TiGa

Why is secure development so important?

Rating: 2 votes, 2.50 average.
Here's a conversation I had recently with somebody:
A: Why do you check the length of your strings so often and do that much validation of inputs?
Me: It's more secure that way.
A: Why do you need to make you program secure?
Me: Better secure than sorry.
A: It's a useless loss of time.
Me: Bah, it's surprising sometimes the unforeseen problems that it can save.

Here's a good example of an unforeseen problem that might happen, somebody managed to exploit a buffer overflow in OllyDbg and ImpREC.
http://forums.accessroot.com/index.php?showtopic=7278
http://www.milw0rm.com/exploits/6031
It happens when an export from a dll has a name longer than the buffer.

CHimpREC does not get fooled by this trick:

http://img234.imageshack.us/my.php?image=antidebugdn6.png

Better secure than sorry...

Submit "Why is secure development so important?" to Digg Submit "Why is secure development so important?" to del.icio.us Submit "Why is secure development so important?" to StumbleUpon Submit "Why is secure development so important?" to Google

Categories
Uncategorized

Comments