Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Fuzzing produces a bug a day for July
Published: 2006-07-06

Vulnerability researcher HD Moore pledges to post a browser bug every day this month to enlighten software makers and security managers to the threats posed by data fuzzing tools.

Moore, the founder of the Metasploit Project, has experimented with browser fuzzing for several months. A fuzzer, or fuzzing tool, systematically changes the data sent to an application--in this case, a browser--to see whether the software correctly handles corrupted input. Moore's experiments found dozens, if not hundreds, of security flaws in the most common browsers.

After notifying browser makers of many of the issues and warning developers to run the three different fuzzing tools he tested, Moore has decided to release a security flaw every day to raise awareness.

"This information is being published to create awareness about the types of bugs that plague modern browsers and to demonstrate the techniques I used to discover them," he said in a post to his blog.

As of Thursday, Moore has released descriptions of six security flaws: four in Microsoft's Internet Explorer browser, one in the open-source Firefox browser, and one in Apple's Safari browser.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Fuzzing in earlier days 2006-07-07
Dick Rawson
Fuzzing produces a bug a day for July 2006-07-07
infamous41md (1 replies)







 

Privacy Statement
Copyright 2009, SecurityFocus