OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: RE: Buffer Overruns

RE: Buffer Overruns

Subject: RE: Buffer Overruns
From: Doty, Ted (ISSAtlanta) (TDotyiss.net)
Date: Mon Dec 20 1999 - 13:33:24 CST

On Saturday, December 18, 1999 5:45 PM, Vin McLellan <vinshore.net> wrote:

> It there something in the emergence of a popular
> Internet, or some
> other timely aspect in the industry's evolution, that has
> brought to light
> the vulnerabilities associated with buffer overruns in recent years?
>
> Maybe some shift in program design or programming engineering
> practice? What left so many of these vulnerabilities
> unexposed and their
> risks unappreciated for so many years?

I don't know that it's quite fair to say that they have been unappreciated.
Certainly forums like bugtraq have been reporting buffer overflows for many
years.

There *are* more reported than there used to be, but I expect that this may
be due to a much larger number of people looking into these matters. The
Internet is no longer the realm of a small group of people, so there is more
research bandwidth to look at things.

Note that this ignores the "shift in program design" that says damn the
buffer overflows, just get us the hell on-line. We can expect this to be a
generous, new source of security problems. :-p

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479
Atlanta, GA 30328 USA | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE

This archive was generated by hypermail 2b27 : Tue Dec 21 1999 - 01:48:37 CST