Now and Then: Anatomy of a buffer overflow

Today, Kevin Poulsen posted "How A Buffer Overflow Works" on Threat Level. It includes a simplistic flash animation that kind of helps one grasp what's going on with a buffer overflow... although I'd hesitate to call it "kid-friendly".

In the hacking culture, exploiting buffer overflow vulnerabilities was known as "Smashing The Stack", as stack-based overflow exploits were (and likely still are) the most common buffer overflow vulnerability and among the easiest to exploit.

Kevin's article and the accompanying animation reminded me of a piece of work that is both antique (as far as computer history is concerned) and relevant. Phrack 49 was published in 1996, and it included an article by Elias Levy (under the handle of Aleph One) entitled "Smashing The Stack For Fun And Profit"

It's practically required reading for people dealing with application security; It's just as useful for developers as it is for penetration testers and security researchers. Seriously, go give it a read. It's a long one. All the while, keep in mind that it was released nearly 13 years ago. That even puts my own work into perspective. Phrack 49 was released just as I was myself trying to rally the writers who put together the very first bits of content that got HiR off the ground in its original eZine format.

Damn, I feel old now.