I briefly corresponded with the author of the story and he was kind enough to give me some really nice insight into the history of the story.

EDIT:

This was years ago (2004). It was private correspondence so I didn’t want to paste it but looking back at the email, Dr. Nather actually says:

p.s. Post and/or publish any email from me, unless I ask otherwise.

So, I suppose I can post some of it.

Here we go, some snippets:

(I asked him if he still had contact with Mel)

I’ve lost track of Mel. I tried to Google his name, and was astonished to see the number of references to the article I wrote years ago, but nothing I could identify as recent. Sorry. Too many years, I guess.

(I lamented about the loss of the Good Old Days in all my angst of a 24 year old at the time)

It’s common to think the “good old days” were really great if you weren’t there at the time, and a lot of it was fun, but there was a whole lot that really wasn’t, too. That part tends to get brushed aside. Be of good cheer, Snoopy: hacking is easier now than it ever was – more of the fun, less of the tedium.

(in response to my asking if he had any other stories he was dying to get off his chest)

There is one that I don’t get to tell very often, since my audience rarely contains a professional programmer, and that I think should be preserved. While I was in San Diego Richard Hamming gave a talk at a meeting about programming – mostly about the error-correcting codes he invented, but he also addressed a hot topic of the day: Open vs. Closed Shop Programming. All the computers were run by Computing Centers, who had professional programmers on staff to write programs for the (poor, dumb) scientists who couldn’t do it themselves. There was a proposal to make this “Closed” shop a law of the land, otherwise a lot of (very expensive) computing time would be wasted by scientists messing up the process.

Hamming said that the Closed Shop was the best way he knew of to get a carefully written, code-efficient, well documented program that solved the wrong problem. He also said that he sometimes wrote a program and never ran it on a computer – just the discipline of programming was enough to get him the answer he was looking for.

Later, of course, as upstart groups began to get their own computers, the question resolved itself. Now scientists learn to program as a matter of basic training, as they once learned to work a slide rule.

The new computer had a one-plus-one addressing scheme, in which each machine instruction, in addition to the operation code and the address of the needed operand, had a second address that indicated where, on the revolving drum, the next instruction was located.

In modern parlance, every single instruction was followed by a GO TO! Put that in Pascal’s pipe and smoke it.

– The Story of Mel

Pretty crazy! I’m sure glad we don’t do anything like that any more.

More specifically, the attacker first finds usable gadgets in the victim binary. She then uses a buffer overflow vulnerability to write a sequence of addresses of gadgets into the victim program stack. Each gadget performs some computation before executing a return instruction. The return instruction takes the return address from the stack, and because the attacker control this address, the return instruction effectively jumping into the next gadget in the chain.

– Spectre Attacks: Exploiting Speculative Execution

Everything old is new again.