Secure Coding mailing list archives
COBOL Exploits
From: neumann at csl.sri.com (Peter G. Neumann)
Date: Fri, 2 Nov 2007 10:45:06 PDT
Searching through http://www.csl.sri.com/neumann/illustrative.html gives these COBOL-related RISKS items. The initial character descriptors are defined there. In the citations, * R relates to RISKS (archives at risks.org) * S relates to SIGSOFT Software Engineering Notes (archives at www.sigsoft.org/SEN/ although more recent items also in RISKS) Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3, R 11 30) \$fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds (S 10 3:12) S[H?] Election frauds, lawsuits, spaghetti code, same memory locations used for multiple races simultaneously, undocumented GOTOs, COBOL ALTER verb allowing self-modifying code, calls to undocumented/unknown subroutines, bypassable audit trails (S 11 3); Report from the Computerized Voting Symposium, August 1986 (S 11 5) Sie Data transfer Excel-COBOL loses voter data in 2003 Greenville Mississippi election (R 22 95) \$hi Man gets \$218 trillion phone bill (R 24 24); COBOL program? (R 24 27,29,30,33) f Discussion of date and century roll-over problems: Fujitsu SRS-1050 ISDN display phones fail on two-digit month (10); 1401 one-character year field; COBOL improvements; IBM 360 (S 20 2:13) [See Fred Ballard and Walt Murray (R 16 70 ff).] [Lots of stuff is relevant on COBOL's two-character year field and the entire Y2K saga.]
Current thread:
- COBOL Exploits Mark Rockman (Nov 01)
- COBOL Exploits security curmudgeon (Nov 02)
- COBOL Exploits ljknews (Nov 02)
- COBOL Exploits Leichter, Jerry (Nov 02)
- COBOL Exploits Kenneth Van Wyk (Nov 02)
- <Possible follow-ups>
- COBOL Exploits Peter G. Neumann (Nov 02)
- COBOL Exploits Andrew van der Stock (Nov 17)