Interesting article from The Register:
Browser crashers warm to data fuzzing | The Register
Last month, security researcher HD Moore decided to write a simple program that would mangle the code found in web pages and gauge the effect such data would have on the major browsers. The result: hundreds of crashes and the discovery of several dozen flaws.
Fuzzing is an interesting concept. Basically, you throw random code at an application and see what crashes it. This technique has been used with network protocols and network hardware for a while now, but turning it on browsers is a relatively new development.
Despite what you may think, while a preponderance of stablity flaws found were in Internet Explorer, there were several found in other browsers. The article doesn’t specify what vulnerabilities were found in which browsers, but Microsoft of course is hedging for now. They know that the wind of public opinion is directly aimed at thier faces, and they’re going to “look into it.” In fairness, there hasn’t been an outbreak of anything particularly nasty in a while in terms of Microsoft vulnerabilities.
But what new dangers lie just below the surface that will be found by some enterprising young hacker looking to make his mark? Time will tell, and it seems sooner rather than later with this new technique in play. . .
One Response to ““Fuzzing” the Security Flaws out”
Leave a reply
- Election NewsPhoto: MSNBC.com
||Tim Geithner has been in the thick of the economic collapse fight for a long time, already a low-level member of the Bush Administration. How will he juggle between the new Admin's goals and the old Admin's complacency?Related News:
Discuss This! || 
Get the Feed
A Tribute to John Lennon
In my Internet wanderings I've just stumbled upon "I Dig a Pygmy: A Tribute to John Lennnon" - a piece of "live musique concrète" whose sound sources consisted entirely of the utterances and recordings of John Lennon and the Beatles. The piece was composed and performed by Paul D. Lehrman, who's works include projects for PBS, the Learning Channel and the Discovery Channel to name a few. You can watch his video performance and read the composition notes . . . More. . . ||
Get the Feed
The Blogs:
Stay Connected!
Recent Comments
- Veteran Experiments: Because Monkeys are Expensive (1)
Warren Wells: Thanks for your article. I have cited it at www.vavictims.com Thanks again. Warren
- Yu-Gone (2)
Thomas Belknap: Indeed. Point taken.
david: No need to imagine it. Oldsmobile.
- I’m Worried About Starbucks (1)
Jamie P: I absolutely feel your pain. I used to love Spot and Boulder coffee for both the flavor and the cozy...
- Ralph Nader: Racist Douchebag (11)
Handsome Pete: sull, If Nader is progressive politics, progressive politics is in HUGE trouble. I have no doubt...
- Veteran Experiments: Because Monkeys are Expensive (1)
-
Get Your Gravatar!
Gravatars are:
G-lobally
R-ecognized
Avatars.
Get one today, and they'll show up on my site and many more sites you comment on!
Unemployed Workers Moving Toward Part Time Work as Jobs Thin || Reuters.com
Fed Lends Billions to Banks, Largely Ignored by Media || MSNBC.com
Power Authorities Seeing Significant Drops in Household Energy Consumption || WSJ.com
Washington Mutual Slashing 1,600 Jobs by December 1st || CNN Money
Rochester Jobless Rate Wobbles, Improves in October || Rochester Business Journal- Get the Feed
[...] I’m not sure if this is just related to a lack of proper bug-checking in JavaScript/FF code, or if it’s a result of the new “Fuzzing” techniques recently employed to scan apps for vulns. [...]