Most of your Micro$oft and Linux errors are due to the C language defining an end of string as x'00', and the programmer forgetting to check the lenght of the input against the buffer. The the hacker sends a malformed string to that function and overlays the program code and takes control.
On Mon, Apr 11, 2011 at 4:06 PM, John Mattson <[email protected]> wrote: > EXCELLENT point. Frequency of patches, per se, proves nothing. Can be > bad design: Windows was designed without a security system. (Well, > certainly very little). So was Linux. So was MVS. Remember the first > RACF and why CA had such an easy time selling CA-1? Can be sign of > "Kaizen" constant incremental improvement. > >> Being the cynic that I am, I wonder about the reason behind this. > Perhaps it is to "prove" that z/OS is actually more likely to contain > programming errors and so be open to "cracking" and thuse "less secure" > than some other beloved OS? After all, Windows doesn't have the hundreds > (if not thousands) of "patches" that z/OS gets regularly. Therefore, z/OS > is more poorly designed and implemented - QED, "no brainer". Same applies, > BTW, to Linux. Linux gets updated more regularly than Windows. Therefore > Linux is more poorly designed because they are constantly __BEING FORCED__ > (as many managers would see) to improve it. The "if it ain't broke, don't > fix it" misapplied to imply "if it's being modified, it must be broke". > -- > John McKown > Systems Engineer IV -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
