Moore's the modern Weegee
'Credit hole by HD Moore the famous'
One of the most interesting characters to live and thrive in New York City between the Depression and the end of World War II - a time when interesting characters seemed to make up the lion's share of dwellers in that great American city - was Weegee.
A photographer by trade, a dweller in the night by temperament, and a freelancer by design, Weegee (real name, Arthur Fellig) prowled about the city from dusk to dawn in his car. In it he kept a shortwave radio tuned to the channels used by the cops, a typewriter, his 4x5 Speed Graphic camera, and the chemicals needed to immediately develop photos, plenty of cigars, and fresh underwear, just in case.
Weegee had the almost uncanny ability to appear on the scene just after - or just as - something dramatic, crazy, violent, or catastrophic happened, even before the police arrived (hence the name: Weegee as in "Ouija," like the board game).
He'd hop out of his car, take the photos that brought him fame and cash, develop the film in his car's trunk slash darkroom, and then drive the fresh prints to the papers that bought his work: The Daily News, The Daily Mirror, and PM.
Weegee's photos still have an astonishing power today, well over half a century after they were taken. Murdered citizens and gangsters (this one's kinda graphic, so you've been warned), victims of fires and car accidents, folks sleeping on fire escapes to beat the sweltering heat, lovers kissing passionately while watching a 3D movie, overwhelming massess of humanity at Coney Island, an interesting mix of city dwellers on New Year's Eve, Harlem church-goers, bums.
Weegee showed the world the New York of heat, sweat, crime, and death. His photos weren't always pretty, but they revealed the real city, and they told the truth. Sometimes people don't want to hear the truth - it's ugly, or it's unpleasant, or it damages the business interests of certain individuals. But that truth needs to be published, and people need to see it.
Which brings me to HD Moore and the Month of Browser Bugs Project. Moore is one of the brightest guys working in the security world right now, especially in the area of vulnerability research. He's responsible for the awesome Metasploit Project, an "advanced open-source exploit development platform...for legal penetration testing and research purposes" that currently contains 143 exploits and 75 different payloads (for more on the Metasploit Framework, check out previous SecurityFocus articles of interest).
After his interest was piqued by the work of others, Moore began creating his own fuzzers.
A fuzzer basically sends randomised data to a program's inputs. If something weird happens - a crash, for example - then the fuzzer has done its job. Moore's fuzzers first looked for flaws in Internet Explorer's implementation of ActiveX (unsurprisingly, a rich source of bugs and issues). From there he spread out to a fuzzer that tests various browsers' methods for DHTML.
On 2 July, Moore wrote the following in his blog:
Over the last few months, I have taken an interest in web browser security flaws. This interest has resulted in my collaboration on a few fuzzing tools...The vendors have been notified and the time has come to start publishing the results. I will publish one new vulnerability each day during the month of July as part of the Month of Browser Bugs project.
This information is being published to create awareness about the types of bugs that plague modern browsers and to demonstrate the techniques I used to discover them.