Title

Autodafé: An Act of Software Torture (22c3)

Description

Automated vulnerability searching tools have led to a dramatic increase of the rate at which such flaws are discovered. One particular searching technique is fault injection – i.e. insertion of random data into input files, buffers or protocol packets, combined with a systematic monitoring of memory violations. Even if these tools allow to uncover a lot of vulnerabilities, they are still very primitive; despite their poor efficiency, they are useful because of the very high density of such vulnerabilities in modern software.

about this event: https://hacker-archive.org/assets/22C3/fahrplan/events/606.en.html

originalMediaLink

https://cdn.media.ccc.de/congress/2005/lectures/video/mp4-avc/320x240/22C3-606-en-autodafe.m4v

Date Issued

2005-12-28

Source

https://media.ccc.de/v/22C3-606-en-autodafe

Beteiligte Person

Martin Vuagnoux

Extent

00:38:43

Type

video/mp4

Tag

22c3, Hacking

Abstract

Automated vulnerability searching tools have led to a dramatic increase of the rate at which such flaws are discovered. One particular searching technique is fault injection – i.e. insertion of random data into input files, buffers or protocol packets, combined with a systematic monitoring of memory violations. Even if these tools allow to uncover a lot of vulnerabilities, they are still very primitive; despite their poor efficiency, they are useful because of the very high density of such vulnerabilities in modern software.

about this event: https://hacker-archive.org/assets/22C3/fahrplan/events/606.en.html