From: Tonnerre Lombard (tonnerre.lombard@sygroup.ch)
Date: Sat Jun 24 2006 - 09:13:04 EDT
Salut,
On Fri, 2006-06-23 at 13:13 +0800, Mike Gilligan wrote:
> Stack and heap based overflows were the traditional methods of exploiting
> C/C++ code. then the previously unknown Format string attacks were brought
> to the communities attention around 2000. Is it likely that in 5 years time
> or sooner we will be talking about an as-yet unknown form of exploitation or
> have we exhausted all methods of attacking C/C++ based code/apps?
There is in fact already a variety of different attack vectors, such as
input validation issues, insufficient authentication verification
(Hello, DTAG), signal handler vulnerabilities (Ok, those are related to
double free attacks most of the time), etc.
Alan Turing taught us that there is no limit to what can be done with a
"Turing complete" programming language. Consequently, the amount of
things that can be done wrong is probably infinite.
Tonnerre
-- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach Web:www.sygroup.ch tonnerre.lombard@sygroup.ch
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:10 EDT