Results 1 to 7 of 7

Thread: teehee...M$ automates buffer overflow introduction

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Talking teehee...M$ automates buffer overflow introduction

    http://www.vnunet.com/News/1129263

    "Net compiler flaw leaves users exposed
    By John Geralds in Silicon Valley [15-02-2002]
    A security flaw in a compiler included in Microsoft's .Net developer tools may leave systems vulnerable to attack.
    Researchers at software risk management provider Cigital said that Microsoft's Visual C++.Net and Visual C++ version 7 compiler could lead programmers to write even more programs that are vulnerable to buffer overflow attacks.

    Because the protection mechanism itself is susceptible to a buffer overflow attack, developers who make use of the feature may come away with a false sense of security and unintentionally discount critical implementation programs, said Cigital CTO Gary McGraw"


    i'm laughing to hard to comment more....
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Gotta love forcing buffer overflows. Maybe that is how Microsoft intends to improve their security. Anyone that uses their compiler will have worse security, so it will make MS look better.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    M$ has one big image problem..
    bringing out products like this is not helping them...

    stuff like this just keeps making me laugh...

    MUHAHAHA Microsoft HEHEHEHE
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    Inaccurate Claims Regarding Visual C++ .NET Security Feature




    I just found this update to this thread....

    A newly released report makes a series of unfounded allegations about the security of Microsoft Visual C++® .NET. The report is incorrect—the claimed security flaw simply does not exist, and Visual C++ .NET works correctly. However, the report has spawned a number of news articles and we have received many questions from customers about it. In response, Microsoft would like to provide additional information about the report and the feature it discusses below.

    The claims involve the operation of a feature in the Visual C++ .NET compiler (which ships as part of Visual Studio .NET). This feature, known as Buffer Security Checking, provides an additional layer of security in the event that a programmer unknowingly develops a program containing a common coding error known as a buffer overrun. Buffer overruns are a serious security threat, and have been implicated in many serious security vulnerabilities. Buffer Security Checking prevents some types of buffer overruns from being exploited, even



    http://msdn.microsoft.com/visualc/compiler.asp
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    ahhh, so its an anti-buffer overflow....or just typical ms bullshit. One or the other.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432
    And yesterday some one was telling me how secure his windows box was........

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    I'd be laughing my ass off if they found a buffer overflow in the "Buffer Security Checking" routine...hehe!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •