If buffer overflows are ever controlled, it won't be due to mere crashes, but due to their making systems vulnerable to hackers. Software crashes due to mere incompetence apparently don't raise any eyebrows, because no one wants to fault the incompetent programmer and his incompetent boss. (Henry Baker found at Pointing the finger at buffer overflows)
This is a deeply disturbing book. I thought things were getting better,
that buffer overflows were going away as programmers learn to avoid
them. but the authors explain that is an illusion: it's just that the reporting slacked off. They assert that not only do these problems still
exist in great numbers, but that they will continue to plague us. The
obvious confidence that they *can* break into your system is simply
It is hard to believe that programmers keep making the same mistakes over and over again. Buffer overflows have been in the news for years now, every
security page has warnings to coders, and almost every new programming book has a section on how NOT to make this kind of mistake. Yet it keeps happening. This book shows what those mistakes are AND how hackers exploit them. Explicitly,
in great detail, with little left to your imagination. You need a good understanding of assembly language to get much out of this, but if you do have that background, this is a real eye-opener.
Some of this is a bit of a reach for me (it's been many a year since I did any C or Assembler), but it is fascinating, though in the same sense that watching a tiger stalk you might be: it's scary.
Certainly recommended for people who are writing code today, and I hope more of them pay attention, in spite of the authors opinions that many will not.
- James C. Foster et al.
Tony Lawrence 2005-02-01 Rating: