TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Classic View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
"W. Wesley Groleau x4923" <[log in to unmask]>
Wed, 21 Jun 2000 08:48:14 -0500
text/plain (52 lines)
> I couldn't access this site.  Do you have a copy of it?
>
> > Access is free, but you do have to release some personal info (or lie about it).
> >
> > http://www10.nytimes.com/library/98/07/biztech/articles/30email-flaw.html

I can't get it either, now.  To get to it yesterday, I had to provide
name, e-mail. age, income, etc., and agree to never reproduce anything
accessed.  The error page says that most articles remain online only the
day they are printed--and this one was from July 1998!  Maybe after I
accessed it, the webserver sent an alarm to the webmaster: "Alert! Old
article still online!"  The page also said they charge $2.50 each for
reprints of old articles.

Highlights:

E-mail programs Microsoft Express, Outlook 98, and Netscape Mail, all were
found in 1998 (probably fixed now) to be susceptible to buffer overrun
errors, which would allow parts of too-large attachments to overwrite
program code.  CERT said that this particular bug was responsible for 4 of
9 security problems in 1998 and 10 of 28 in 1997 in these products.

"More modern programming languages, like the Java language" have built-in
safeguards to prevent such errors.  But programmers don't like Java
because it runs so slow.

A Java developer admits that C programs run faster, but often because they
"failed to do the rigorous checking that is built into Java."

"Despite safety advances in newer languages, many veteran software
designers are fatalistic about the possibility of eliminating bugs."

Quotes a warning by security researcher Robert Morris about sloppy
programming, and then "Indeed, .... Morris's son ... used a similar buffer
overflow error ...  [to] infect large portions of the Internet."

To say much more would be a copyright violation.  But I will say that the
writer, John Markoff, named only three languages - C, C++, and Java -- and
did not even hint that there are others.

In his defense, he's probably a non-technical reporter who first heard of
all three languages when assigned to write a followup for the "Security
Flaw Discovered" article they ran the day before.

I get the impression the article also appeared on newsprint.  Probably
find it at the library on Microfilm.  New York Times, July 30, 1998.
"Flaw in E-Mail Programs Points to an Industrywide [sic] Problem"

--
Wes Groleau
http://freepages.genealogy.rootsweb.com/~wgroleau

ATOM RSS1 RSS2