Full Disclosure mailing list archives

And how long have buffer overflows been around?

From: "Edward W. Ray" <support () mmicman com>
Date: Thu, 26 Feb 2004 16:51:03 -0800

A lot longer than just before Windows 2003 release, but not according to
Security Architect and Chief Technology Officer of Microsoft's Security
Business Unit David Aucsmith:


"Windows 95 was written without a single security feature, he said, as it
was designed to be totally open to let users connect to other systems.
Furthermore, the security kernel of the Windows NT server software was
written before the Internet, and the Windows Server 2003 software was
written before buffer overflows became a frequent target of recent
attacks..."


The rest of the article can be found at
http://www.infoworld.com/article/04/02/24/HNunderattack_1.html


A little levity for today's discussion.

Edward W. Ray

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Job Opening in Maryland for Security Resear cc (Feb 26)
- <Possible follow-ups>
- RE: Job Opening in Maryland for Security Resear cc (Feb 26)
- RE: Job Opening in Maryland for Security Resear Schmehl, Paul L (Feb 26)
  - RE: Job Opening in Maryland for Security Resear Ron DuFresne (Feb 27)
- RE: Job Opening in Maryland for Security Resear Chavez, Aaron, ISD (Feb 26)
- RE: Job Opening in Maryland for Security Resear brassballs (Feb 26)
  - tool to reverse engineer patches??? Exibar (Feb 26)
    - Re: tool to reverse engineer patches??? jan . muenther (Feb 26)
    - And how long have buffer overflows been around? Edward W. Ray (Feb 26)
    - Re: And how long have buffer overflows been around? Dave Horsfall (Feb 26)
    - Re: And how long have buffer overflows been around? Valdis . Kletnieks (Feb 26)