http://aluigi.altervista.org/adv/quicktimebof-adv.txt
You’d think by now … after all, SC Magazine, at least in the print edition, lists the “top 5 attacks” used by US and foreign hackers, and ‘overflow’ attacks have been in the number 1 or number 2 slot for as far back as I can remember.
I keep going on about how the Morris Worm brought this to the public attention TWENTY years ago. I keep going on about how I continue to meet programmers of varying maturity, not just the ones fresh out of college, who are unaware of this kind of programming flaw - along with many other flaws and egregious habits.
I suspect what we have is the old phenomena of assigning junior (aka inexperienced) coders to doing the maintenance programming. Why else would this kind of bug be introduced into a mature product?
Did I say ‘introduced‘? Perhaps it was there all along, which is even worse, since it means it took this long to discover it.
