ave, Loveland, CO 80537 (970)541-4777
© 2022, CEPD, Inc.