LARA

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Last revision Both sides next revision
note_on_buffer_overflows [2008/10/26 21:27]
vkuncak created 		note_on_buffer_overflows [2008/10/26 21:38]
vkuncak
Line 1: Line 1:
 ====== Note on Buffer Overflows ====== ====== Note on Buffer Overflows ======
  
 +A study by Cisco Systems, describes virus Code Red,
  
- +"Code Red (2001)
-Code Red (2001)+
  
 The Code Red worm was a self-replicating malicious code that exploited a known vulnerability in Microsoft IIS servers. Code Red attempted The Code Red worm was a self-replicating malicious code that exploited a known vulnerability in Microsoft IIS servers. Code Red attempted
 to connect to TCP port 80 on a randomly chosen host. When a successful connection to port 80 was achieved, the attacking host sent an to connect to TCP port 80 on a randomly chosen host. When a successful connection to port 80 was achieved, the attacking host sent an
 HTTP GET request to the victim, attempting to exploit a buffer overflow in the indexing service. Depending on the configuration of the host HTTP GET request to the victim, attempting to exploit a buffer overflow in the indexing service. Depending on the configuration of the host
-that received this request, there were varied consequences.+that received this request, there were varied consequences. ​ If the exploit was successful, Code Red began executing on the new victim host."​ 
 + 
 +and shows the world-wide economic impact to be **$2.62 billion**. 
 + 
 +The occurrences of these errors were reduced subsequently by a serious push within the company to adopt programming language discipline and tools that effectively turns C into a language where array accesses can be checked to be within bounds. 
 + 
 +Many of such errors could be prevented in first place by using memory-safe languages such as Java and Scala (or LISP, invented before C)