BYTE.com
RSS feed
Archives
Columns
Features
Print Archives 1994-1998
Special
Michael Abrash's Graphics Programming Black Book
101 Perl Articles
About Us
Write to BYTE.com
Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
Email Address
First Name
Last Name




 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE    
BYTE.com > Chaos Manor > 2003

A Flashback to the Language Wars

By Jerry Pournelle

November 24, 2003

(A Flashback to the Language Wars :  Page 1 of 1 )



Column 280 (Continued from the Previous Week)

SQL Injection Attacks

One of the Microsoft Professional Developers Conference sessions was on known security vulnerabilities, not just in Microsoft products, but across the computer world. All of those shown have been found and in theory eliminated, but some of them were frightening.

As an example, they showed a SQL database dummied from a real one. This one held book reviews and ratings. With a few operations they were able to show us how all the ratings for books by particular authors could be inflated, and words like "not recommended" turned into recommendations; while rival works were given bad reviews. All this was done from outside the data base by SQL injection attacks. Most of those holes were generated by buffer overflows; more on those later.

But entire databases can be copied, or altered, or both; and once again the commercial incentives for attacks like that are quite high. These aren't just hacks for self esteem any longer.

The Insecure Future?

Years ago I wrote about a future in which everything was smart and it was all connected together. I mused that your refrigerator would natter with your toaster about your bank balance, and your new car might telephone you at the supermarket to ask if you really wanted to buy that expensive wine given that the car payment was due and your bank balance was low.

That's all happening now. You can buy a refrigerator with an IP address. UPS systems have long had IP addresses. Smarter VCRs and DVD players have embedded computing systems. TiVo and Replay devices have or can be given Internet access in order to update their program guides.

ITRON

The operating system in most of these devices is ITRON, which may be the most widely used operating system in the world even though most people have never heard of it. TRON, The Real-time Operating system Nucleus (of which ITRON is a sub-project), is a family of real-time embedded operating systems that have been around for almost 20 years; everything from cellphones to stereo components to microwave ovens runs one of the TRONs, and while BYTE.com > Chaos Manor > 2003

Dr. Dobb's Media Center

2008 International Mathematica Conference
Dr. Dobb's interviews Wolfram Research's Theo Gray, co-founder and Director of User Interfaces, and Roger Germundsson, Director of Research and Development, about the upcoming 2008 International Mathematica Conference.

How Do You Do Nightly Builds and Tests when there is No Overnight? Software Production in a Geographically Distributed Environment
Attend this Webcast and find out how to overcome common build-test-deploy challenges that affect all members of a distributed team, including: <ul> <li> Communication difficulties, because of time-zone and cultural differences</li> <li> Workflow challenges, like lack of documented procedures and build and test handoff problems</li> <li> Slow build and test cycles, broken builds, and other factors that hamper distributed team productivity</li> </ul> Thursday, September 25, 2005 " 11am PT / 2pm ET </p>
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE: Volume 2 - Heuristic Algorithms
The Best of BYTE: Volume 2 - Heuristic Algorithms
In this volume of Best of BYTE, we explore the emergence of some heuristic algorithms. Although we have only scratched the surface of this intriguing subject, we hope we've suggested the potential of the synthesis of heuristics and algorithms.

© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media Limited
Site comments: webmaster@byte.com
Web Sites: BYTE.com, dotnetjunkies.com, Dr. Dobb's Journal, SD Expo, Sys Admin, sqljunkies.com, Unixreview



MarketPlace
simple helix is the most trusted name in the hosting industry! Join us and host with the experts!
Sign Up & Get Full Access To The Definitive Online Book Collection With SkillSoft's Books24x7�.
Helps Employees Develop & Hone New Technical Programming Skills. Sign Up & Get Full Access.
Automatically capture customer crash data, no debugger required. Support for .NET, C++, OS X, Java.
Understand C/C++ code in less time. A new team member ? Inherited legacy code ? Get up to speed faster with Crystal Flow for C/C++. Code-formatting improves readability. Flowcharts are integrated with code browser. Export flowcharts to Visio.
Wanna see your ad here?
 

web2