Babysitting An Army Of Monkeys: An Analysis Of Fuzzing 4 Products With 5 Lines Of Python presented at CanSecWest 2010

by Charlie Miller (Independent Security Evaluators),

Summary : Whether you agree with Charlie's philosophy or not, you can always depend on him for an informative and entertaining presentation. Charlie demonstrated the laziness of our business by using 5 lines of Python to dumb fuzz 4 common applications. He'd won two of his test Macs at CanSecWest in previous Pwn20wn contests. His findings for exploitable vulnerabilities in Adobe Acrobat Reader, Apple Preview, OpenOffice Impress, and Microsoft PowerPoint for Mac were disturbing. Our industry has a long way to go simply to meet the basic security requirements we should demand from our vendors.