[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061103172430.GB13519@sivokote.iziade.m$>
Date: Fri, 3 Nov 2006 19:24:31 +0200
From: Georgi Guninski <guninski@...inski.com>
To: Blue Boar <BlueBoar@...evco.com>
Cc: "morrisworm.com" <worm@...risworm.com>, full-disclosure@...ts.grok.org.uk,
Valdis.Kletnieks@...edu
Subject: Re: 18th anniversary of Internet worm
a.k.a. Morris worm
my question was:
when was the first provable *public* (as in common sense) announcement of the
exploitability of buffer overflows.
didn't mean to underestimate the morris worm.
On Fri, Nov 03, 2006 at 08:21:37AM -0800, Blue Boar wrote:
> Valdis.Kletnieks@...edu wrote:
> >I have to conclude that before that, buffer overflows weren't even well
> >known *inside* the security community, much less outside in the wider
> >programming community.
>
> They were known and exploited by 1972, in at least some communities.
> http://csrc.nist.gov/publications/history/ande72.pdf
> Pages 44 and 45.
> http://osvdb.org/blog/?p=77
>
BB
EOM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists