26th March 2015
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
|
|
MIT Researchers Debut Debugger for Integer Overflows
From https://threatpost.com/mit-researche...erflows/111827 :
Quote:
Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems.
Researchers from the school's Computer Science and Artificial Intelligence Laboratory (CSAIL) last week debuted the platform dubbed DIODE, short for Directed Integer Overflow Detection.
As part of an experiment, the researchers tested DIODE on code from five different open source applications. While the system was able to generate inputs that triggered three integer overflows that were previously known, the system also found 11 new errors.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|