This preview shows page 1. Sign up to view the full content.
Unformatted text preview: his or any other method to gain unauthorized access to a system. Breaking into computer systems is like breaking into a building—it is a criminal act even when the perpetrator does not have malicious intent. We give this problem for two reasons. First, it requires a deep understanding of machine-language programming, combining such issues as stack organization, byte ordering, and instruction encoding. Second, by demonstrating how buffer overﬂow attacks work, we hope you will learn the importance of writing code that does not permit such attacks.
Aside: Battling Microsoft via buffer overﬂow In July, 1999, Microsoft introduced an instant messaging (IM) system whose clients were compatible with the popular AOL IM servers. This allowed Microsoft IM users to chat with AOL IM users. However, one month later, Microsoft IM users were suddenly and mysteriously unable to chat with AOL users. Microsoft released updated clients that restored service to the AOL IM system, but within days these clients no longer worked either. AOL had, possibly unintentionally, written client code that was vulnerable to a buffer overﬂow attack. Their server applied such an attack on client code when a user logged in to determine whether the client was running AOL code or someon...
View Full Document