Re: WTF? How can this work?
Re: WTF? How can this work?
- Subject: Re: WTF? How can this work?
- From: Chris Gehlker <email@hidden>
- Date: Mon, 20 Aug 2001 23:24:08 -0700
On 8/20/01 7:36 PM, "Brian Hill" <email@hidden> wrote:
>
On Monday, August 20, 2001, at 08:21 PM, John C. Randolph wrote:
>
>
> Perhaps, but the fact is that a vast number of security problems
>
> in todays computers are due to the fact that C doesn't do
>
> bounds-checking of arrays or strings.
>
>
I'd phrase that more properly as most internet security problems
>
are due to the fact that Microsoft doesn't do bounds checking of
>
arrays or strings...
>
I don't think that they believe it would be cost effective to do
>
bounds checking. 8-)
I was fairly surprised to discover that the same buffer overflow trick would
zap my Cisco DSL modem/router. It turns out that it uses the same legacy BSD
code. Cisco didn't start working on a patch till after Code Red starting
freezing their equipment. One would think that when MS released their patch,
Cisco would have gotten a clue.
--
When I was a boy I was told that anybody could become President. Now I'm
beginning to believe it. -Clarence Darrow, lawyer and author (1857-1938)