BitBlaze tool boosts bug-hunting productivity 10-fold

Noted vulnerability researcher Charlie Miller talks up tool at Black Hat

1 2 Page 2
Page 2 of 2

To verify whether a !exploitable-identified flaw could be attacked, and more importantly, to determine where in the code the flaw lay and how it could be exploited, would take time that Miller didn't have. "I didn't have the time to look at them manually," he said. "It would take at least a day, maybe a week, to examine each of those [six suspicious] crashes in Reader."

But by using BitBlaze -- which was recommended to him by Microsoft researcher David Molnar -- Miller was able to analyze the faulty code in hours, not days or weeks.

"I used the generic binary mapping tool in BitBlaze to look at the good file and the bad file," said Miller, referring to his fuzzing-produced version as the "bad" file. "I ran both those files and turned on tracing, which records every instruction and how data flows through the file. It doesn't spit out an exploit, of course, but it lets you trace the problem [that generated the crash]."

With BitBlaze, Miller was quickly able to identify four critical vulnerabilities in Microsoft Word from his collection of 60-some fuzzing-produced crash reports.

Once BitBlaze pinpoints a vulnerability, a researcher can then start to work on an exploit that will trigger the bug.

Although the implications to security researchers are obvious -- they will be able to crank up their production of vulnerability discoveries -- Miller also argued that developers should be using BitBlaze, too.

"Developers can use BitBlaze to more quickly figure out what made their programs crash," he said. "If you were finding 10 bugs a month before, you'll be able to find 100 a month with BitBlaze."

Finding bugs isn't the tough part of a researcher's or developer's job -- not with the kind of results fuzzing provides, said Miller. "Now, it's which crashes are the most serious ones, and which are actually exploitable," he said.

"With BitBlaze, you can [cut] the time you spend figuring out what's going on from a week to a few hours," Miller said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

1 2 Page 2
Page 2 of 2
How to protect Windows 10 PCs from ransomware
Shop Tech Products at Amazon