Secure Coding mailing list archives
COBOL Exploits
From: jericho at attrition.org (security curmudgeon)
Date: Fri, 2 Nov 2007 12:45:00 +0000 (UTC)
Hi Mark, : The adolescent minds that engage in "exploits" wouldn't know COBOL if a : printout fell out a window and onto their heads. I'm sure you can write : COBOL programs that crash, but it must be hard to make them take control : of the operating system. COBOL programs are heavy into unit record : equipment (cards, line printers), tape files, disk files, sorts, merges, : report writing -- all the stuff that came down to 1959-model mainframes : from tabulating equipment. They don't do Internet. What they could do : and have done is incorporate malicious code that exploits rounding error : such that many fractional pennies end up in a conniving programmer's : bank account. I'd love for you to show me such exploits, specifically citing the OS and/or affected programs *with* a public reference. =) http://osvdb.org/ "Search" Disclosure Date Range: 1960-01-01 to 1979-01-01 Please, help me add to the collection =) Many of these were uncovered by my own personal interest/research along with a few contributers to my challenge to find the oldest documented vulnerability: http://osvdb.org/blog/?p=77 Brian
Current thread:
- COBOL Exploits Mark Rockman (Nov 01)
- COBOL Exploits security curmudgeon (Nov 02)
- COBOL Exploits ljknews (Nov 02)
- COBOL Exploits Leichter, Jerry (Nov 02)
- COBOL Exploits Kenneth Van Wyk (Nov 02)
- <Possible follow-ups>
- COBOL Exploits Peter G. Neumann (Nov 02)
- COBOL Exploits Andrew van der Stock (Nov 17)