Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

ie fuzz prevention

From: "matthew wollenweber" <mwollenweber () gmail com>
Date: Thu, 30 Aug 2007 14:49:43 -0400
Today I decided to start fuzzing IE to prepare for an upcoming pen test. I
know the target has a small externally accessible attack surface, so
developing a nice IE exploit seemed like a good idea. This is my first time
fuzzing IE, and I'm immediately surprised by two things:

   1. How easy it is to get IE to throw a fault
   2. How ungodly slow IE loads fuzzed pages

While the first is good, when I play the evil bad guy, the second is quite
irksome. I think it might make a good talking point for MS, I mean Firefox
loads the pages about 10x as fast so fuzzing is much easier. I can see it
now, Microsoft: "Our web browser is so slow attackers can't exploit it".
Maybe slowness is Microsoft's new anti-hacker strategy. Vista is their "most
secure" OS and you can barely even surf the web while listening to music. I
think I see a pattern!!! :)

-- 
Matthew  Wollenweber
mwollenweber () gmail com | mjw () cyberwart com
www.cyberwart.com

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: