[fuzzing] MoKB take?
Charlie Miller
cmiller at securityevaluators.com
Tue Nov 7 08:28:26 CST 2006
My take on this is that any type of data that is read in and parsed by
an application can be fuzzed. I also think that fuzzing can only find
certain types of vulnerabilities, i.e. relatively simple memory
corruption bugs. Luckily, there are plenty of these around. (Good luck
finding a command injection vulnerability or a bug that requires three
different simultaneous anomalies.) I think smart researchers, like
these guys, move on to fuzzing new types of data, be it new protocols,
file types, etc. It doesn't make a lot of sense to fuzz the HTTP
protocol against IIS at this point, as very many people have done this
with a number of tools. Based on the success of this project, I'm
guessing they are the first ones to seriously try fuzzing filesystems.
Hats off to them for that. After those bugs are shaken out, we'll move
on to the next type of data. (This is reminiscent of when everyone
fuzzed network protocols and then someone started fuzzing file types)
If I knew what the next new thing to fuzz was, I'd be doing it right now :)
Charlie
More information about the fuzzing
mailing list