57 To understand how buffer overflow attacks work, we have to have |
57 To understand how buffer overflow attacks work, we have to have |
58 a look at how computers work ``under the hood'' (on the |
58 a look at how computers work ``under the hood'' (on the |
59 machine level) and also understand some aspects of the C/C++ |
59 machine level) and also understand some aspects of the C/C++ |
60 programming language. This might not be everyday fare for |
60 programming language. This might not be everyday fare for |
61 computer science students, but who said that criminal hackers |
61 computer science students, but who said that criminal hackers |
62 restrict themselves to everyday fare? Not to mention the |
62 restrict themselves to everyday fare? ...not to mention the |
63 free-riding script-kiddies who use this technology without |
63 free-riding script-kiddies who use this technology without |
64 even knowing what the underlying ideas are. If you want to be |
64 even knowing what the underlying ideas are. If you want to be |
65 a good security engineer who needs to defend such attacks, |
65 a good security engineer who needs to defend against such attacks, |
66 then better you get to know the details. |
66 then better you get to know the details too. |
67 |
67 |
68 For buffer overflow attacks to work, a number of innocent |
68 For buffer overflow attacks to work, a number of innocent |
69 design decisions, which are really benign on their own, need |
69 design decisions, which are really benign on their own, need |
70 to conspire against you. All these decisions were taken at a |
70 to conspire against you. All these decisions were taken at a |
71 time when there was no Internet: C was introduced around 1973; |
71 time when there was no Internet: C was introduced around 1973; |