Dailydave mailing list archives
ie fuzz prevention
From: "matthew wollenweber" <mwollenweber () gmail com>
Date: Thu, 30 Aug 2007 14:49:43 -0400
Today I decided to start fuzzing IE to prepare for an upcoming pen test. I know the target has a small externally accessible attack surface, so developing a nice IE exploit seemed like a good idea. This is my first time fuzzing IE, and I'm immediately surprised by two things: 1. How easy it is to get IE to throw a fault 2. How ungodly slow IE loads fuzzed pages While the first is good, when I play the evil bad guy, the second is quite irksome. I think it might make a good talking point for MS, I mean Firefox loads the pages about 10x as fast so fuzzing is much easier. I can see it now, Microsoft: "Our web browser is so slow attackers can't exploit it". Maybe slowness is Microsoft's new anti-hacker strategy. Vista is their "most secure" OS and you can barely even surf the web while listening to music. I think I see a pattern!!! :) -- Matthew Wollenweber mwollenweber () gmail com | mjw () cyberwart com www.cyberwart.com
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ie fuzz prevention matthew wollenweber (Aug 30)
- Re: ie fuzz prevention J.M. Seitz (Aug 30)