Bugtraq mailing list archives

secure-programs howto

From: signal11 () MEDIAONE NET (Signal 11)
Date: Sun, 9 Jan 2000 12:08:18 -0600


http://dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

I thought this link might be useful to forward to the list -
I haven't seen it posted lately and it covers alot of issues bugtraq
talks about - like buffer overflows and how StackGuard and company
works.  I thought it was worth forwarding on for /any/ C++ programmer.
It's not detailed, but it gives you some thoughts on what to keep
an eye out for.  Details, of course, come from reading /this/ list. =)


--
Signal 11, BOFH to the UF list and malign.net
Save the whales!  Trade them for valuable prizes.

Current thread:

Re: *BSD procfs vulnerability, (continued)
- - - Re: *BSD procfs vulnerability Theo de Raadt (Jan 23)
    - stream.c/raped.c tests (just for stats) Vanja Hrustic (Jan 21)
    - Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Jan 21)
    - Re: Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x Vanja Hrustic (Jan 22)
    - Re: Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x Markus Hofmann (Jan 22)
    - Administrivia Elias Levy (Jan 18)
    - Info on some security holes reported against SCO Unixware. Aaron Sigel (Jan 13)
    - ssh-proxy, a new approach to firewall software Magosanyi Arpad (Jan 13)
    - Re: Hotmail security hole - injecting JavaScript using <IMG Ajax (Jan 11)
    - Serious Bug in Corel Linux.(Local root exploit) tascon () ENETE GUI UVA ES (Jan 12)
    - secure-programs howto Signal 11 (Jan 09)
    - strace can lie ... but LTT might be handy Karim Yaghmour (Jan 09)
    - 2nd attempt: AIX techlibss follows links Klaus.Kusche () OOE GV AT (Jan 10)
    - NIS2k Bacano (Jan 11)
    - Password issue in Axent ESM 5.0.1 Console Todd (Jan 12)
    - Re: Password issue in Axent ESM 5.0.1 Console Scott Blake (Jan 14)
    - Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Ussr Labs (Jan 13)
    - Re: NIS2k Brad Griffin (Jan 13)
    - Misleading sense of security in Netscape Craig Ruefenacht (Jan 13)
    - Re: Misleading sense of security in Netscape Jefferson Ogata (Jan 18)
    - New MySQL Available Scott (Jan 13)

(Thread continues...)