Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Bug Squashed   (RSS)
Sorry, but there are no more tags available to filter with.

Spot the Bug - Feb 2, 2006

Great discussion on the last bug. For those of you that took a look at it, it dealt with insecure use of cryptography resulting in exposure to dictionary attacks. Here's a new one: class CDatabase { private: HANDLE m_hwndMutex; public: void InitDBConnection(void); Read More...
Posted Thursday, February 02, 2006 4:19 PM by rsamona | 6 Comments
Filed under:

Spot the Bug - Jan 5, 2006

Wow, we had great feedback on the last bug. Someone emailed me and said that the biggest bug was the blue font on the black background. :) Here is another fun bug - Courtesy of Neelay Shah, Consultant, Foundstone class CUserManager { public: void CreateLogin(String Read More...
Posted Thursday, January 05, 2006 7:26 PM by rsamona | 23 Comments
Filed under:

Spot the Bug - November 28, 2005

Some people commented that the last bug was too easy, and it was, but buffer overruns are still common enough that I wanted to send the point home. This one is a bit more challenging. Courtesy of Neelay Shah, Consultant, Foundstone void Socket_Setup( Read More...
Posted Monday, November 28, 2005 6:34 PM by rsamona | 17 Comments
Filed under:

Spot the Bug - October 24, 2005

It has been a while since the last bug was up. We certainly had some great discussion around it. I will try to get more bugs up on the site on a regular basis to keep everyone on their toes at all times :-) Courtesy of Neelay Shah, Consultant (Foundstone) Read More...
Posted Monday, October 24, 2005 8:34 PM by rsamona | 14 Comments
Filed under:

Spot the Bug - August 31, 2005

It's been a little while since we've had a new bug up. We had some good feedback on the last one. Here is a shorter one: Courtesy of Shanit Gupta, Consultant (Foundstone) try { ElevatePrivilege(); ReadSecretFile(); LowerPrivilege(); } catch(FileException Read More...
Posted Wednesday, August 31, 2005 6:13 PM by rsamona | 15 Comments
Filed under:

Spot the Bug - August 16, 2005

If you haven't taken a look at the solution to the last bug, please do so. There were 4 bugs in that short chink of code -- all of which are found in Visual Studio 2005! One is issued as a compiler warning and the other 3 are found by PREfast. Here is Read More...
Posted Tuesday, August 16, 2005 7:42 PM by rsamona | 9 Comments
Filed under:

Spot the Bug - August 14, 2005

I created this bug a couple of weeks ago for a conference I spoke at to illustrate how so few lines of code could be so buggy. Where's the bug here? char dest[50], src[100]; int x, y; if (x=1) { strcpy(dest,src); dest[50] = '\0'; } return y; Solution: Read More...
Posted Sunday, August 14, 2005 11:02 PM by rsamona | 9 Comments
Filed under:

Spot the Bug - August 4, 2005

I think the last bug stumped a few people. Can you find the security vulnerability in this one? Courtesy of Neelay Shah, Consultant, Foundstone #define STD_HASH_LEN 11 #define MAX_HASH_LEN 31 char * strPassHash = (char*)malloc(sizeof(char)*STD_HASH_LEN); Read More...
Posted Thursday, August 04, 2005 4:41 PM by rsamona | 5 Comments
Filed under:

Spot the Bug - July 27, 2005

Alright all, here is the next bug. This one is courtesy of Mike Howard. __ declspec ( noinline ) void * AllocBlocks(size_t cBlocks) { // allocating no blocks is an error if (cBlocks == 0) return NULL; // Allocate enough memory // Upcast the result to Read More...
Posted Wednesday, July 27, 2005 11:31 PM by rsamona | 2 Comments
Filed under:

Spot the Bug - July 23, 2005

The first bug was just a warm-up and people were asking for a more difficult bug. What's wrong with this chunk of code, and better yet, how do you fix it? Courtesy of Shanit Gupta, Consultant, Foundstone private HttpCookie SessionIdentifier () { HttpCookie Read More...
Posted Saturday, July 23, 2005 12:37 PM by rsamona | 11 Comments
Filed under:

Spot the Bug - July 18, 2005

Alright all - here is the bug for July 18. This should be an easy one to find. Any takers? :-) #define MAX (50) char szDest[MAX]; strncpy(szDest,pszSrc,MAX); pszDest[MAX] = '\0'; Solution: Nice job on this one, everyone! As most of you found out, there Read More...
Posted Monday, July 18, 2005 1:33 PM by rsamona | 18 Comments
Filed under:

Spot the Bug - July 5, 2005

We are launching a new section to the MSDN Developer Security Center called spot the bug. This allows you the see if you have what it takes to find a security vulnerability. This will be up on the MSDN Security Developer Center shortly, but in the meantime, Read More...
Posted Monday, July 04, 2005 1:03 PM by rsamona | 1 Comments
Filed under:
 
Page view tracker