Get APLawrence.com by RSS
Buffer Overflow Attacks
- James C. Foster et al.
- Syngress
- 1932266674
Order (or just read more about) Buffer Overflow Attacks from Amazon.com
If buffer overflows are ever controlled, it won't be due to mere crashes, but due to their making systems vulnerable to hackers. Software crashes due to mere incompetence apparently don't raise any eyebrows, because no one wants to fault the incompetent programmer and his incompetent boss. (Henry Baker found at http://www.sysprog.net/quotlang.html)
This is a deeply disturbing book. I thought things were getting better, that buffer overflows were going away as programmers learn to avoid them. but the authors explain that is an illusion: it's just that the reporting slacked off. They assert that not only do these problems still exist in great numbers, but that they will continue to plague us. The obvious confidence that they *can* break into your system is simply horrifying.
It is hard to believe that programmers keep making the same mistakes over and over again. Buffer overflows have been in the news for years now, every security page has warnings to coders, and almost every new programming book has a section on how NOT to make this kind of mistake. Yet it keeps happening. This book shows what those mistakes are AND how hackers exploit them. Explicitly, in great detail, with little left to your imagination. You need a good understanding of assembly language to get much out of this, but if you do have that background, this is a real eye-opener.
Some of this is a bit of a reach for me (it's been many a year since I did any C or Assembler), but it is fascinating, though in the same sense that watching a tiger stalk you might be: it's scary.
Certainly recommended for people who are writing code today, and I hope more of them pay attention, in spite of the authors opinions that many will not.
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 18 | 41 | 87 | 87 | 7,041 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
SCO, OpenServer, UnixWare, software, servers, security, networks, installation, administration, troubleshooting, maintenance, Watchguard, firewalls, VPNs, e-mail. Visit us at Open Systems Computing and www.go2unix.com.
http://www.breakthru.com.au SCO (Openserver and Unixware), Unix, Solaris and Linux Consulting services including: Secure Networking Solutions; Linux based Firewalls; Backup Solutions; Secure Home to Office Network Setup; Phone, Remote and On-Site Support available - Satisfaction Guaranteed!
larryi@ccamedical.com SCO OS5, Debian Linux, RedHat Linux, MySQL, Apache, AJAX development using dXport/dL4/Unibasic, Windows Connectivity, Sharing Resouces, Automation, Shell Scripting
Sun Jun 1 22:20:47 2008: Subject: BigDumbDinosaur
http://bcstechnology.net
The object-oriented model makes it easy to build up programs by accretion. What this often means, in practice, is that it provides a structured way to write spaghetti code. (Paul Graham)
My favorite quote. <Grin>
Sun Jun 1 22:36:49 2008: Subject: BigDumbDinosaur
http://bcstechnology.net
As long as I'm picking on object-oriented languages, I present another apt quote: There are only two things wrong with C++: The initial concept and the implementation. (Bertrand Meyer)
Click here to add your comments