I still feel we will see a shift to more “low tech” ways of breaking into networks down the road.  In the next 5 to 7 years things like buffer overflows will disappear.  But people never change. Hackers will do more social engineering and resort to tactics like the security auditor that dropped all those USB drives in the place that people take their coffee breaks. It was amazing how many picked them up and plugged them into their computers.  You have to think like a thief.

 I know of one person that will go a little too far in my opinion. When he does a total security audit, he will try to ask the secretary out on a date! He feels he can get that person to give up sensitive info.  Hey Mr. Phoenix, and you know who you are and if you reading this, stop that crap, lol! 

 I used to look down a little at Kevin Mitnick because he is doing all his security training on the social engineering level.  I foolishly thought it was because he lacked skill. Now I realize how brilliant he is.  If I can code a kernel root kit that anti-virus cant detect and get some unsuspecting employee to install it, I have total access to their network very easily.  Why bother with trying to write an exploit? If anyone here reading this has done it, well you know what is involved and the time!  Currently, crypting a Trojan is much easier. Do you know what that means? All your firewalls, etc have no value at that point. Only the most attentive admin will see it.  To me, without question, this is where we will see most hacks into sensitive networks.

People would be amazed if they knew half the things the government does and or is capable of. I am not saying that "Enemy of the State" or anything like that is close but, I do not feel that it is too far off. Anyone heard of Google Earth? Yeah check out your neighborhood on their sometime. You can pull up parts of Iraq, Afghanistan, Pakistan, China, you get the point anywhere that the military is looking for "people" about 3 months later you get these images. Because Google using some of the same sats.
What if I told you about a glove that could revitalize and even make you 10 times "stronger". Fact or Fiction. FACT
I am a medic and have seen a glove that runs on the concept of keeping your core cooled(Same premise as a CPU). I have seen people near exhaustion after running 5 miles put this glove on and go another 20.
Just goes to show SCI-FI is not too far off.

I agree that in 2-3 years it will probably be possible to mitigate nearly all (if not all) BOF attacks IF you are using a modern system and IF all your software and hardware has been designed/compiled with all available security features. But I think that new BOFs will be discovered in many third party applications and in OSs that don't yet support all available security features for several years beyond that.

Also consider some of the recent BOF exploits that have been circulating for OpenBSD (probably the most secure OS out there) and Vista ("the most secure OS from Windows to date", as many people have stated and I am inclined to agree with). Between them, they implement/support most, if not all, of the protection mechanisms listed by oleDB. In the last month or so, remote BOFs have been discovered and exploited in both of those systems (the ANI exploit for Windows, and OpenBSD's IPv6 exploit).

You also have to consider Mac systems which have (to my knowledge) practically no built in protection mechanisms against BOFs, and Linux systems with 2.4 kernels (stack protection wasn't enabled by default in the Linux kernel until 2.6.12 I believe). Heck, Debian 3.1 still uses the 2.4 kernel, although I think it does have an option to install 2.6 as well. For Windows systems, there is still plenty of software circulating that isn't compiled with the /GS and /SAFESEH features, rendering these protections null and void.

With the exception of safe SEH, I know that all of the suggestions listed by oleDB for preventing BOFs have already been circumvented. Not to say they are bad ideas, in fact they are all excellent ideas and most of the reasons they were circumvented were due to poor implementation, but regardless, they still have not been 100% successful. I think we still have a way to go before rendering the good old BOF completely obsolete, although it is becoming harder and harder to exploit them.