HTTP Buffer Overflows
Adam L. Beberg
beberg@mithral.com
Thu, 7 Mar 2002 19:19:33 -0800 (PST)
On Thu, 7 Mar 2002, Gregory Alan Bolcer wrote:
> Gartner saying that HTTP buffer overflow attacks will
> be very commonplace by 2005 according to John Pescatore.
> I wonder how many unsuccessful buffer overflow attacks
> aren't recorded. I'm sure he means *successful* buffer
> overflow attacks.
>
> Is data handling really that vulnerable?
Coding a buffer overflow is hard to do, really hard to do. It requires such
a complete lack of skill that only from elementry school kids could you
possibly expect them to happen. Microsoft and open source both employ alot
of these newbies.
Unfortunately programmers seem to use alot of drugs, especially memory
eatting pot, and work more then 8 hours a day, which are the only things
that can possiblty explain buffer overflows.
Here is a better prediction:
By 2015, someone will design an operating system with more then zero
security features. (0.6 probability).
- Adam L. "Duncan" Beberg
http://www.mithral.com/~beberg/
beberg@mithral.com