Secure Coding mailing list archives

COBOL Exploits

From: mrockman at acm.org (Mark Rockman)
Date: Fri, 02 Nov 2007 00:13:37 -0400

The adolescent minds that engage in "exploits" wouldn't know COBOL if a printout fell out a window and onto their 
heads.  I'm sure you can write COBOL programs that crash, but it must be hard to make them take control of the 
operating system.  COBOL programs are heavy into unit record equipment (cards, line printers), tape files, disk files, 
sorts, merges, report writing -- all the stuff that came down to 1959-model mainframes from tabulating equipment.  They 
don't do Internet.  What they could do and have done is incorporate malicious code that exploits rounding error such 
that many fractional pennies end up in a conniving programmer's bank account.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20071102/81148c01/attachment.html

Current thread:

COBOL Exploits Mark Rockman (Nov 01)
- COBOL Exploits security curmudgeon (Nov 02)
- COBOL Exploits ljknews (Nov 02)
- COBOL Exploits Leichter, Jerry (Nov 02)
- COBOL Exploits Kenneth Van Wyk (Nov 02)
- <Possible follow-ups>
- COBOL Exploits Peter G. Neumann (Nov 02)
  - COBOL Exploits Andrew van der Stock (Nov 17)