Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Hack Exploits Common Programming Error

Posted by ScuttleMonkey on from the gibson-unavailable-for-comment dept.

buzzardsbay writes "TechTarget's security editor, Dennis Fisher is reporting that researchers at Watchfire Inc. have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability. According to the article, the researchers stumbled upon the method for remotely exploiting dangling pointers by chance while they were running the company's AppScan software against a Web server. The good folks at Watchfire will detail the technique in a presentation at the Black Hat Briefings in Las Vegas in August, Fisher writes."

17 of 255 comments (clear)

  1. Well duhhhh. by pushf+popf · · Score: 5, Funny

    Who would have thought that invalid pointers and buffer overruns might be exploitable as a security hole?

    Quick, someone alert Bill Gates!

  2. All the trouble in this world.. by WarwickRyan · · Score: 4, Funny

    ..is down to dangly bits.

    1. Re:All the trouble in this world.. by Herkum01 · · Score: 2, Funny

      That is why I use button fly, much harder for dangling bits to expose themselves.

    2. Re:All the trouble in this world.. by Opportunist · · Score: 2, Funny

      Will people never learn? Security by obscurity doesn't work!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. I'm telling my mother! by east+coast · · Score: 4, Funny

    Enough with all of this talk of "dangling pointers" you perverts.

    --
    Dedicated Cthulhu Cultist since 4523 BC.
    1. Re:I'm telling my mother! by fbjon · · Score: 3, Funny

      Does "damp security holes" sound better?

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
    2. Re:I'm telling my mother! by Anonymous Coward · · Score: 1, Funny

      I'd like to know how to penetrate that box, security must be tight...

    3. Re:I'm telling my mother! by Vintermann · · Score: 2, Funny

      Security by obscenity doesn't work!

      --
      xkcd is not in the sudoers file. This incident will be reported.
  4. The cure... by Anonymous Coward · · Score: 5, Funny

    I found that if I stop programming every 15 minutes or so and look up some pr0n, I significantly reduced my chances of having a "dangling pointer."

  5. Hehe by tttonyyy · · Score: 3, Funny

    ...which is why all my dangling pointers have unfree'd memory at the end of them just in case ;)

    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  6. Finally by dsanfte · · Score: 4, Funny

    Finally, an indisputable reason for choosing Java over C++.

    --
    occultae nullus est respectus musicae - originally a Greek proverb
  7. a new pickup line... by Anonymous Coward · · Score: 3, Funny

    "Hello security hole, wanna meet my dangling pointer?"

  8. Re:Why are we still dealing with this? by Red+Flayer · · Score: 4, Funny

    I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?
    So, you're saying you program properly, but the other 19 programmers in existence can't?

    Something tells me that even if your programming is 100% spot-on, your grammar skills are slightly lacking...
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  9. Re:Why are we still dealing with this? by 19thNervousBreakdown · · Score: 2, Funny

    Yeah, I just read that again. Guess I got a little carried away...

    --
    <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
  10. Re:Why are we still dealing with this? by slackmaster2000 · · Score: 4, Funny

    "I dunno. I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?"

    Because we're employed.

  11. From TFA... by Sebastopol · · Score: 4, Funny

    "This is a bit of a Pandora's box and once we open it, it will be just the tip of the iceberg."

    Did anyone else think:

    "If we hit that bullseye, the rest of the dominoes will fall like a house of cards! Checkmate." - Zapp Brannigan

    --
    https://www.accountkiller.com/removal-requested
  12. Re:does anyone know by Anonymous Coward · · Score: 1, Funny

    Given the moderation on your post I'd say it worked quite well...