[SC-L] COBOL Exploits
security curmudgeon
jericho at attrition.org
Fri Nov 2 07:45:00 EST 2007
Hi Mark,
: The adolescent minds that engage in "exploits" wouldn't know COBOL if a
: printout fell out a window and onto their heads. I'm sure you can write
: COBOL programs that crash, but it must be hard to make them take control
: of the operating system. COBOL programs are heavy into unit record
: equipment (cards, line printers), tape files, disk files, sorts, merges,
: report writing -- all the stuff that came down to 1959-model mainframes
: from tabulating equipment. They don't do Internet. What they could do
: and have done is incorporate malicious code that exploits rounding error
: such that many fractional pennies end up in a conniving programmer's
: bank account.
I'd love for you to show me such exploits, specifically citing the OS
and/or affected programs *with* a public reference. =)
http://osvdb.org/
"Search"
Disclosure Date Range: 1960-01-01 to 1979-01-01
Please, help me add to the collection =) Many of these were uncovered by
my own personal interest/research along with a few contributers to my
challenge to find the oldest documented vulnerability:
http://osvdb.org/blog/?p=77
Brian
More information about the SC-L
mailing list