BitBlaze tool boosts bug-hunting productivity 10-fold
Noted vulnerability researcher Charlie Miller talks up tool at Black Hat
Computerworld - Researchers and developers -- and for that matter, hackers -- can dramatically slash the time it takes to root out exploitable security vulnerabilities by using an open-source toolkit created at UC Berkeley, a noted bug hunter said today at Black Hat.
BitBlaze can cut the time required to identify a hackable bug from days or even weeks to just hours, said Charlie Miller, an analyst with Independent Security Evaluators (ISE), a Baltimore-based security consultancy. Miller presented his findings at the security conference that kicked off Wednesday in Las Vegas.
"It's not really hard to find bugs anymore," said Miller in an interview earlier this week as he prepared for Black Hat. "The problem is that we find all these crashes using fuzzing, but we don't know what to do with them. The hardest part is prioritizing them and the underlying vulnerability that caused the crash."
Miller was joined today at the Black Hat briefing by Noah Johnson, a computer science Ph.D. candidate at the University of California Berkeley. Johnson is part of a team at the school that developed BitBlaze, a multi-tool platform that automates malicious code analysis.
In some ways, the Miller-Johnson Black Hat talk was a follow-up to Miller's "fuzzing" work earlier in the year.
At the CanSecWest security conference in March, Miller demonstrated how he was able to find scores of possible bugs using what he called a "dumb fuzzer," a concise tool that automatically searches for flaws in software by inserting data to see where a program failed. Fuzzing is a common technique used not only by outside researchers, but by developers to spot bugs before they release their software.
Miller, the only researcher to win the CanSecWest-hosted Pwn2Own hacking contest three years running, created a stir at the conference when he refused to hand over what he'd found to Apple, Adobe or Microsoft. Instead, Miller said he wanted to show vendors how easy it was to uncover bugs, which he hoped would prompt them to do more fuzzing of their own.
"I logged more than 40 crashes in Adobe Reader, over 200 in Apple's Preview," said Miller of his fuzzing work earlier this year. "But the tool I was using then, Microsoft's "!exploitable" [pronounced 'bang exploitable'] said that six of those Adobe crashes were likely exploitable."
Half of the time, !exploitable told Miller it couldn't determine whether the crash could lead to exploitation. "In that way, it doesn't help at all," said Miller.
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!