Hi Mark, : The adolescent minds that engage in "exploits" wouldn't know COBOL if a : printout fell out a window and onto their heads. I'm sure you can write : COBOL programs that crash, but it must be hard to make them take control : of the operating system. COBOL programs are heavy into unit record : equipment (cards, line printers), tape files, disk files, sorts, merges, : report writing -- all the stuff that came down to 1959-model mainframes : from tabulating equipment. They don't do Internet. What they could do : and have done is incorporate malicious code that exploits rounding error : such that many fractional pennies end up in a conniving programmer's : bank account.
I'd love for you to show me such exploits, specifically citing the OS and/or affected programs *with* a public reference. =) http://osvdb.org/ "Search" Disclosure Date Range: 1960-01-01 to 1979-01-01 Please, help me add to the collection =) Many of these were uncovered by my own personal interest/research along with a few contributers to my challenge to find the oldest documented vulnerability: http://osvdb.org/blog/?p=77 Brian _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
