Slashdot Mirror


New Hack Exploits Common Programming Error

buzzardsbay writes "TechTarget's security editor, Dennis Fisher is reporting that researchers at Watchfire Inc. have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability. According to the article, the researchers stumbled upon the method for remotely exploiting dangling pointers by chance while they were running the company's AppScan software against a Web server. The good folks at Watchfire will detail the technique in a presentation at the Black Hat Briefings in Las Vegas in August, Fisher writes."

8 of 255 comments (clear)

  1. Well duhhhh. by pushf+popf · · Score: 5, Funny

    Who would have thought that invalid pointers and buffer overruns might be exploitable as a security hole?

    Quick, someone alert Bill Gates!

  2. All the trouble in this world.. by WarwickRyan · · Score: 4, Funny

    ..is down to dangly bits.

  3. I'm telling my mother! by east+coast · · Score: 4, Funny

    Enough with all of this talk of "dangling pointers" you perverts.

    --
    Dedicated Cthulhu Cultist since 4523 BC.
  4. The cure... by Anonymous Coward · · Score: 5, Funny

    I found that if I stop programming every 15 minutes or so and look up some pr0n, I significantly reduced my chances of having a "dangling pointer."

  5. Finally by dsanfte · · Score: 4, Funny

    Finally, an indisputable reason for choosing Java over C++.

    --
    occultae nullus est respectus musicae - originally a Greek proverb
  6. Re:Why are we still dealing with this? by Red+Flayer · · Score: 4, Funny

    I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?
    So, you're saying you program properly, but the other 19 programmers in existence can't?

    Something tells me that even if your programming is 100% spot-on, your grammar skills are slightly lacking...
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  7. Re:Why are we still dealing with this? by slackmaster2000 · · Score: 4, Funny

    "I dunno. I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?"

    Because we're employed.

  8. From TFA... by Sebastopol · · Score: 4, Funny

    "This is a bit of a Pandora's box and once we open it, it will be just the tip of the iceberg."

    Did anyone else think:

    "If we hit that bullseye, the rest of the dominoes will fall like a house of cards! Checkmate." - Zapp Brannigan

    --
    https://www.accountkiller.com/removal-requested