Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Hack Exploits Common Programming Error

Posted by ScuttleMonkey on from the gibson-unavailable-for-comment dept.

buzzardsbay writes "TechTarget's security editor, Dennis Fisher is reporting that researchers at Watchfire Inc. have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability. According to the article, the researchers stumbled upon the method for remotely exploiting dangling pointers by chance while they were running the company's AppScan software against a Web server. The good folks at Watchfire will detail the technique in a presentation at the Black Hat Briefings in Las Vegas in August, Fisher writes."

2 of 255 comments (clear)

  1. Re:Well duhhhh. by pushf+popf · · Score: 1, Flamebait
    This just in:
    • The earth isn't flat
    • Fire is hot
    • Poorly written software is exploitable
    I've been writing software since "high level language" meant that the assembler understood named labels. Poorly written software had exploitable pointers back then too.

    This is just as newsworthy as the discovery that bears crap in the woods.
  2. Re:Well duhhhh. by Opportunist · · Score: 0, Flamebait

    Quick, someone alert Bill Gates!

    Could be a good idea. He might be the last IT guy who doesn't know yet, judging from his software...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.