http://www.vnunet.com/News/1129263

"Net compiler flaw leaves users exposed
By John Geralds in Silicon Valley [15-02-2002]
A security flaw in a compiler included in Microsoft's .Net developer tools may leave systems vulnerable to attack.
Researchers at software risk management provider Cigital said that Microsoft's Visual C++.Net and Visual C++ version 7 compiler could lead programmers to write even more programs that are vulnerable to buffer overflow attacks.

Because the protection mechanism itself is susceptible to a buffer overflow attack, developers who make use of the feature may come away with a false sense of security and unintentionally discount critical implementation programs, said Cigital CTO Gary McGraw"


i'm laughing to hard to comment more.... :D :D :D :D :D :D :D

Gotta love forcing buffer overflows. Maybe that is how Microsoft intends to improve their security. Anyone that uses their compiler will have worse security, so it will make MS look better.

M$ has one big image problem..
bringing out products like this is not helping them...

stuff like this just keeps making me laugh...

MUHAHAHA Microsoft HEHEHEHE

Inaccurate Claims Regarding Visual C++ .NET Security Feature




I just found this update to this thread....

A newly released report makes a series of unfounded allegations about the security of Microsoft Visual C++® .NET. The report is incorrect—the claimed security flaw simply does not exist, and Visual C++ .NET works correctly. However, the report has spawned a number of news articles and we have received many questions from customers about it. In response, Microsoft would like to provide additional information about the report and the feature it discusses below.

The claims involve the operation of a feature in the Visual C++ .NET compiler (which ships as part of Visual Studio .NET). This feature, known as Buffer Security Checking, provides an additional layer of security in the event that a programmer unknowingly develops a program containing a common coding error known as a buffer overrun. Buffer overruns are a serious security threat, and have been implicated in many serious security vulnerabilities. Buffer Security Checking prevents some types of buffer overruns from being exploited, even




http://msdn.microsoft.com/visualc/compiler.asp

ahhh, so its an anti-buffer overflow....or just typical ms bullshit. One or the other.

And yesterday some one was telling me how secure his windows box was........

I'd be laughing my ass off if they found a buffer overflow in the "Buffer Security Checking" routine...hehe!