Secure Coding mailing list archives
Re: opinion, ACM Queue: Buffer Overrun Madness
From: ljknews <ljknews () mac com>
Date: Tue, 08 Jun 2004 21:44:09 +0100
At 1:10 PM -0400 6/8/04, Jose Nazario wrote:
thought some of you may find this editorial from the May 04 ACM Queue worth a read. ACM Queue is an interesting magazine and has a website at acmqueue.org. Buffer Overrun Madness ACM Queue vol. 2, no. 3 - May 2004 by Rodney Bates, Wichita State University Why do good programmers follow bad practices? In January 2003, the Slammer worm was reported to be the fastest spreading ever. Slammer gets access by exploiting a buffer overrun. If you peruse CERT (Computer Emergency Readiness Team) advisories or security upgrade releases, you will see that the majority of computer security holes are buffer overruns. These would be minor irritations but for the world's addiction to the weakly typed programming languages C and its derivative C++.
And yet this mailing list, supposedly devoted to secure coding, seem polarized around the notion of shoring up those languages.
Current thread:
- opinion, ACM Queue: Buffer Overrun Madness Jose Nazario (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Kenneth R. van Wyk (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness Alun Jones (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Blue Boar (Jun 10)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness David Eisner (Jun 09)
- <Possible follow-ups>
- RE: opinion, ACM Queue: Buffer Overrun Madness Peter Amey (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Gary McGraw (Jun 09)