Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Sat, 22 Nov 2014 00:37:29 +0000
changeset 326 6e4e9bdedf7b
parent 325 48c6751f2173
child 327 03da67991ff0
updated
handouts/ho03.pdf file | annotate | diff | comparison | revisions
handouts/ho03.tex file | annotate | diff | comparison | revisions 
Binary file handouts/ho03.pdf has changed
--- a/handouts/ho03.tex	Fri Nov 21 22:21:30 2014 +0000
+++ b/handouts/ho03.tex	Sat Nov 22 00:37:29 2014 +0000
@@ -301,7 +301,7 @@
 would just not work. Had the designers of C had just been able
 to foresee what headaches their way of arranging the stack
 caused in the time where computers are accessible from
-everywhere. 
+everywhere?
 
 What the outcome of such an attack is can be illustrated with
 the code shown in Figure~\ref{C2}. Under ``normal operation''
@@ -666,7 +666,7 @@
 under an Ubuntu version ``Maverick Meerkat'' from October 
 2010 and the gcc 4.4.5. I have not tried whether newer versions
 would work as well. I tested all examples inside a virtual 
-box\footnote{https://www.virtualbox.org} insulating my main 
+box\footnote{\url{https://www.virtualbox.org}} insulating my main 
 system from any harm. When compiling the programs I called 
 the compiler with the following options:
 
@@ -688,16 +688,15 @@
 stack executable, thus the the example in Figure~\ref{C3}
 works as intended. While this might be considered
 cheating....since I explicitly switched off all defences, I
-hope I was able convey that this is actually not too far
-from realistic scenarios. I have shown you the classic version
-of the buffer overflow attacks. Updated variants do exist.
-Also one might argue buffer-overflow attacks have been
-solved on computers (desktops or servers) but the computing
-landscape of nowadays is wider than ever. The main problem
-nowadays are embedded systems against which attacker can 
-equally cause a lot of harm and which are much less defended
-against. Anthony Bonkoski makes a similar argument in his 
-security blog:
+hope I was able convey that this is actually not too far from
+realistic scenarios. I have shown you the classic version of
+the buffer overflow attacks. Updated variants do exist. Also
+one might argue buffer-overflow attacks have been solved on
+computers (desktops or servers) but the computing landscape of
+nowadays is wider than ever. The main problem nowadays are
+embedded systems against which attacker can equally cause a
+lot of harm and which are much less defended. Anthony Bonkoski
+makes a similar argument in his security blog:
 
 \begin{center}
 \url{http://jabsoft.io/2013/09/25/are-buffer-overflows-solved-yet-a-historical-tale/}
sen-material