Hi Lynne, Nice article in Byte. It reminds me of the old days when you could read a good technical piece in the print Byte. Kind of a rare phenomenon today. But do you really mean to say that *all* security problems are buffer problems?
Thank you Jim for your kind words. Could you please tell the editor of Byte as well? That way, more articles like this come the reader’s way. 🙂
No, obviously security isn’t just buffer overflows. But these little bandaids are everywhere, and cause an amazing amount of problems for something so trivial.
For example, on Cnet today another buffer overrun afflicting Windows was announced. “Secunia issued an advisory saying a buffer overrun flaw has been found in Office 2000, and potentially also in Office XP, that could allow hackers to take over a user’s system. The company rated the flaw as ‘highly critical.'” Alas, these bulletins are all too common.
I used the essay to illustrate that a one size fits all solution like a buffer can have larger implications than my “engineer” in the introduction realized, and that his solution may not be a solution at all. There’s a lot of sloppy thinking nowadays, and that doesn’t help in a more competitive global economy. I’d like to see fewer unemployed obsolete engineers and scientists, and more innovation and critical thinking. So I write these essays. I hope it helps. And I hope you continue to enjoy them.