Outline for October 4, 2005

Reading: P. Festa, "The Root of the Problem: Bad Software," C|Net News.com (Nov. 28, 2001)

  1. Puzzle of the day
  2. Bad programming
    1. Fragile code (qlib example)
    2. Failing to (re)initialize (ftp root bug)
    3. Buffer overflows (fingerd bug, ident bug in sendmail)
    4. Numeric overflows (sendmail large integer flaw)

Puzzle of the Day

Many web sites, and other institutions, give you (or let you choose) a password or phrase to authenticate yourself. In case you forget that word or phrase, they ask you a question, usually one of "What is your mother's maiden name," what are the last four digits of your social security number," or "what is your address/zip code/phone number". If you answer correctly, you can reset your password. If you don't, the authentication fails.

  1. What are the good points about using questions as an alternate scheme for users who forget their passwords?
  2. What are the bad points?

Here is a PDF version of this document.