APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

If buffer overflows are ever controlled, it won't be due to mere crashes, but due to their making systems vulnerable to hackers. Software crashes due to mere incompetence apparently don't raise any eyebrows, because no one wants to fault the incompetent programmer and his incompetent boss. (Henry Baker found at Pointing the finger at buffer overflows)

This is a deeply disturbing book. I thought things were getting better, that buffer overflows were going away as programmers learn to avoid them. but the authors explain that is an illusion: it's just that the reporting slacked off. They assert that not only do these problems still exist in great numbers, but that they will continue to plague us. The obvious confidence that they *can* break into your system is simply horrifying.

It is hard to believe that programmers keep making the same mistakes over and over again. Buffer overflows have been in the news for years now, every security page has warnings to coders, and almost every new programming book has a section on how NOT to make this kind of mistake. Yet it keeps happening. This book shows what those mistakes are AND how hackers exploit them. Explicitly, in great detail, with little left to your imagination. You need a good understanding of assembly language to get much out of this, but if you do have that background, this is a real eye-opener.

Some of this is a bit of a reach for me (it's been many a year since I did any C or Assembler), but it is fascinating, though in the same sense that watching a tiger stalk you might be: it's scary.

Certainly recommended for people who are writing code today, and I hope more of them pay attention, in spite of the authors opinions that many will not.

  • James C. Foster et al.
  • Syngress
  • 1932266674

book imahe Order (or just read more about) Buffer Overflow Attacks  from Amazon.com

Tony Lawrence 2005-02-01 Rating: 4.0

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Buffer Overflow Attacks


Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Tony Lawrence

Sun Jun 1 22:20:47 2008: 4279   BigDumbDinosaur

The object-oriented model makes it easy to build up programs by accretion. What this often means, in practice, is that it provides a structured way to write spaghetti code. (Paul Graham)

My favorite quote. <Grin>

Sun Jun 1 22:36:49 2008: 4280   BigDumbDinosaur

As long as I'm picking on object-oriented languages, I present another apt quote: There are only two things wrong with C++: The initial concept and the implementation. (Bertrand Meyer)

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

The errors which arise from the absence of facts are far more numerous and more durable than those which result from unsound reasoning respecting true data. (Charles Babbage)

This post tagged: