Re: The Week of Oracle Database Bugs

[Jared DeMott <demottja () msu edu>]

greets Sinan!
> I don't think there could be anything special or uber cool about a
> fuzzer.
Interesting.  To say the least my hat goes off to the security/app dev
community as a whole, because it seems that fuzzing is a fairly well
understood action these days.  Most know that passing a fuzz test
doesn't == secure app, but it likely does mean we've cleared out the low
hanging fruit, assuming we have a decent fuzzer for whatever we're testing.

That said, I think there's still a lot of people fuzzing for both
security and exploit research.
> I always assume there are millions out there that write better and
> thousands more lines of C/python/ruby code than me every single day.
> They have much more free time in their hands and the usual academic
> buzz words (genetic algorithms etc.) to ponder on all day. OULU being
> the prime example.
ya, I hear ya bro -- creating the next generation of fuzzers is no easy
task!!
> There is no point in me targeting their share of the fish so instead
> as somebody with tiny resources would, I go for the deep sea fish
> which they never ever seem to catch with their sweeps since they don't
> reach deep enough.
I'd like to chat more with you offline on your methodology.
> It would be naive to think that you can outsmart all that lot and hunt
> with similar tools and still believe it is uniquely yours.
Hmm... great discussion!
> cheers,
> sinan

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave