"In November 1988, many organizations had to cut themselves off
from the Internet because of the 'Morris worm,' which was a program
written by 23-year-old Robert Tappan Morris to attack VAX and Sun
machines. By some estimates, this program took down 10% of the
entire Internet. In July 2001, another worm named 'Code Red'
eventually exploited over 300,000 computers worldwide running
Microsoft's IIS Web Server. In January 2003, the 'Slammer' (also
known as 'Sapphire') worm exploited a vulnerability in Microsoft
SQL Server 2000 software, disabling parts of the Internet in South
Korea and Japan, disrupting Finnish phone service, and slowing many
U.S. airline reservation systems, credit card networks, and
automatic teller machines. All of these attacks--and many
others--exploited a vulnerability called a buffer overflow.
"An informal 1999 survey on Bugtraq (a mailing list discussing
security vulnerabilities) found that two-thirds of the participants
believed that the #1 cause of vulnerabilities was buffer overflows.
From 1997 through March 2002, half of all security alerts from the
CERT/CC were based on buffer overflow vulnerabilities.
"If you want your programs to be secure, you need to know about
buffer overflows and how to prevent them, the latest automated
tools to counter them (and why they aren't enough), and how to
counter them in your programs..."