Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Binary Bruteforcing Method Discovered

From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 27 Mar 2002 17:23:20 -0500 (EST)
On Wed, 27 Mar 2002 mixter () 2xs co il wrote:


...what's related is what I talked about, using shared libs for pre-
reporting (I agree, a simple technique) which in turn helps to document
the external entry points (not always all) and focus on them.


I am not dismissing this idea :-) There is a lot of very good methods of
reconnaisance, analysis, etc, etc, but none of them will provide a
complete or even near-complete coverage of potential problems. This does
not mean we should stop using them, but we should certainly refrain from
making stupid claims (what the original poster did). As a matter of fact,
I am a frequent user of strace, ltrace and other run time tools, and even
authored one high-level project of this kind (Fenris, announced on
sectools a while ago). But I usually stay away from solutions marketed as
"total", "ultimate", "complete", "finds all...".


Would you say that human beings can theoretically solve this problem as
they can oversee all functions in source code (this problem seems to be
a white-box auditing issue to me...) and hence theoretically extrapolate
all states...?


Well, it is tricky ;-) People naturally look for formal, automated methods
of code analysis for two reasons: 1) humans make mistakes, 2) humans are
expensive and slow. Think about chess - there is just a very few players
in the world who can beat most powerful computers. Even they make
mistakes. And most of us are just average in this game, and will never win
with a powerful machine. The demand for affordable security is much higher
than the number of people with really excellent audit skills (and ones
that are will be really expensive to hire and will work for a very long
time on a huge project), plus there's no simple way to tell who is good
and who is not. For mission-critical applications it is not how many bugs
do you find, but how many bugs you miss :-)

AI in terms of simulating high-level conscious processes is not much
closer to becoming a reality than it was 20 years ago.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/
Previous By Date Next
Previous By Thread Next

Current thread: