lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Coming soon: CPU fix for buffer overflows

http://www.newscientist.com/news/news.jsp?id=ns99994696

Chips to ease Microsoft's big security nightmare 
10:00 22 February 04 
  
Chip makers are planning a new generation of microprocessors that should
plug the gaps that led Microsoft to issue a "critical security alert" last
week.

The alert was sparked by the discovery that a raft of Microsoft programs
were vulnerable to a problem called "buffer overflow", which hackers can
exploit to extract private information from a PC. And the risk of such
attacks only worsened when, two days after the alert was issued, critical
Windows "source code" was leaked on to the internet letting hackers see how
it works.

A buffer is a section of computer memory that can store a set amount of
data. Sometimes, usually because of a software bug, the processor sends more
data to the buffer than it can hold, causing it to overflow into the next
chunk of buffer memory. This makes computers vulnerable to hackers, because
by deliberately making a buffer overflow they can force the computer to
execute their malicious code.

The problem is hard to detect, as popular programming languages, like C and
C++ do not make it easy to track when programs are vulnerable to overflow.
But now chip makers Advanced Micro Devices (AMD) and Intel are developing
processor chips that will deal with the problem.

AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against
buffer overflows when used with a new version of Windows XP. Intel plans
similar features on next generation Pentium chips.

...


Powered by blists - more mailing lists