TNX
Roberto Della Pasqua Http: www.dellapasqua.com Email/Msn: [EMAIL PROTECTED] Aol/Yahoo: DellaPasquaR Icq: 164672275 ------------------------------------- This e-mail and any attachment contain information which is privileged and confidential and is intended for the addressee only. If you have received this message but you are not the intended addressee, be advised that you are not authorized to read, copy or use this email or any attachment. If you have received this email in error, please destroy it and notify the sender by return email. Thank you. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francois PIETTE Sent: venerdì 20 gennaio 2006 18.42 To: ICS support mailing Subject: Re: [twsocket] ICS stack buffer overflow? > Is the latest ICS sure for overflow attacks? Yes, it is. But some application may not be secure if not correctly developed ! The application programmer _muust_ take care of many problems the component can't do for him. For example, if your application receive data and buffer incomming data waiting for a delimiter which will never come, then your application is subject to denial of service attack. Your application, not the component ! -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be ----- Original Message ----- From: "Roberto Della Pasqua" <[EMAIL PROTECTED]> To: "'ICS support mailing'" <twsocket@elists.org> Sent: Friday, January 20, 2006 4:40 PM Subject: [twsocket] ICS stack buffer overflow? > Hi dear developers, > > Please check the thread in borland.public.delphi.non-technical (borland > nntp > server) > > First post: > > "Hi all, > > We know that by using the standart VCL functions it is impossible to > create > a stack overflow condition in delphi-written applications.But how about > Heap > > Based overflows?Last week I came across an exploit that exploits a Heap > overflow in ICS component suite.(if I remember it correctly).This type of > attack is as dangerous as stack overflow.(except generally it is more > difficult to implement an exploit).Well what should we think about these > kind of security problems while coding?I have not seen a detailed document > on the subject on how to avoid heap based overflows? > > Regards... " > > Is the latest ICS sure for overflow attacks? > > Roberto Della Pasqua > Http: www.dellapasqua.com > Email/Msn: [EMAIL PROTECTED] > Aol/Yahoo: DellaPasquaR > Icq: 164672275 > ------------------------------------- > This e-mail and any attachment contain information which is privileged and > confidential and is intended for the addressee only. If you have received > this message but you are not the intended addressee, be advised that you > are > not authorized to read, copy or use this email or any attachment. If you > have received this email in error, please destroy it and notify the sender > by return email. Thank you. > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be __________ Informazione NOD32 1.1372 (20060119) __________ Questo messaggio h stato controllato dal Sistema Antivirus NOD32 http://www.nod32.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be