From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,fb0e906666d11d51 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-09-17 10:17:04 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!nntp.cs.ubc.ca!torn!snoopy.risq.qc.ca!nf3.bellglobal.com!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail From: "Warren W. Gay VE3WWG" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Ada and cybersecurity References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: Date: Wed, 17 Sep 2003 13:02:11 -0400 NNTP-Posting-Host: 198.96.223.163 X-Complaints-To: abuse@sympatico.ca X-Trace: news20.bellglobal.com 1063818118 198.96.223.163 (Wed, 17 Sep 2003 13:01:58 EDT) NNTP-Posting-Date: Wed, 17 Sep 2003 13:01:58 EDT Organization: Bell Sympatico Xref: archiver1.google.com comp.lang.ada:42627 Date: 2003-09-17T13:02:11-04:00 List-Id: tmoran@acm.org wrote: >>>CSPAN-2 had todays hearings of the House Technology(etc) committee, ... >> >>This is what I was getting at when I asked about the use of Ada to protect >>against worms etc. I suspect that the place to start is to ask DoD or NSF > > When Congressman Putnam asked witnesses "what should the government do", > someone suggested a government lab to test and issue "secure" > certificates, another suggested more education of young people so they > won't be hackers, etc. I doubt a government lab could find obscure holes > much faster than they are found now, and I'm quite sure the the small > fraction of a percent of "young crackers" can't be reduced to zero by any > reasonable education campaign. One thing I didn't hear (but then I didn't > listen to the entire hearings) was any comment about better software > development tools, such as cutting down on buffer overflows (etc.) with > Ada. So perhaps we can expect a continuing low level of security, ever > more expensive worms, plus the government spending more of our children's > money ineffectively. Congress is unlikely to come up with good ideas > if nobody suggests any to them. Another option is often overlooked: get the hardware vendors (Intel) to include a better return instruction, so that code does not execute off of the stack (the return address must point to text, in read-only, excecutable (if the cpu supports it) address - else generate a fault). This too can be exploited I think, but it does make things much more difficult. There are perhaps other ways to perhaps eliminate this entirely, if the right hardware was in place. -- Warren W. Gay VE3WWG http://home.cogeco.ca/~ve3wwg