{"id":16765,"date":"2010-03-25T12:03:00","date_gmt":"2010-03-25T07:03:00","guid":{"rendered":"http:\/\/localhost\/?p=16765"},"modified":"2010-03-25T08:03:34","modified_gmt":"2010-03-26T03:03:34","slug":"babysitting-an-army-of-monkeys-fuzzing-with-charlie-miller-at-cansecwest","status":"publish","type":"magazine","link":"https:\/\/brainstation.io\/magazine\/babysitting-an-army-of-monkeys-fuzzing-with-charlie-miller-at-cansecwest","title":{"rendered":"Babysitting an army of monkeys: fuzzing with Charlie Miller at CanSecWest"},"content":{"rendered":"<p><span>Charlie Miller, the <\/span><a href=\"http:\/\/dvlabs.tippingpoint.com\/blog\/2010\/02\/15\/pwn2own-2010\">PWN2OWN<\/a><span> winner and security consultant with <\/span><a href=\"http:\/\/securityevaluators.com\/\">Independent Security Evaluators<\/a><span>, guided the attendees at <\/span><a href=\"http:\/\/cansecwest.com\/\">CanSecWest<\/a><span> through &ldquo;Babysitting an army of monkeys: An analysis of fuzzing four products with 5 lines of Python&rdquo; today.&nbsp;<\/span><\/p>\n<p><span>Miller, best known for pointing out numerous security flaws in Apple products, explained how he fuzzed (which consists of sending large amounts of error-filled and odd data in order to expose and exploit bugs) through &ldquo;dumb fuzzing&rdquo; which is taking good input, addng anomalies to it and aiming it at a program. &ldquo;Smart fuzzing&rdquo; anticipates what kind of data a program expects and working around it. Smart fuzzing can be more effective but is more work. A &ldquo;compromise for the lazy&rdquo; is to use dumb fuzzing with lots of initial files, which hopefully fuzzes all the features of a program.&nbsp;<\/span><\/p>\n<p><span>Fuzzing, Miller said, isn&rsquo;t about creating test cases as much as it is about filtering. Start with a ton of test cases, filter those that don&rsquo;t work, and repeat until you find exploitable flaws.<\/span><\/p>\n<p><span>Specific applications that proved vulnerable on OS X included Adobe Reader 9.2.0. Mller created over 1500 files, fuzzed them to create over 3 million fuzzed files, then pummeled Reader with those files and noted the crashes they caused.&nbsp;<\/span><\/p>\n<p><span>Miller repeated the process in Preview, Apple&rsquo;s graphic viewer. The bugs that show up in Preview also appear in Safari. Of all the files he threw at Preview, five percent crashed the program, something Miller termed &ldquo;not good&rdquo;.&nbsp;<\/span><\/p>\n<p><span>But what of the iPhone? Miller said most of the bugs he&rsquo;s found don&rsquo;t work on the iPhone, which has a much smaller code base. Mobile Safari will show PDFs, but it&rsquo;s a much smaller browser and doesn&rsquo;t &ldquo;have much to work with.&rdquo;<\/span><\/p>\n<p><span>In a PDF viewer showdown, Reader came out far ahead of Preview. Miller then tried fuzzing Open Office and Microsoft Office Powerpoint (2008 for Mac). He found that in this contest, &nbsp;Open Office was a little more exploitable than PowerPoint, but not by much.<\/span><\/p>\n<p>His conclusions were that vendors should fuzz their products, and fix the bugs they find, or else someone else will find them and possibly exploit them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Charlie Miller, the PWN2OWN winner and security consultant with Independent Security Evaluators, guided the attendees at CanSecWest through &ldquo;Babysitting an army of monkeys: An analysis of fuzzing four products with 5 lines of Python&rdquo; today.&nbsp; Miller, best known for pointing out numerous security flaws in Apple products, explained how he fuzzed (which consists of sending [&hellip;]<\/p>\n","protected":false},"author":51253,"featured_media":16767,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"magazine-region":[],"magazine-series":[],"magazine-topic":[],"class_list":["post-16765","magazine","type-magazine","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/magazine\/16765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/magazine"}],"about":[{"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/types\/magazine"}],"author":[{"embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/users\/51253"}],"version-history":[{"count":0,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/magazine\/16765\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/media\/16767"}],"wp:attachment":[{"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/media?parent=16765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/categories?post=16765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/tags?post=16765"},{"taxonomy":"magazine-region","embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/magazine-region?post=16765"},{"taxonomy":"magazine-series","embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/magazine-series?post=16765"},{"taxonomy":"magazine-topic","embeddable":true,"href":"https:\/\/brainstation.io\/wp\/api\/wp\/v2\/magazine-topic?post=16765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}