Man O Man the buffer overflow rulz...
-
Check this link http://msnbc.com/news/707130.asp?cp1=1 Mr. Gates, exasperated by reports of security bugs in Microsoft’s products, last month issued an internal memo that called for a broad “Trustworthy Computing” initiative, which includes better training for Microsoft programmers in writing more-secure computer code. :-D It is the cliched buffer overflow again which has become a viable and foremost tool for M$ exploits eg.Netmeeting etc. It is a little tough to exploit but if you the address of the crash you can put your little exploit code to do what you like... BTW this affects the VC++.NET compiler... Atul It seems that the link feature is not working..it append the cp url also:rolleyes: ..Is it some Masterplan by CM;P bored with my sig..click here
-
Check this link http://msnbc.com/news/707130.asp?cp1=1 Mr. Gates, exasperated by reports of security bugs in Microsoft’s products, last month issued an internal memo that called for a broad “Trustworthy Computing” initiative, which includes better training for Microsoft programmers in writing more-secure computer code. :-D It is the cliched buffer overflow again which has become a viable and foremost tool for M$ exploits eg.Netmeeting etc. It is a little tough to exploit but if you the address of the crash you can put your little exploit code to do what you like... BTW this affects the VC++.NET compiler... Atul It seems that the link feature is not working..it append the cp url also:rolleyes: ..Is it some Masterplan by CM;P bored with my sig..click here
prefix with http:// like this Nish Nish was here, now Nish has gone; He left his soul, to turn you on; Those who knew Nish, knew him well; Those who didn't, can go to hell. I like to :jig: on the Code Project Sonork ID 100.9786 voidmain www.busterboy.org
-
prefix with http:// like this Nish Nish was here, now Nish has gone; He left his soul, to turn you on; Those who knew Nish, knew him well; Those who didn't, can go to hell. I like to :jig: on the Code Project Sonork ID 100.9786 voidmain www.busterboy.org
Thanks Nish :-O :-O :-O ;P ;P :) :) Atul nO sIg as in pIg
-
Thanks Nish :-O :-O :-O ;P ;P :) :) Atul nO sIg as in pIg
Glad to be of help Nish was here, now Nish has gone; He left his soul, to turn you on; Those who knew Nish, knew him well; Those who didn't, can go to hell. I like to :jig: on the Code Project Sonork ID 100.9786 voidmain www.busterboy.org
-
Check this link http://msnbc.com/news/707130.asp?cp1=1 Mr. Gates, exasperated by reports of security bugs in Microsoft’s products, last month issued an internal memo that called for a broad “Trustworthy Computing” initiative, which includes better training for Microsoft programmers in writing more-secure computer code. :-D It is the cliched buffer overflow again which has become a viable and foremost tool for M$ exploits eg.Netmeeting etc. It is a little tough to exploit but if you the address of the crash you can put your little exploit code to do what you like... BTW this affects the VC++.NET compiler... Atul It seems that the link feature is not working..it append the cp url also:rolleyes: ..Is it some Masterplan by CM;P bored with my sig..click here
VC++ .NET trouble is merely a compiler option which helps detecting the code which might lead to a buffer overflow, but was not properly implemented. I wonder, how can this be a potential problem. Also, the company that found out the flaw went public st. away and most see that as a cheap publiciy stunt. Nothing is fool proof.I think Nick did post about the problem here at CP :-). Cheers Kannan
-
VC++ .NET trouble is merely a compiler option which helps detecting the code which might lead to a buffer overflow, but was not properly implemented. I wonder, how can this be a potential problem. Also, the company that found out the flaw went public st. away and most see that as a cheap publiciy stunt. Nothing is fool proof.I think Nick did post about the problem here at CP :-). Cheers Kannan
-
Jon Sagara wrote: Yep, right here Thanks Jon. I was gonna ask for the link. Nish Nish was here, now Nish has gone; He left his soul, to turn you on; Those who knew Nish, knew him well; Those who didn't, can go to hell. I like to :jig: on the Code Project Sonork ID 100.9786 voidmain www.busterboy.org
-
VC++ .NET trouble is merely a compiler option which helps detecting the code which might lead to a buffer overflow, but was not properly implemented. I wonder, how can this be a potential problem. Also, the company that found out the flaw went public st. away and most see that as a cheap publiciy stunt. Nothing is fool proof.I think Nick did post about the problem here at CP :-). Cheers Kannan
Kannan, thanks for the link...I should have read it but as I was with my valentine... So it was a cheap publicity stunt eh..:mad: :mad: :mad: Mwwahhh Haaaa Haaa Atul Sonork 100.13714 netdiva
-
Kannan, thanks for the link...I should have read it but as I was with my valentine... So it was a cheap publicity stunt eh..:mad: :mad: :mad: Mwwahhh Haaaa Haaa Atul Sonork 100.13714 netdiva
Atul Dharne wrote: So it was a cheap publicity stunt eh Yup. That's exactly what it was. Mwwahh :laugh: Haaa Ha Mwwahh :laugh: Haaa Ha Mwwahh Haaa Ha Mwwahh :laugh: Haaa Ha Mwwahh :laugh: Haaa Ha Mwwahh Haaa Ha Mwwahh :laugh: Haaa Ha Mwwahh :laugh: Haaa Ha Mwwahh Haaa Ha Nish Nish was here, now Nish has gone; He left his soul, to turn you on; Those who knew Nish, knew him well; Those who didn't, can go to hell. I like to :jig: on the Code Project Sonork ID 100.9786 voidmain www.busterboy.org
-
Check this link http://msnbc.com/news/707130.asp?cp1=1 Mr. Gates, exasperated by reports of security bugs in Microsoft’s products, last month issued an internal memo that called for a broad “Trustworthy Computing” initiative, which includes better training for Microsoft programmers in writing more-secure computer code. :-D It is the cliched buffer overflow again which has become a viable and foremost tool for M$ exploits eg.Netmeeting etc. It is a little tough to exploit but if you the address of the crash you can put your little exploit code to do what you like... BTW this affects the VC++.NET compiler... Atul It seems that the link feature is not working..it append the cp url also:rolleyes: ..Is it some Masterplan by CM;P bored with my sig..click here
Note that the buffer overflow protection is no replacement for designing your code properly in the first place. MS's (brand new) C++ stack-guard compiler option should not be the first line of defence against buffer overflows, it should be the last. This was blown way out of proportion by the group that first discovered this. This expoit does not break already strong code. Simply, if you have code with a raw buffer, the stack-guard is not 100% effective.
-
Note that the buffer overflow protection is no replacement for designing your code properly in the first place. MS's (brand new) C++ stack-guard compiler option should not be the first line of defence against buffer overflows, it should be the last. This was blown way out of proportion by the group that first discovered this. This expoit does not break already strong code. Simply, if you have code with a raw buffer, the stack-guard is not 100% effective.
CLaW wrote: Note that the buffer overflow protection is no replacement for designing your code properly in the first place. I was hoping someone would say this sooner or later. ________________ David Wulff http://www.davidwulff.co.uk Sonork ID: 100.9977 Dave Contents of my clipboard: Barclays Visa Connect - 4936-3503-2 -- sh*t, I'd better edit the rest out...