Mercurial Mercurial > hg > sen-material / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho03.tex
changeset 211 e6e160c7ea33
parent 209 fd43a9cd9c07
child 212 1d2744383b7a 
--- a/handouts/ho03.tex	Mon Oct 06 02:44:23 2014 +0100
+++ b/handouts/ho03.tex	Mon Oct 06 20:52:53 2014 +0100
@@ -7,34 +7,34 @@
 \section*{Handout 3 (Buffer Overflow Attacks)}
 
 By far the most popular attack method on computers are buffer
-overflow attacks or variations thereof. The popularity is
+overflow attacks or simple variations thereof. The popularity is
 unfortunate because we now have technology to prevent them
 effectively. But these kind of attacks are still very relevant
 even today since there are many legacy systems out there and
 also many modern embedded systems do not take any precautions
 to prevent such attacks.
 
-To understand how buffer overflow attacks work we have to have
+To understand how buffer overflow attacks work, we have to have
 a look at how computers work ``under the hood'' (on the
 machine level) and also understand some aspects of the C/C++
 programming language. This might not be everyday fare for
 computer science students, but who said that criminal hackers
 restrict themselves to everyday fare? Not to mention the
 free-riding script-kiddies who use this technology without
-knowing what are the underlying ideas.
+even knowing what the underlying ideas are.
  
 For buffer overflow attacks to work, a number of innocent
 design decisions, which are really benign on their own, need
 to conspire against you. All these decisions were pretty much
-taken in a time when there was no Internet: C was introduced
-around 1973, the Internet TCP/IP protocol was standardised in
-1982 by which time there were maybe 500 servers connected
-worldwide (all users were well-behaved), Intel's first 8086
-CPUs arrived around 1977. So nobody of the creators can 
-really be blamed, but as mentioned above we should already 
-be way beyond the point that buffer overflow attacks are
-worth a thought. Unfortunately this is far from the truth. I 
-let you think why?
+taken at a time when there was no Internet: C was introduced
+around 1973; the Internet TCP/IP protocol was standardised in
+1982 by which time there were maybe 500 servers connected (and
+all users were well-behaved, mostly academics); Intel's first
+8086 CPUs arrived around 1977. So nobody of the
+``forefathers'' can really be blamed, but as mentioned above
+we should already be way beyond the point that buffer overflow
+attacks are worth a thought. Unfortunately, this is far from
+the truth. I let you think why?
 
 One such ``benign'' design decision is how the memory is laid
 out into different regions for each process.
sen-material