Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

Recent fuzzing feedback

October 22, 2007

I recently received some welcome/solicited feedback on my MSDN magazine fuzzing article (http://msdn.microsoft.com/msdnmag/issues/07/11/FUZZTesting). This is from Charlie Miller, who gave an in-depth fuzzing seminar at ToorCon this past Friday:

"So in the MS word file fuzzer example, you describe creating random files to parse. If you do this, I guarantee that 100% of them will fail to open, as they will not contain any structure of a word file. You should describe the mutation based fuzzing I described, i.e. start with a valid file and make some random changes to it."

The blurb for Charlie’s talk is here - http://www.toorcon.org/2007/event.php?id=60.

Thanks!

Search:

Archives

Recent Posts

• Cool new stuff for Windows developers, part 3: distributed caching (Velocity)
• Cool new stuff for Windows developers, part 2: SQL 2008 FILESTREAM
• Cool new stuff for Windows developers, part 1: Silverlight 2 + sockets
• Have you seen this cat? Because it is awesome.
• SharePoint RegEx Search: new release

RSS Feed

Blogroll

Security Focus: