New Hack Exploits Common Programming Error

buzzardsbay writes "TechTarget's security editor, Dennis Fisher is reporting that researchers at Watchfire Inc. have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability. According to the article, the researchers stumbled upon the method for remotely exploiting dangling pointers by chance while they were running the company's AppScan software against a Web server. The good folks at Watchfire will detail the technique in a presentation at the Black Hat Briefings in Las Vegas in August, Fisher writes."

Well duhhhh.

[pushf popf]

Who would have thought that invalid pointers and buffer overruns might be exploitable as a security hole?

Quick, someone alert Bill Gates!

All the trouble in this world..

[WarwickRyan]

..is down to dangly bits.

I'm telling my mother!

[east coast]

Enough with all of this talk of "dangling pointers" you perverts.

The cure...

[Anonymous Coward]

I found that if I stop programming every 15 minutes or so and look up some pr0n, I significantly reduced my chances of having a "dangling pointer."

Re:All the trouble in this world..

[Herkum01]

That is why I use button fly, much harder for dangling bits to expose themselves.

Hehe

[tttonyyy]

...which is why all my dangling pointers have unfree'd memory at the end of them just in case ;)

Finally

[dsanfte]

Finally, an indisputable reason for choosing Java over C++.

a new pickup line...

[Anonymous Coward]

"Hello security hole, wanna meet my dangling pointer?"

Re:I'm telling my mother!

[fbjon]

Does "damp security holes" sound better?

Re:Why are we still dealing with this?

[Red Flayer]

I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?

So, you're saying you program properly, but the other 19 programmers in existence can't?

Something tells me that even if your programming is 100% spot-on, your grammar skills are slightly lacking...

Re:Why are we still dealing with this?

[19thNervousBreakdown]

Yeah, I just read that again. Guess I got a little carried away...

Re:Why are we still dealing with this?

[slackmaster2000]

"I dunno. I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?"

Because we're employed.

Re:All the trouble in this world..

[Opportunist]

Will people never learn? Security by obscurity doesn't work!

Re:I'm telling my mother!

[Anonymous Coward]

I'd like to know how to penetrate that box, security must be tight...

From TFA...

[Sebastopol]

"This is a bit of a Pandora's box and once we open it, it will be just the tip of the iceberg."

Did anyone else think:

"If we hit that bullseye, the rest of the dominoes will fall like a house of cards! Checkmate." - Zapp Brannigan

Re:does anyone know

[Anonymous Coward]

Given the moderation on your post I'd say it worked quite well...

Re:I'm telling my mother!

[Vintermann]

Security by obscenity doesn't work!