Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

Recent fuzzing feedback

October 22, 2007

I recently received some welcome/solicited feedback on my MSDN magazine fuzzing article (http://msdn.microsoft.com/msdnmag/issues/07/11/FUZZTesting). This is from Charlie Miller, who gave an in-depth fuzzing seminar at ToorCon this past Friday:

"So in the MS word file fuzzer example, you describe creating random files to parse. If you do this, I guarantee that 100% of them will fail to open, as they will not contain any structure of a word file. You should describe the mutation based fuzzing I described, i.e. start with a valid file and make some random changes to it."

The blurb for Charlie’s talk is here - http://www.toorcon.org/2007/event.php?id=60.

Thanks!

Search:

Archives

Recent Posts

• Inflatable satellite dish
• Microsoft Effective Security Practices whitepapers
• Microsoft Security Awareness Toolkit
• Security B-sides anti-conference
• What If Bill Gates Never Wrote the TwC Memo?

RSS Feed

Blogroll

Security Focus: