.Net Security Flaw Exposed | eWeek

.Net Security Flaw Exposed

Écrit par
Dennis Fisher
Dennis Fisher
Feb 14, 2002
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A security consulting company is warning that a security tool included in Microsoft Corp.s new Visual C++.Net compiler is flawed, but Microsoft officials say there is no flaw and that the tool works just as it was designed to.

The problem lies in the implementation of tool similar to StackGuard, a technology used in some versions of Linux that is designed to prevent buffer overflows. However, according to Gary McGraw, chief technology officer at Cigital Inc., a security consulting firm in Dulles, Va., the /GS security check tool doesnt protect native code written with the compiler as well as it should.

“If developers rely on this when they produce native code, theyll have a false sense of security in what theyre writing,” said McGraw. The problem should not affect managed code developed for .Net.

McGraw said Cigital notified Microsoft, based in Redmond, Wash., of the problem, and that the company acknowledged the issue.

The controversy comes at a critical time for Microsoft, which is in the process of rolling out its highly publicized .Net Web services initiative.

Bill Gates, chairman and chief software architect, recently declared security to be Microsofts highest prioritydeclared security to be Microsofts highest priority and has imposed a ban on new code-writing this month as developers comb through existing .Net and Windows programs searching for security problems.

The attack to which the compiler is vulnerable was outlined nearly two years ago in Phrack Magazine, the venerable hacker publication.

McGraw praised Microsoft for its recent effort to refocus its resources on developing secure code and said he believes the company is sincere in its desire to improve its security. However, he said some of the efforts may be misplaced.

“Microsoft seems to be doing the right thing,” he said. “This is a pretty sophisticated attack, but there are better things to do than stick [StackGuard] in there.”

StackGuard is the brainchild of Crispin Cowan, co-founder of WireX Communications Inc., which sells the Immunix secure distribution of RedHat Linux.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.