parsers fall down go boom?

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good read: http://www.cert.fi/en/reports/2009/vulnerability2009085.html

So fuzzing can find lots of cool bugs, and one of the things you
eventually learn is that you don't want to attach a giant parser where
you don't absolutely have to.

This is the sort of global statement that leads you to believe that
entire technology segments are a bit wonky (aka, NIDS, NIPS, AV, WAF
("Web Application Firewall"), etc.).

Of course, "don't do it unless you absolutely have to" sometimes means
you still do it. This morning when I got in, I read an email
announcement from D2 about a new exploit they've released that targets a
popular WAF. Lemme tell you, there's nowhere a hacker would rather be
than on your WAF. If for no other reason than the irony, because hackers
have good senses of humour.

D2's CANVAS pack is like, less than 2K USD. Honestly, you'd have to be
crazy not to buy it just to find out which WAF I'm talking about in this
email. :>

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp7MMgACgkQtehAhL0ghep5gACdExaRDPaqwMn7hlhTdWDtHfTA
qG0AnRZiyorZfJgpbGJMFhx6VaW8cMev
=rR8P
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave