Vulnerability Development mailing list archives
Re: New Binary Bruteforcing Method Discovered
From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 27 Mar 2002 17:23:20 -0500 (EST)
On Wed, 27 Mar 2002 mixter () 2xs co il wrote:
...what's related is what I talked about, using shared libs for pre- reporting (I agree, a simple technique) which in turn helps to document the external entry points (not always all) and focus on them.
I am not dismissing this idea :-) There is a lot of very good methods of reconnaisance, analysis, etc, etc, but none of them will provide a complete or even near-complete coverage of potential problems. This does not mean we should stop using them, but we should certainly refrain from making stupid claims (what the original poster did). As a matter of fact, I am a frequent user of strace, ltrace and other run time tools, and even authored one high-level project of this kind (Fenris, announced on sectools a while ago). But I usually stay away from solutions marketed as "total", "ultimate", "complete", "finds all...".
Would you say that human beings can theoretically solve this problem as they can oversee all functions in source code (this problem seems to be a white-box auditing issue to me...) and hence theoretically extrapolate all states...?
Well, it is tricky ;-) People naturally look for formal, automated methods of code analysis for two reasons: 1) humans make mistakes, 2) humans are expensive and slow. Think about chess - there is just a very few players in the world who can beat most powerful computers. Even they make mistakes. And most of us are just average in this game, and will never win with a powerful machine. The demand for affordable security is much higher than the number of people with really excellent audit skills (and ones that are will be really expensive to hire and will work for a very long time on a huge project), plus there's no simple way to tell who is good and who is not. For mission-critical applications it is not how many bugs do you find, but how many bugs you miss :-) AI in terms of simulating high-level conscious processes is not much closer to becoming a reality than it was 20 years ago. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- Re New Binary Bruteforcing Method Discovered mixter (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Kurt Seifried (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Blue Boar (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: New Binary Bruteforcing Method Discovered mixter (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)
- Re: New Binary Bruteforcing Method Discovered Matthew G. Marsh (Mar 28)
- Re[2]: New Binary Bruteforcing Method Discovered dullien (Mar 29)
- Re: Re New Binary Bruteforcing Method Discovered John (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Jeff Schaller (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered John (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered mail; (Mar 27)
- Re: Re New Binary Bruteforcing Method Discovered Michal Zalewski (Mar 27)