Feeds

Browser crashers warm to data fuzzing

IE under attack

Website security in corporate America

Security researchers have targeted browsers with fuzzing tools in the past. In 2004, Michal Zalewski released a tool that mangled HTML code and produced frequent crashes on browsers other than Microsoft's Internet Explorer. Another researcher, Shane Hird, targeted the Windows Component Object Model (COM) and ActiveX controls using a fuzzer, finding other security issues with Internet Explorer.

"For the most part, security people have stayed away from browser bugs," Moore said. "You can't go into a company at three in the morning and exploit all their desktops. You have to have the user involved."

Browser flaws have become more important to attackers, because they allow them to slip by a network's more secure network defenses and attack the internal systems, which are generally less well guarded, said Window Snyder, chief technology officer for security start-up Matasano and a former security strategist for Microsoft.

"There are so many ways to get past the perimeter and once you are in, it's an open field," Snyder said. "Internal applications have not been audited with the same rigor as core external applications."

The change in focus leaves system administrators having to worry about which of their desktop applications have been well audited, she said.

"We have to worry about vulnerabilities in Notepad - that is now considered a product that can affect your security," Snyder said.

Yet, fuzzing tools can, and should be, used for defense, nCircle's Keanini said. In many ways, fuzzers bring the same automated code checking capabilities as the static code checkers that are now being used with greater frequency by companies to audit their program code. And company administrators who decline to check a program do so at their own risk, because program complexity - and the number of vulnerabilities - has skyrocketed, he said.

"It used to be that the client was twenty times smaller than the server," Keanini said. "That's not the case anymore. There are clients that are bigger than operating systems - it's grotesque. There is nothing thin about the client anymore."

For his part, Moore has already tired of trying out fuzzing techniques, but he may try coding one more, he said. Almost every browser has plug-ins to handle Adobe's Flash format, and the security researcher said he wonders about the code's security.

"These are plug-ins that are installed by default, and no one has really taken a look at a corrupted Flash generator," he said.

Soon, that may not be true.

This article originally appeared in SecurityFocus

Copyright © 2006, SecurityFocus

Update

Microsoft's statement was added to the article late Wednesday, following the company's response to SecurityFocus's request for comment. The original article was posted at 8am PST.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.