thoughts on Windows UPnP Vulnerability

Subject: thoughts on Windows UPnP Vulnerability
From: Gary Stoneburner <stoneburner@nist.gov>
Date: Fri, 18 Jan 2002 10:01:33 -0500
Content-Type: multipart/alternative; boundary="=====================_1207126==_.ALT"

re: http://www.info-sec.com/crypto/02/crypto_011502a_j.shtml

"This vulnerability is a buffer overflow, the easy-to-use low-hanging-fruit automatic-tools-to-fix kind of security vulnerability. It's not new or subtle; buffer overflows have been causing serious security problems for decades. ... This is a software quality problem, pure and simple. And the real solution is better software design, implementation, and quality procedures, not more patches and alerts and press releases."

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner *(been mobilized - Major, US Army Land Information Warfare Activity (LIWA)) * NIST contact points are still valid: * Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov **************************************************************************

Prev by Date: First 'Proof Of Concept' .Net Virus Appears Next by Date: Exploding Chips Prev by thread: Exploding Chips Next by thread: First 'Proof Of Concept' .Net Virus Appears Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov