Dailydave mailing list archives
Here's where I call them "retarded"
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 27 Apr 2006 23:08:03 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.securityfocus.com/news/11389/1 <--without VC money you can say things like that in print. I think there should be a maximum of 50K "damages" for any basic 'or 1==1;' SQL Injection bug found. Isn't that how much WebInspect/Appscan go for these days? Hmm. You can get the trial for free, right? So maybe the cost of "finding and fixing" the bug should be zero dollars and they should let the dude off based on triviality and the less than $5000 "go find more child porn instead of ruining this dude's life" rule. I spent some time mucking around with mz's latest MSIE bug. So far, so much null pointer exception fun, with regards to setting a container StyleSheet to null and then forgetting to check the return value from CStyleSheet::GetRootContainer() in CChangeStatus(). Doesn't mean it's not exploitable yet. Just not easy, like he said. There's some wacky GetLookahead() stuff in CStyleElement::Notify() I don't understand yet there as well and if it's an un-initialized variable bug that's where I'd expect to dig into. The weird thing is this: mz clearly has a much better fuzzer than Microsoft does. One thing Microsoft has that mz doesn't have is a billion dollars. Here's my suggestion: make IE security the top priority for MS by giving mz one billion dollars for his fuzzer. Maybe he'll settle for 500 million. :> I guess the interesting lesson learned here is that fuzzers are wildly different - and they are an interesting reflection on people's personalities. The more different your own personality is, the more different the bugs your fuzzer will find. So your fuzzer is only as valuable as your eccentricities. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEUYcTtehAhL0gheoRAttDAKCHW1ojhT1OR7B/epKd0CFYjYR/FwCff1dP GYE1RJcmbhJ3lEtPsJZ5pXI= =U2Df -----END PGP SIGNATURE-----
Current thread:
- Here's where I call them "retarded" Dave Aitel (Apr 27)