13Oct2009 (UTC +8)
On Tue, Oct 13, 2009 at 11:31, Gideon N. Guillen
<[email protected]> wrote:
>> Are these the first functions we learn in C? Assuming AES is in C
>> which I don't know.
>
> We know at least some parts of the AES is in C, like the Linux kernel. And
> since
> it is an embeded machine with very limited resource, the actual code for the
> vote
> counting code must also be in C.
>
>> In general, to induce overruns we try to overload the system. In the
>
> Then you're misinformed about how buffer overruns work. All it takes is one
> malformed
> input that the machine thinks is valid to exploit the vulnerability. Just
> one. No need to
> overload the system.
Right on.
This will pass unimaginative acceptance testing, but not source-code auditors.
======================
#include <stdio.h>
int main ()
{
char inputstr[100];
printf ("Agree or disagree: ");
scanf ("%s", inputstr);
}
======================
Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA
http://www.laggui.com ( Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
