Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Buffer Overruns

From: "Doty, Ted (ISSAtlanta)" <TDoty () iss net>
Date: Mon, 20 Dec 1999 14:33:24 -0500
On Saturday, December 18, 1999 5:45 PM, Vin McLellan <vin () shore net> wrote:


        It there something in the emergence of a popular 
Internet, or some
other timely aspect in the industry's evolution, that has 
brought to light
the vulnerabilities associated with buffer overruns in recent years? 

        Maybe some shift in program design or programming engineering
practice?  What left so many of these vulnerabilities 
unexposed and their
risks unappreciated for so many years?


I don't know that it's quite fair to say that they have been unappreciated.
Certainly forums like bugtraq have been reporting buffer overflows for many
years.

There *are* more reported than there used to be, but I expect that this may
be due to a much larger number of people looking into these matters.  The
Internet is no longer the realm of a small group of people, so there is more
research bandwidth to look at things.

Note that this ignores the "shift in program design" that says damn the
buffer overflows, just get us the hell on-line.  We can expect this to be a
generous, new source of security problems. :-p

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems          | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row  | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA                       | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE
Previous By Date Next
Previous By Thread Next

Current thread: