The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.
Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes: > vulnerability database ... and having difficulty categorizing exploits > ... and lobbying the CVE interests to improve the strucuture/nature of > CVE reports. > http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE > http://www.garlic.com/~lynn/2005c.html#28 [Lit.] Buffer overruns > http://www.garlic.com/~lynn/2005c.html#32 [Lit.] Buffer overruns > http://www.garlic.com/~lynn/2007q.html#20 Hackers Attack Apps While Still in > Development re: http://www.garlic.com/~lynn/2008d.html#58 Linux zSeries questions and past posts mentioning c-language programming environment proclivity for buffer overflows http://www.garlic.com/~lynn/subintegrity.html#overflow The common cold of IT security http://www.gcn.com/online/vol1_no1/45864-1.html from above: IT security experts are not ready to admit defeat by one of the most common types of exploits, but the battle against buffer overflows so far has produced about the same results as medical science has against the common cold: We can treat it, but we haven’t found a way to cure it. “It’s the same problem over and over again,” independent security consultant Shawn Moyer said Thursday at the Black Hat Federal Briefings in Washington. “We patch, we scan, we patch, we scan, and the cycles get shorter and shorter and the problem is worse.” The result, he said, is a “flailing death spiral of updates and patches.” ... snip ... we had done quite a bit of implementations using vs/pascal ... including the original mainframe tcp/ip implementation ... w/o having any buffer length problems (not that they couldn't happen ... but it took quite a bit more effort in pascal to have a buffer length problem ... compared to c language programming environment). for other drift ... the original base tcp/ip implementation had 44kbytes/sec thruput consuming a full 3090 processor ... in large part because of the characteristics of the controller used to interface to LANs. i had done the rfc 1044 enhancements (to support a controller box from another vendor) and in some tuning tests at cray research between a cray and 4341 clone ... was getting 1mbyte/sec using only a modest amount of the 4341 processor (approx. three orders of magnitude improvement in bytes transfered per instruction executed) http://www.garlic.com/~lynn/subnetwork.html#1044 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
