AccessMyLibrary provides FREE access to over 30 million articles from top publications available through your library.

Index of articles > Business > Computers and Office Automation Industries publications > Client Server News articles > February 2002 articles
Close

Create a link to this page

Copy and paste this link tag into your Web page or blog:

<a href="http://www.accessmylibrary.com/article-1G1-83146259/vc-net-compiler-called.html" title="Facts and information about VC++.NET Compiler Called "Vulerability Seeder".">VC++.NET Compiler Called "Vulerability Seeder".</a>
Close Set up an RSS feed that alerts you when new articles from Client Server News are available.
XML Add to My Yahoo! Add to My AOL Add to Google Subscribe in NewsGator
Frequently asked questions about RSS feeds

VC++.NET Compiler Called "Vulerability Seeder".

Client Server News

| February 25, 2002 | COPYRIGHT 2002 G2 Computer Intelligence. This material is published under license from the publisher through the Gale Group, Farmington Hills, Michigan.  All inquiries regarding rights should be directed to the Gale Group. (Hide copyright information)Copyright

A software risk management consultancy by the name of Cigital claims the protection mechanism in Microsoft's Visual C++.NET compiler is vulnerable to attack.

The mechanism is called /GS and is there to handle buffer overflows, the cause of a lot of Microsoft's security woes.

Cigital warns against using it. It claims /GS resembles a piece of third-party widgetry called StackGuard and it takes a dim view of StackGuard. "The StackGuard mechanism makes a poor efficiency/security tradeoff, especially as implemented in Microsoft's compiler," it says.

Microsoft claims /GS has nothing to do with StackGuard.

Cigital took impetus from a white paper written last year by Microsoft developer Brandon Bray called "How Visual C++.NET can prevent buffer overruns." Cigital thinks the title is misleading and overpromises. It claims developers might be lulled into a false sense of security and rely on the /GS feature to protect their code.

Related articles from newspapers, magazines, journals, and more
MS02-039: buffer overruns in Structured Query Language Server 2000 resolution...
Newspaper article from: Information Systems Auditor September 1, 2002 700+ words
...vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted...considerably. Mitigating factors Buffer overruns in SQL Server Resolution Service...service vulnerability only. www.microsoft.com.technet/ security...
MICROSOFT SECURITY `JOURNEY IS WELL UNDER WAY BUT SKEPTICS DOUBT COMPANY'S...
Newspaper article from: Seattle Post-Intelligencer (Seattle, WA) Richman, Dan February 27, 2002 700+ words
...of vulnerabilities called buffer overruns. At a minimum, buffer overruns can destroy data. At worst...which the vast majority of Microsoft's and other software makers...the chances of creating buffer overruns, though it requires programmers...
Redmond Tries To Get Past the Code Red Blues.(what Microsoft is planning)
Newspaper article from: Client Server News Zipper, Stuart October 8, 2001 700+ words
...immune to Code Red and Nimda. Other Microsoft promises include a Win2K Service...to try to eliminate the infamous buffer overruns that have caused so many of the...built to eliminate buffer overruns Microsoft said. It didn't reveal when...
VC++.NET Compiler Called "Vulnerability Seeder".(Cigital warns of flaw in...
Newspaper article from: The Online Reporter February 25, 2002 700+ words
...written last year by Microsoft developer Brandon Bray...NET can prevent buffer overruns." Cigital thinks...return address. "Microsoft has never claimed that...eliminates all types of buffer overruns," it said. A two...overwhelm the mechanism. Microsoft's tests supposedly...
Finjan Software owners already protected against attacks that could exploit...
Press release article from: M2 Presswire September 12, 2003 700+ words
...newly discovered Microsoft Windows RPC vulnerabilities...acknowledged yesterday by Microsoft Corp. Two of...vulnerabilities are buffer overruns that could allow...According to Microsoft, the two newly discovered buffer overruns are rated "critical...
Finjan Software Owners Already Protected Against Attacks That Could Exploit...
Press release article from: PR Newswire September 11, 2003 700+ words
...acknowledged yesterday by Microsoft Corp. Two of...vulnerabilities are buffer overruns that could allow...According to Microsoft, the two newly discovered buffer overruns are rated "critical...identified by Microsoft. Using Finjan...
Finjan software owners already protected against attacks that could exploit...
Press release article from: PR Newswire September 11, 2003 700+ words
...acknowledged yesterday by Microsoft Corp. Two of...vulnerabilities are buffer overruns that could allow...According to Microsoft, the two newly discovered buffer overruns are rated "critical...identified by Microsoft. Using Finjan...
Microsoft Details New Security Innovations at RSA Conference 2003, Europe.
Press release article from: PR Newswire November 4, 2003 700+ words
...New Safety Technologies Microsoft is continuing efforts to...security enhancements to Microsoft Windows XP and Windows Server...malicious Web content and buffer overruns. Windows Server 2003 Service...demonstrated an early prototype of Microsoft's upcoming Next- Generation...
For more facts and information, see all results
©2009 Gale, a part of Cengage Learning. All rights reserved.
About us | FAQs | Contact us | Privacy policy | Terms and conditions
Other Gale sites: Encyclopedia.com | HighBeam Research | Acquire Content | Books & Authors | Goliath | MovieRetriever | Smart QandA