APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

If buffer overflows are ever controlled, it won't be due to mere crashes, but due to their making systems vulnerable to hackers. Software crashes due to mere incompetence apparently don't raise any eyebrows, because no one wants to fault the incompetent programmer and his incompetent boss. (Henry Baker found at Pointing the finger at buffer overflows)

This is a deeply disturbing book. I thought things were getting better, that buffer overflows were going away as programmers learn to avoid them. but the authors explain that is an illusion: it's just that the reporting slacked off. They assert that not only do these problems still exist in great numbers, but that they will continue to plague us. The obvious confidence that they *can* break into your system is simply horrifying.

It is hard to believe that programmers keep making the same mistakes over and over again. Buffer overflows have been in the news for years now, every security page has warnings to coders, and almost every new programming book has a section on how NOT to make this kind of mistake. Yet it keeps happening. This book shows what those mistakes are AND how hackers exploit them. Explicitly, in great detail, with little left to your imagination. You need a good understanding of assembly language to get much out of this, but if you do have that background, this is a real eye-opener.

Some of this is a bit of a reach for me (it's been many a year since I did any C or Assembler), but it is fascinating, though in the same sense that watching a tiger stalk you might be: it's scary.

Certainly recommended for people who are writing code today, and I hope more of them pay attention, in spite of the authors opinions that many will not.

  • James C. Foster et al.
  • Syngress
  • 1932266674

book imahe Order (or just read more about) Buffer Overflow Attacks  from Amazon.com

Tony Lawrence 2005-02-01 Rating: 4.0

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Buffer Overflow Attacks


More Articles by

Find me on Google+

Click here to add your comments
- no registration needed!

Sun Jun 1 22:20:47 2008: 4279   BigDumbDinosaur

The object-oriented model makes it easy to build up programs by accretion. What this often means, in practice, is that it provides a structured way to write spaghetti code. (Paul Graham)

My favorite quote. <Grin>

Sun Jun 1 22:36:49 2008: 4280   BigDumbDinosaur

As long as I'm picking on object-oriented languages, I present another apt quote: There are only two things wrong with C++: The initial concept and the implementation. (Bertrand Meyer)

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

I am a Kerio reseller. Articles here related to Kerio products reflect my honest opinion, but I do have an obvious interest in selling those products also.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

This post tagged: