OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: BitchX /ignore bug
From: Security Mail Acct. (securityPHUZZIELOGIK.CX)
Date: Thu Jul 06 2000 - 22:10:18 CDT

On Thu, 6 Jul 2000, Joe User wrote:

> Just think of it this way: someone that's got a natural knack for programming
> hops down to a bookstore and picks up "Learn C in 21 Days" and flips through
> it for about 10, and has everything down pat. Ok, no problem, except for the
> fact that the books you pick up register unsafe gets(), scanf(), strcpy(), etc.
> Then, after a short time of writing small projects this way, they find out about
> security: checking buffers, making certain that nothing can get out of bounds,
> etc...they pick up on this information, but too late. They've already learned
> the unsafe way of doing things, and old habits die hard. This, unfortunately,
> is what happens oftentimes; I figured it out when I wrote one program and
> couldn't figure out why a scanf() would overwrite the EIP and cause a segfault.

Ok, I agree with this, but, does anyone have any suggestion for a
book(s), targeted at beginners, that either focus specifically on writting
secure code or that at least teach the secure methods? Thanks.

-=/phuzzie\=- The refusal to choose is a form of
                                choice; disbelief is a form of belief.
     phuzziephuzzielogik.cx
                                                - Frank Barron
          http://www.phuzzielogik.cx

       * PGP Public Key - http://www.phuzzielogik.cx/email.html *