From mboxrd@z Thu Jan 1 00:00:00 1970 From: ron minnich To: 9fans@cse.psu.edu Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [9fans] pathetic Date: Wed, 25 Feb 2004 08:26:01 -0700 Topicbox-Message-UUID: f5389814-eacc-11e9-9e20-41e7f4b1d025 this is a new "innovation" that is being shown at http://www.newscientist.com/news/news.jsp?id=ns99994696 " Until now, Intel-compatible processors have not been able to distinguish between sections of memory that contain data and those that contain program instructions. This has allowed hackers to insert malicious program instructions in sections of memory that are supposed to contain data only, and use buffer overflow to overwrite the "pointer" data that tells the processor which instruction to execute next. Hackers use this to force the computer to start executing their own code (see graphic). The new AMD chips prevent this. They separate memory into instruction-only and data-only sections. If hackers attempt to execute code from the data section of memory, they will fail. Windows will then detect the attempt and close the application. "Buffer overflows are the largest class of software vulnerabilities that lead to security flaws," says Crispin Cowan, of computer security company Immunix in Portland, Oregon. " golly. seperate I&D space. Which is an idea that is only about 40 or so years old (Burroughs 5500 ... or am I late even with that). Actually I'm puzzled anyway as the segment descriptors on x86 have code and data bits. I'd be willing to be the real issue is that XP uses the moral equivalent of self-modifying-code, and that now that XP is being cleaned up they can actually use those bits. But I'm guessing. I really love the PC world. The only reason they have not claimed invention of the wheel is that they don't need it yet. ron