Re: Stack growth direction to thwart buffer overflow attacks

phn_at_icke-reklam.ipsec.nu
Date: 08/19/03

• Next message: Tony Nelson: "Re: Stack growth direction to thwart buffer overflow attacks"
• Previous message: Sean Burke: "Re: Stack growth direction to thwart buffer overflow attacks"
• In reply to: Frank Cusack: "Re: Stack growth direction to thwart buffer overflow attacks"
• Next in thread: Bill Unruh: "Re: Stack growth direction to thwart buffer overflow attacks"
• Reply: Bill Unruh: "Re: Stack growth direction to thwart buffer overflow attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 19 Aug 2003 17:16:52 +0000 (UTC)

In comp.security.unix Frank Cusack <fcusack@fcusack.com> wrote:
> On Tue, 19 Aug 2003 09:27:43 -0700 Frank Cusack <fcusack@fcusack.com> wrote:
>> On Tue, 19 Aug 2003 15:42:34 +0000 (UTC) phn@icke-reklam.ipsec.nu wrote:
>>> Well, selecting your vendor is an art. Noone forces yoo to use
>>> obsolete vendors faulty implementations.
>>
>> That's not the right attitude if you care about thwarting buffer overflow
>> attacks. (Isn't that how this thread started?) You have to write code
>> defensively. People WILL use your code where you don't expect it.

> Also, both Solaris and GNU/glibc have faulty implementations of strncat().
> They are not obsolete vendors.

Most vendors has bugs. Knowing them and accepting fixes is part of life.
Vendors that does not fix broken things might find themself obsolete
in some future. At lest if they don't reside i seattle :-)

> /fc

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

• Next message: Tony Nelson: "Re: Stack growth direction to thwart buffer overflow attacks"
• Previous message: Sean Burke: "Re: Stack growth direction to thwart buffer overflow attacks"
• In reply to: Frank Cusack: "Re: Stack growth direction to thwart buffer overflow attacks"
• Next in thread: Bill Unruh: "Re: Stack growth direction to thwart buffer overflow attacks"
• Reply: Bill Unruh: "Re: Stack growth direction to thwart buffer overflow attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Stack growth direction to thwart buffer overflow attacks ... >> That's not the right attitude if you care about thwarting buffer overflow ... >> attacks. ... > They are not obsolete vendors. ... Most vendors has bugs. ... (comp.security.misc) RE: IPS Comparison ... publications that run advertising from the vendors being reviewed. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... (Pen-Test) [Full-Disclosure] its all about timing ... >greatest volume of attacks occur during holidays and off-hours (hence ... That may be an expectation of many in the security community, ... don't think many vendors currently have this level of coverage. ... One concern with the "security" alias was that it was already ... (Full-Disclosure) [fw-wiz] Protocol inspection ... the vendors call it now). ... amount to responses to know attacks, ... functionality in vendor responses to and protection ... against SQL injection? ... (Firewall-Wizards) Re: Qualys ... I always wondered how other vendors handled that kind of thing. ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint