Re: CRIME Microsoft in the AV business?

From: Crispin Cowan (crispin@private)
Date: Sun Oct 12 2003 - 13:32:34 PDT

  • Next message: Microsoft: "CRIME [VIRUS] Use this patch immediately !" 

    Carter Ames wrote:

>I expect Microsoft to step up to the plate and manage
>my expectations about their product, and make them
>better as time goes along.  Granted, we are typically
>fighting things after they happen, but there's got to
>be a way to create a distributed application that runs
>random strings into open ports to test products. - 
>Take the Distributed.net concept.  Instead of looking
>for intelligence elsewhere in our solar system, how
>about trying to look for it here on earth?  (Please,
>no offense to Seti, I love it)
>
There are several packages that do that, all derrived from the original 
fuzz <http://www.cs.wisc.edu/%7Ebart/fuzz/fuzz.html> paper of 1990.

    * http://fuzz.sourceforge.net/
    * several fuzzing tools from @Stake:
      <http://www.atstake.com/research/tools/vulnerability_scanning/>
          o Tool:   COMbust
            <http://www.atstake.com/research/tools/vulnerability_scanning/COMbust.zip>
            Platforms:   Windows 2000, XP, ME, 2003 Version:   07.30.03
            Author:   Frederic Bret-Mounet   @stake COMbust is a tool
            for testing ActiveX/COM/DCOM components on the Windows
            platform. It enumerates the interfaces provided by the
            components and uses intelligent fuzzing to automatically
            exercise component functionality for testing. It can quickly
            find security vulnerabilities due to improper input validation.
          o Tool:   FuzzerServer
            <http://www.atstake.com/research/tools/vulnerability_scanning/FuzzerServer.zip>
            Platforms:   Linux and Win32 Author:   Ollie Whitehouse   An
            ideal tool for fuzzing response handlers within proxy
            servers and/or WAP gateways. By using your standard web
            browser and a fuzzserver, you can generate fuzzer-esq
            responses as a legitimate web server would attempting to
            discover common vulnerabilities such as format string or
            buffer/heap overflows in closed source applications.
            Fuzzerserver can be configured to send back standard HTML
            for proxy servers or WML for WAP gateways. For additional
            information, read the readme.txt located within the archive.
          o Tool:   SPIKE
            <http://www.atstake.com/research/tools/vulnerability_scanning/spike-v1.8.tar.gz>
            Version:   1.8 Platforms:   *nix Author:   Dave Aitel  
            SPIKE is a Fuzzer Creation Kit in C - basically an attempt
            to write a generic protocol API that is easy to use and
            reasonably complete. This version of SPIKE includes
            demonstration fuzzers that do web application and DCE-RPC
            (MSRPC) fuzzing. Also included is a web server NTLM
            Authentication brute forcer implemented with SPIKE.
          o Tool:   Sharefuzz
            <http://www.atstake.com/research/tools/vulnerability_scanning/sharefuzz1.0.tar.gz>
            Version:   1.0 Platforms:   *nix Author:   Dave Aitel  
            Sharefuzz is a local setuid program fuzzer which
            automatically detects environment variable overflows in Unix
            systems. This tool can be used to ensure all necessary
            patches have been applied, or used as a reverse engineering
            tool.

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

    This archive was generated by hypermail 2b30 : Sun Oct 12 2003 - 14:04:39 PDT