HTTP Buffer Overflows
Sateesh Narahari
sati_home@yahoo.com
Fri, 8 Mar 2002 08:52:40 -0700
When these buffer overflow attacks become more popular, we can charge
$250/hr just for running grep on source code for strcat, strcpy etc. Oh,
btw, we will be known as security consultants :-)
Sateesh
----- Original Message -----
From: "Andy Armstrong" <andy@tagish.com>
Cc: "FoRK" <fork@xent.com>
Sent: Thursday, March 07, 2002 6:18 PM
Subject: Re: HTTP Buffer Overflows
> Gregory Alan Bolcer wrote:
> >
> > Gartner saying that HTTP buffer overflow attacks will
> > be very commonplace by 2005 according to John Pescatore.
> > I wonder how many unsuccessful buffer overflow attacks
> > aren't recorded. I'm sure he means *successful* buffer
> > overflow attacks.
> >
> > Is data handling really that vulnerable?
>
> Iff server software doesn't get fixed. It's not really that hard to
> write code that doesn't contain any overflow related problems, but for
> some reason the practices that lead to overflow vulnerabilities seem to
> be fairly commonplace.
>
> --
> Andy Armstrong, http://www.tagish.co.uk/
>
>
> http://xent.com/mailman/listinfo/fork
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com