Vulnerability Development mailing list archives
Re: New Binary Bruteforcing Method Discovered
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Tue, 26 Mar 2002 12:10:00 -0700
You also forgot Fuzz From Ben Woodward: http://fuzz.sourceforge.net/ And this will only uncover common things like buffer overflows, and length limited stuff like variables, what is needed is a much more intelligent tool that can also throw env. variables at it, format strings, etc, etc, until then this testing is useful, but extremely limited (mostly to "98% of vendor A's software crashed when we ran fuzz against it, 96% of vendor B's software crashed, therefore vendor B is better we think"). Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html
Current thread:
- New Binary Bruteforcing Method Discovered pr0ix (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 26)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 26)
- Re: New Binary Bruteforcing Method Discovered David Rhodus (Mar 26)
- <Possible follow-ups>
- Re: Re: New Binary Bruteforcing Method Discovered pr0ix (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Liedtke Goetz (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Charles 'core' Stevenson (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michael Wojcik (Mar 28)
- RE: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 28)
- Re: New Binary Bruteforcing Method Discovered Blue Boar (Mar 28)