Tagged Questions
2
votes
1answer
919 views
Is there any decompiled source code for the “Flame”/“Skywiper” malware?
When searching for the source for Stuxnet, its relatively easy to come by in one form or another. Although I'm actually curious if anyone has done any work to comment the source and perhaps clean up ...
0
votes
1answer
133 views
Which software scans software for potential vulnerabilities?
Is there any kind of parser-software-analysis tool that will analyze c code and outputs possible vulnerabilities like buffer oveflows?
0
votes
4answers
743 views
Writing file shredder
I want to write a simple file shredder in c++, i.e. a program that deletes a file so that it is not recoverable. Would the following be a secure and correct way to do that?
(1) Open the file with
...
2
votes
2answers
157 views
vulnerable getlogin
I was reading "A taxonomy of Coding Errors" and I have a doubt regarding the point mentioned in C/C++ >> API Abuse >> Often Misused: Authentication(getlogin).
I fail to understand the attack vector ...
10
votes
2answers
198 views
security implications of NULL dereference
Suppose we have code like this:
struct somedata {
int a;
int b;
};
struct somedata *data;
/* ... */
data = malloc(sizeof(struct somedata));
data->a = something;
Now, as you can see, NULL ...
15
votes
4answers
679 views
Does compiling from sources “kinda” protects from buffer overflow attacks?
While discussing buffers overflows, somebody told me that compiling your own binary for an application (with specific compilation flags) instead of using the "mainstream binary" makes it more ...
10
votes
7answers
1k views
Secure memcpy for pure C
Buffer overflows are nothing new. And yet they still appear often, especially in native (i.e. not managed) code...
Part of the root cause, is usage of "unsafe" functions, including C++ staples ...
7
votes
8answers
373 views
Topics for SecureCoding course in C
So I was asked to put together a syllabus for a series of courses on the basics of secure coding, for a programming team. Though the time constraints are a bit... constraining, I'm working around ...
