Here’s an article stating that Microsoft has added memcopy to the list of naughty functions. This is really not a surprise in my opinion. For those of you who do not know why this is bad, memcopy copies data from one memory location to another. The problem is that it does not check the size of the receiving location to make sure there is enough room. Over the years, this has caused many vulnerabilities. As any good C/C++ developer knows, good memory management is crucial.
Posts Tagged ‘buffer overflow’
May 15th, 2009
.net android vibrant root froyo ginger application security balls buffer overflow caveman code cross site scripting cyber czar cyber security cybersecurity cyber security command cyberspace delta Denial of Service developers DOS dynamic analysis faa false positive Fortify memcopy Merrick North Korea PCI penetration testing Savvis Security software security software security developers training static analysis stupid bosses sucks xss