Vulnerability Development mailing list archives
Re: New Binary Bruteforcing Method Discovered
From: Liedtke Goetz <goetzliedtke () yahoo com>
Date: Wed, 27 Mar 2002 13:29:23 -0800 (PST)
pr0ix () hushmail com wrote:
I would like to defend myself on this matter. Yes, I did write this code.
and
I, the great pr0ix, have discovered a new technique for bruteforcing
local suid binaries on any *nix operating system, which uncovers all exploitable bugs in the application.
while
On Tue, 26 Mar 2002 14:15:11 -0500, David Rhodus
<sdrhodus () wildcatblue com> wrote:
You didn't write this code. This has been passed around for over a year now.
and even mixter weighed in, all of which caused me much amusement. Oddly enough, the whole concept of "fuzz" testing was pioneered (although we didn't think it was important enough to tell anyone) 20+ years ago. We called it "do a faceplant or smash your hand across the keyboard and see if the application crashes". Folks, this is nothing new or original. The shared library concept is somewhat original, but it may miss application layer stupidity. This type of testing has been a discussion point of computer scientists since before most of you were born - how does one test applications without testing every possible path? See Michael Zalewski's erudite discussion on this problem in another posting. It is fascinating to me how the testing world (which is quite old in Internet time, predating as it does the Internet) and the vulnerability assessment world are converging. Unfortunately, the vulnerability assessment world is trying to relearn every lesson and reinvent every wheel. Paraphrasing "Read a Book" - "Read the Research". Learn from what others have done before you. Goetz Liedtke __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/
Current thread:
- New Binary Bruteforcing Method Discovered pr0ix (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 26)
- Re: New Binary Bruteforcing Method Discovered David Rhodus (Mar 26)
- <Possible follow-ups>
- Re: Re: New Binary Bruteforcing Method Discovered pr0ix (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Liedtke Goetz (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Charles 'core' Stevenson (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michael Wojcik (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 28)
- Re: New Binary Bruteforcing Method Discovered Blue Boar (Mar 28)