His little tool found 120 vulnerabilities in IE alone... I'd like to see this thing generalized to test all the other browsers as well!"Polish Google security white hat Michal Zalewski has announced concerns that one of a hundred vulnerabilities his fuzzer tool found in IE is well known to third party hackers in China. His simple explanation provides an interesting counter argument to Microsoft's usual request that security problems not be released until they can slowly investigate them. From the article, 'Microsoft asked Zalewski to delay cross_fuzz's release, but he declined, in part because of his fear the IE vulnerability was already being explored by Chinese hackers, but also because the company's security experts had not responded to information he provided.' You can read about and download cross_fuzz for your own use."
MS Asks Google To Delay Fuzzer Tool
Moderator: Moderators
-
Sabre
- DCAWD Founding Member
- Posts: 21432
- Joined: Wed Aug 11, 2004 8:00 pm
- Location: Springfield, VA
- Contact:
MS Asks Google To Delay Fuzzer Tool
/. story
Sabre (Julian)
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
-
complacent
- DCAWD Founding Member
- Posts: 11651
- Joined: Sun Aug 29, 2004 8:00 pm
- Location: near the rockies. very.
- Contact:
Re: MS Asks Google To Delay Fuzzer Tool
fuzzing. it's almost like a meme within a meme.
can't knock it's potential.
can't love the methodology.
can't knock it's potential.
can't love the methodology.
colin
a tank, a yammie, a spaceship
i <3 teh 00ntz
a tank, a yammie, a spaceship
i <3 teh 00ntz
-
thermatico
- Yugo owner
- Posts: 281
- Joined: Mon Oct 11, 2010 8:23 pm
Re: MS Asks Google To Delay Fuzzer Tool
There were a couple of links. I think he tested against Chrome, Opera, Firefox, Safari, & Internet Explorer. They all got pwned.Sabre wrote:/. storyHis little tool found 120 vulnerabilities in IE alone... I'd like to see this thing generalized to test all the other browsers as well!"Polish Google security white hat Michal Zalewski has announced concerns that one of a hundred vulnerabilities his fuzzer tool found in IE is well known to third party hackers in China. His simple explanation provides an interesting counter argument to Microsoft's usual request that security problems not be released until they can slowly investigate them. From the article, 'Microsoft asked Zalewski to delay cross_fuzz's release, but he declined, in part because of his fear the IE vulnerability was already being explored by Chinese hackers, but also because the company's security experts had not responded to information he provided.' You can read about and download cross_fuzz for your own use."
-
Sabre
- DCAWD Founding Member
- Posts: 21432
- Joined: Wed Aug 11, 2004 8:00 pm
- Location: Springfield, VA
- Contact:
Re: MS Asks Google To Delay Fuzzer Tool
Crap, I should have read it closer! For good Chrome flaws, I know Google was offering up some $$$.thermatico wrote:There were a couple of links. I think he tested against Chrome, Opera, Firefox, Safari, & Internet Explorer. They all got pwned.
Sabre (Julian)
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.