Firewall Wizards mailing list archives
RE: Buffer Overruns
From: "Doty, Ted (ISSAtlanta)" <TDoty () iss net>
Date: Mon, 20 Dec 1999 14:33:24 -0500
On Saturday, December 18, 1999 5:45 PM, Vin McLellan <vin () shore net> wrote:
It there something in the emergence of a popular Internet, or some other timely aspect in the industry's evolution, that has brought to light the vulnerabilities associated with buffer overruns in recent years? Maybe some shift in program design or programming engineering practice? What left so many of these vulnerabilities unexposed and their risks unappreciated for so many years?
I don't know that it's quite fair to say that they have been unappreciated. Certainly forums like bugtraq have been reporting buffer overflows for many years. There *are* more reported than there used to be, but I expect that this may be due to a much larger number of people looking into these matters. The Internet is no longer the realm of a small group of people, so there is more research bandwidth to look at things. Note that this ignores the "shift in program design" that says damn the buffer overflows, just get us the hell on-line. We can expect this to be a generous, new source of security problems. :-p - Ted ----------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 678 443-6000 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479 Atlanta, GA 30328 USA | Web: http://www.iss.net ----------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- RE: Buffer Overruns, (continued)
- RE: Buffer Overruns Michael D. Hunter-Linville (Dec 21)
- Re: Buffer Overruns Saravana Ram (Dec 24)
- Re: Buffer Overruns Ryan Russell (Dec 18)
- Re: Buffer Overruns Steven M. Bellovin (Dec 18)
- Re: Buffer Overruns Vin McLellan (Dec 20)
- Re: Buffer Overruns Joseph S D Yao (Dec 21)
- OT - Rant on State of S/w Engr (was Re: Buffer Overruns) Lim Wei Siong Vincent (Dec 22)
- Re: OT - Rant on State of S/w Engr (was Re: Buffer Overruns) Joseph S D Yao (Dec 23)
- Re: Buffer Overruns Joseph S D Yao (Dec 21)
- Re: Buffer Overruns Crispin Cowan (Dec 21)
- Re: Buffer Overruns Michael Kelly (Dec 22)
- Re: Buffer Overruns Joseph S D Yao (Dec 23)
- Message not available
- Message not available
- Re: Buffer Overruns Crispin Cowan (Dec 30)
- Re: Buffer Overruns Joseph S D Yao (Dec 30)