Blog Bug's

bugging blogs

Archive for June, 2010

…on `Attacks and Defenses for the Vulnerability of the Decade`

The reading discusses security vulnerabilities involving mainly of some forms of buffer overflow attacks, and some known effective defenses against them (buffer overflows).

I admit that I’m also guilty of not coding the so called `correct` way (sometime). Well like most developer it’s a matter of weighing among functionality, performance, and correctness. Most of the time functionality is the major concern. On a reflection, the reading makes me realize of reconsidering some defenses against buffer overflow attacks although with some performance drawbacks.

I appreciated it more on reading it the second time after doing Project 1.  Well, learning by experiencing (that is doing it first hand), is still the best way to realize the importance of it. Now, I’m motivated to go deeper on other types of buffer overflow attacks since Project 1 only deals with type 1 (first).

On a second thought, although skeptic because of performance concerns, type-safe languages should be prioritized more in picking a base programming language for software development.

posted by ninoy in CS 253 and have No Comments

…on `CRS Report for Congress`

It is a lengthy yet informative reading. The reading reminds me of the `Love Bug` virus years ago. It discusses in detail different examples of crimes that can be committed involving computers and network.

I really feel fortunate that I took my computer science here in UP. I believe that `education` really plays a big role regarding having a sense of responsibility as a programmer. Having taught computer ethics and knowing the consequences for such illegal act of hacking somehow puts me a limit. Although the reading was somehow too negative to `hackers` and I disagree, I consider them (`hackers`) to be nicer ones. They maybe just misguided but not really bad after all. Browse the internet and you’ll find out that authors and contributors to well known open-source softwares are hackers. Frankly as part of the academe, if I found something that detriments learning and impedes flow of information (that in the first place I believe that information should be always be free), I would engage in hacking (if I knew hacking after all) but I’d rather not do if it will hurt someone.

All in all, the reading made me realize to accept the fact that the moment you connect to the internet, you will never be safe. So, my preventive measures include: i) as part of my awareness, I read, read and read; ii) I always update my OS and softwares for patches; iii) although skeptic of anti-viruses, I have installed one; iv) if I can’t live for hours without internet I always enable my firewall otherwise I disconnect from internet; v) I always take caution on opening and replying to suspecting mails especially spam mails and I only visit known websites.

posted by ninoy in CS 253 and have No Comments