The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.
[EMAIL PROTECTED] (Rick Fochtman) writes: > IMHO, the programming language, whether for applications or operating > systems, is unimportant, PROVIDED that all the necessary functions can > be provided in an efficient manner. The important matter is whether > the desired end can be reached efficiently or not. There lots of ways > to drive from Chicago to Houston; which route best serves your needs? lots of past posts discussing common C language environment having a paradigm that promotes buffer length programming errors. http://www.garlic.com/~lynn/subintegrity.html#overflow up threw 1999, (c-language related) buffer overflow exploits accounted for the majority of all internet related vulnerabilities. the majority of these buffer overflow exploits wouldn't happen in PLI and PASCAL. They also wouldn't occur in 360 assembler conforming to standard system services (because os/360 system services avoided buffer length shortcoming convention that was part of common C language programming convention). in the early part of this decade ... there was a big increase in internet-related exploits involving the greater use in some platforms and/or associated (personal) applications which would automatically execute scripts arriving over the network. this increased until automagic script execution exploits were about equal to buffer length related exploits. a couple past posts related to doing frequency analysis on the CVE vulnerability database ... and having difficulty categorizing exploits ... and lobbying the CVE interests to improve the strucuture/nature of CVE reports. http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE http://www.garlic.com/~lynn/2005c.html#28 [Lit.] Buffer overruns http://www.garlic.com/~lynn/2005c.html#32 [Lit.] Buffer overruns http://www.garlic.com/~lynn/2007q.html#20 Hackers Attack Apps While Still in Development some amount of the problem was that common personal computer platforms had started out on stand-alone environment with possible terminal emulation connection http://www.garlic.com/~lynn/subnetwork.html#emulation and then LAN connections were introduced for local departmental networking. The automatic scripting grewup (as purely content enrichment enhancement) in a purely non-hostile environment. The problem was treating the LAN connections, in a purely non-hostile departmental networking environment, as the same as LAN connections in the extremely hostile internet networking environment ... and not having evolved the appropriate countermeasures for the wide variety of possibly attacks. for other drift, recent reference to the cms xmas exec http://www.garlic.com/~lynn/2007u.html#87 CompUSA to Close after Jan. 1st 2008 http://www.garlic.com/~lynn/2008c.html#2 folklore indeed on bitnet http://www.garlic.com/~lynn/subnetwork.html#bitnet a year before the morris worm http://en.wikipedia.org/wiki/Morris_worm on the internet http://www.garlic.com/~lynn/subnetwork.html#internet and for other topic drift ... attempted reproduction (in html) of an old '81 3279 xmas tree exec http://www.garlic.com/~lynn/2007v.html#54 An old fashioned Christmas http://www.garlic.com/~lynn/2007v.html#55 An old fashioned Christmas http://www.garlic.com/~lynn/2007v.html#56 An old fashioned Christmas ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
