This preview shows page 1. Sign up to view the full content.
Unformatted text preview: out the client bug and AOL’s exploitation of it ﬁrst came out when someone posing to be an independent consultant by the name of Phil Bucking sent 172 CHAPTER 3. MACHINE-LEVEL REPRESENTATION OF C PROGRAMS
a description via email to Richard Smith, a noted security expert. Smith did some tracing and determined that the email actually originated from within Microsoft. Later Microsoft admitted that one of its employees had sent the email . On the other side of the controversy, AOL never admitted to the bug nor their exploitation of it, even though conclusive evidence was made public by Geoff Chapell of Australia. So, who violated which code of conduct in this incident? First, AOL had no obligation to open its IM system to non-AOL clients, so they were justiﬁed in blocking Microsoft. On the other hand, using buffer overﬂows is a tricky business. A small bug would have crashed the client computers, and it made the systems more vulnerable to attacks by external agents (although there is no evidence that this occurred). Microsoft would have done well to publicly announce AOL’s intentional...
View Full Document