Dailydave mailing list archives
Re: The Week of Oracle Database Bugs
From: Jared DeMott <demottja () msu edu>
Date: Mon, 27 Nov 2006 14:46:17 -0500
greets Sinan!
I don't think there could be anything special or uber cool about a fuzzer.
Interesting. To say the least my hat goes off to the security/app dev community as a whole, because it seems that fuzzing is a fairly well understood action these days. Most know that passing a fuzz test doesn't == secure app, but it likely does mean we've cleared out the low hanging fruit, assuming we have a decent fuzzer for whatever we're testing. That said, I think there's still a lot of people fuzzing for both security and exploit research.
I always assume there are millions out there that write better and thousands more lines of C/python/ruby code than me every single day. They have much more free time in their hands and the usual academic buzz words (genetic algorithms etc.) to ponder on all day. OULU being the prime example.
ya, I hear ya bro -- creating the next generation of fuzzers is no easy task!!
There is no point in me targeting their share of the fish so instead as somebody with tiny resources would, I go for the deep sea fish which they never ever seem to catch with their sweeps since they don't reach deep enough.
I'd like to chat more with you offline on your methodology.
It would be naive to think that you can outsmart all that lot and hunt with similar tools and still believe it is uniquely yours.
Hmm... great discussion!
cheers, sinan
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: The Week of Oracle Database Bugs, (continued)
- Re: The Week of Oracle Database Bugs Evgeny Legerov (Nov 21)
- Re: The Week of Oracle Database Bugs ¯`· . _The Sun_ . ·´¯ (Nov 20)
- Re: The Week of Oracle Database Bugs Joel Eriksson (Nov 21)
- Re: The Week of Oracle Database Bugs dan (Nov 22)
- Re: The Week of Oracle Database Bugs Joanna Rutkowska (Nov 22)
- Re: The Week of Oracle Database Bugs dan (Nov 22)
- Re: The Week of Oracle Database Bugs pageexec (Nov 24)
- Re: The Week of Oracle Database Bugs Dave Aitel (Nov 27)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs sinan . eren (Nov 27)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs Dude VanWinkle (Nov 29)
- Re: The Week of Oracle Database Bugs Jeremiah Johnson (Nov 29)
- Re: The Week of Oracle Database Bugs Curt (Nov 29)
- Re: The Week of Oracle Database Bugs Olef Anderson (Nov 29)
- Re: The Week of Oracle Database Bugs Anthony_Lineberry (Nov 29)
- Re: The Week of Oracle Database Bugs L . M . H (Nov 29)
- Re: The Week of Oracle Database Bugs Joel Eriksson (Nov 21)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs Dragos Ruiu (Nov 22)