An attack on paypal
Bill Frantz
frantz at pwpconsult.com
Tue Jun 10 18:39:38 EDT 2003
At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote:
>somebody (else) commented (in the thread) that anybody that currently
>(still) writes code resulting in buffer overflow exploit maybe should be
>thrown in jail.
A nice essay, partially on the need to include technological protections
against human error, included the above paragraph.
IMHO, the problem is that the C language is just too error prone to be used
for most software. In "Thirty Years Later: Lessons from the Multics
Security Evaluation", Paul A. Karger and Roger R. Schell
<www.acsac.org/2002/papers/classic-multics.pdf> credit the use of PL/I for
the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac
world, a successor language has not yet appeared.
YMMV - Bill
-------------------------------------------------------------------------
Bill Frantz | Due process for all | Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list