Vulnerability Development mailing list archives
Re: BitchX /ignore bug
From: security () PHUZZIELOGIK CX (Security Mail Acct.)
Date: Thu, 6 Jul 2000 20:10:18 -0700
On Thu, 6 Jul 2000, Joe User wrote:
Just think of it this way: someone that's got a natural knack for programming hops down to a bookstore and picks up "Learn C in 21 Days" and flips through it for about 10, and has everything down pat. Ok, no problem, except for the fact that the books you pick up register unsafe gets(), scanf(), strcpy(), etc. Then, after a short time of writing small projects this way, they find out about security: checking buffers, making certain that nothing can get out of bounds, etc...they pick up on this information, but too late. They've already learned the unsafe way of doing things, and old habits die hard. This, unfortunately, is what happens oftentimes; I figured it out when I wrote one program and couldn't figure out why a scanf() would overwrite the EIP and cause a segfault.
Ok, I agree with this, but, does anyone have any suggestion for a book(s), targeted at beginners, that either focus specifically on writting secure code or that at least teach the secure methods? Thanks. -=/phuzzie\=- The refusal to choose is a form of choice; disbelief is a form of belief. phuzzie () phuzzielogik cx - Frank Barron http://www.phuzzielogik.cx * PGP Public Key - http://www.phuzzielogik.cx/email.html *
Current thread:
- Re: BitchX /ignore bug Stephen J. Friedl (Jul 04)
- Re: BitchX /ignore bug Stephen J. Friedl (Jul 05)
- Re: BitchX /ignore bug Benjamin Karas (Jul 05)
- Re: BitchX /ignore bug Daniel Jacobowitz (Jul 05)
- <Possible follow-ups>
- Re: BitchX /ignore bug Thomas Dullien (Jul 05)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- Re: BitchX /ignore bug Keith Simonsen (Jul 06)
- Re: BitchX /ignore bug Steve Mosher (Jul 06)
- Re: BitchX /ignore bug Joe User (Jul 06)
- Re: BitchX /ignore bug Security Mail Acct. (Jul 06)
- wwwboard my help reveal user name and password Julian Linton (Jul 07)
- Re: wwwboard my help reveal user name and password Shelagh Pepper (Jul 07)
- Re: wwwboard my help reveal user name and password Shadowboxer (Jul 07)
- Re: wwwboard my help reveal user name and password Jason Legate (Jul 07)
- Re: wwwboard my help reveal user name and password Simon Hughes (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- About all the default password databases... Mikael Olsson (Jul 07)
- Re: About all the default password databases... Roelof Temmingh (Jul 07)
- Re: About all the default password databases... Jonathan Leto (Jul 07)
- Re: About all the default password databases... Phenoelit (Jul 08)
- Re: BitchX /ignore bug Steve Mosher (Jul 07)