From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-ArrivalTime: 2001-08-01 16:16:07 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!iad-peer.news.verio.net!news.verio.net!iad-read.news.verio.net.POSTED!kilgallen From: Kilgallen@eisner.decus.org.nospam (Larry Kilgallen) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Message-ID: <1QWB8uOA7ubU@eisner.encompasserve.org> References: <%CX97.14134$ar1.47393@www.newsranger.com> <9k9if8$rn3$1@elf.eng.bsdi.com> <9k9nci$1cq$1@nh.pace.co.uk> <9k9s85$s0o$1@elf.eng.bsdi.com> Organization: LJK Software Date: 1 Aug 2001 19:15:42 -0500 NNTP-Posting-Host: 216.44.122.34 X-Complaints-To: abuse@verio.net X-Trace: iad-read.news.verio.net 996707746 216.44.122.34 (Wed, 01 Aug 2001 23:15:46 GMT) NNTP-Posting-Date: Wed, 01 Aug 2001 23:15:46 GMT Xref: archiver1.google.com comp.lang.ada:11005 comp.lang.c:71461 comp.lang.c++:79200 comp.lang.functional:7128 Date: 2001-08-01T19:15:42-05:00 List-Id: In article <9k9s85$s0o$1@elf.eng.bsdi.com>, Chris Torek writes: > Until you get the number of defects close to zero -- I am not sure > "how close" is required; obviously zero suffices, given an appropriate > definition of defects; but I think zero is also unachievable unless > given an inappropriate definition :-) -- there will still be > "exploitable bugs" in systems. My argument is that, if we somehow > achieved this more perfect world, the crackers would simply change > their tactics: instead of using easily-cracked buffer overflow > bugs, they would use more-difficult (but available today) tricks > like TCP session record and replay. If those other tactics are more difficult, it means productivity (in the cracking business) is lower using those tactics. Otherwise those tactics would be in wider use today. Perhaps they are even less easily spread to Script Kiddies.