2.4 Lessons Learned
As a programmer:
Never trust user input (this includes file data, network data, etc.).
Never use unvalidated length or size values.
Always make use of the exploit mitigation techniques offered by modern operating systems wherever possible. Under Windows, software has to be compiled with Microsoft’s Visual C++ 2005 SP1 or later, and the appropriate compiler and linker options have to be used. In addition, Microsoft has released the Enhanced Mitigation Experience Toolkit,[20] which allows specific mitigation techniques to be applied without recompilation.
As a user of media players:
Don’t ever trust media file extensions (see Section 2.5 below).
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.