lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 3 Nov 2006 19:24:31 +0200
From: Georgi Guninski <guninski@...inski.com>
To: Blue Boar <BlueBoar@...evco.com>
Cc: "morrisworm.com" <worm@...risworm.com>, full-disclosure@...ts.grok.org.uk,
	Valdis.Kletnieks@...edu
Subject: Re: 18th anniversary of Internet worm
	a.k.a.	Morris worm

my question was:

when was the first provable *public* (as in common sense) announcement of the
exploitability of buffer overflows.

didn't mean to underestimate the morris worm.

On Fri, Nov 03, 2006 at 08:21:37AM -0800, Blue Boar wrote:
> Valdis.Kletnieks@...edu wrote:
> >I have to conclude that before that, buffer overflows weren't even well
> >known *inside* the security community, much less outside in the wider
> >programming community.
> 
> They were known and exploited by 1972, in at least some communities.
> http://csrc.nist.gov/publications/history/ande72.pdf
> Pages 44 and 45.
> http://osvdb.org/blog/?p=77
>
 					BB
EOM



















_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ