about code red worm and its offspring... 
Author Message
 about code red worm and its offspring...

The Code Red virus is explained as this: "A buffer overflow occurs when
someone inputs more data into a field than that field expects. The text that
spills over can then be executed on the computer." - Interactive Week Vol.
8, No. 30 pg. 14

Ok, why can you not set a validation where you are not able to input more
text than the field expects???
Is that just too simplistic of a view?
If you cannot input more data than a field expects, then theoretically a
buffer overflow would not occur?
What does everyone think?

--

Visual SUN Studios
http://www.*-*-*.com/



Tue, 03 Feb 2004 12:23:17 GMT  
 about code red worm and its offspring...
Absolutely correct.

Buffer overflows only occur when there is no validation.
Therefore it can be described as "careless programming"

In their defense, writing a program where you've remembered to check every
single buffer (there might well be a thousand or more in IIS) is quite hard
work - it only requires a single buffer to be left unchecked to give you
horrible publicity!

Yours

Daniel Wolff


Quote:
> The Code Red virus is explained as this: "A buffer overflow occurs when
> someone inputs more data into a field than that field expects. The text
that
> spills over can then be executed on the computer." - Interactive Week Vol.
> 8, No. 30 pg. 14

> Ok, why can you not set a validation where you are not able to input more
> text than the field expects???
> Is that just too simplistic of a view?
> If you cannot input more data than a field expects, then theoretically a
> buffer overflow would not occur?
> What does everyone think?

> --

> Visual SUN Studios
> http://www.visualsun.ws



Tue, 03 Feb 2004 22:24:05 GMT  
 about code red worm and its offspring...
looks like MS should totally rewrite some of their programs then, huh.

--

Visual SUN Studios
http://www.visualsun.ws

Quote:
> Absolutely correct.

> Buffer overflows only occur when there is no validation.
> Therefore it can be described as "careless programming"

> In their defense, writing a program where you've remembered to check every
> single buffer (there might well be a thousand or more in IIS) is quite
hard
> work - it only requires a single buffer to be left unchecked to give you
> horrible publicity!

> Yours

> Daniel Wolff



> > The Code Red virus is explained as this: "A buffer overflow occurs when
> > someone inputs more data into a field than that field expects. The text
> that
> > spills over can then be executed on the computer." - Interactive Week
Vol.
> > 8, No. 30 pg. 14

> > Ok, why can you not set a validation where you are not able to input
more
> > text than the field expects???
> > Is that just too simplistic of a view?
> > If you cannot input more data than a field expects, then theoretically a
> > buffer overflow would not occur?
> > What does everyone think?

> > --

> > Visual SUN Studios
> > http://www.visualsun.ws



Wed, 04 Feb 2004 06:38:27 GMT  
 about code red worm and its offspring...


Quote:
> looks like MS should totally rewrite some of their programs then, huh.

Buffer overflows are _very_ common in programming situations. It's one of
the most common programming mistakes made by lots of programmers working for
lots of companies.


Wed, 04 Feb 2004 07:35:36 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. Code Red worm and typed languages

2. Worm virus: W32/opaserv.worm.f

3. W32 Opaserv.worm a/k/a Opasoft.A Worm

4. C55aps10.exe Bombing every hour - Code Red?

5. Code Red

6. Help! Mutant TBColumnNew() offspring

7. need code for red-black binary search tree

8. Fun with httpd logs and code red

9. Nimda/Code Red Log File Entries

10. Code Red PITA

11. Code.Red

12. Warning: HAPPY99.EXE is the new internet worm, do NOT execute

 

 
Powered by phpBB® Forum Software