How is this stuff found? in

How is this stuff found? in http://www.dslreports.com/forum/r17524422 en Wed, 02 Dec 2009 14:21:35 EDT Wed, 02 Dec 2009 14:21:35 EDT Re: How is this stuff found? http://www.dslreports.com/forum/remark,17526678 anon : For buffer overflows, you can just try dumping a long, long string of data into every function that takes strings of data and see which ones crash.

If a long, long string of data causes your OS to crash (in one way or another, not necessarily requiring a complete reboot), then you've overwritten something and maybe you can use this to your advantage to overwrite executable code.]]> http://www.dslreports.com/forum/remark,17526678 Tue, 26 Dec 2006 19:49:40 EDT Re: How is this stuff found? http://www.dslreports.com/forum/remark,17525607 severach : Black hats harm everybody by destroying stuff. The white hats either do something that is unimportant to you or something that is highly desirable to you but highly undesirable to Microsoft. For example, if a white hat found out a way to permanently disable the signed driver protection in Vista, that would be wonderful for everyone in the world except for Microsoft who's sole purpose for that feature is to prevent you and me from modifying the system to our advantage. Noone wants that except for Microsoft.]]> http://www.dslreports.com/forum/remark,17525607 Tue, 26 Dec 2006 14:17:52 EDT Re: How is this stuff found? http://www.dslreports.com/forum/remark,17525540 72276539 :

said by John_W

:

MS has had a habit of ignoring white hat findings, or at best putting off, where other software companies, like mozilla, who who get their patches right out there as soon as they can.

It's a hell of a lot fuckin easier to edit code on a browser then an entire OS. How bout comparing apples to apples instead of apples to porcupines.

PS- Answer the OP's question while you are at it.
--
RIP Dimebag- August 20, 1966 to December 8th, 2004.]]> http://www.dslreports.com/forum/remark,17525540 Tue, 26 Dec 2006 14:03:20 EDT Re: How is this stuff found? http://www.dslreports.com/forum/remark,17525142 rdmiller : didn't answer the question!]]> http://www.dslreports.com/forum/remark,17525142 Tue, 26 Dec 2006 12:47:06 EDT Re: How is this stuff found? http://www.dslreports.com/forum/remark,17524464 John_W : It's the black hats we have to worry about.

It's the white hats MS has to worry about. It's how quickly the software companies respond to the white hat vulnerability discoveries that concern us.

Almost all, if not all, software has some sort of exploitable code in it. It is just how fast those companies fix the problem that makes the difference between a good and bad company. MS has had a habit of ignoring white hat findings, or at best putting off, where other software companies, like mozilla, who who get their patches right out there as soon as they can.
--
Chef says to put a cucumber down my pants for good luck.]]> http://www.dslreports.com/forum/remark,17524464 Tue, 26 Dec 2006 10:11:42 EDT How is this stuff found? http://www.dslreports.com/forum/remark,17524422 bleearg13 : Reading about one of the vulnerabilities, I'm interested to know how these vulnerabilities are discovered. There are obviously hackers/crackers and researchers alike that spend every waking hour trying to identify vulnerabilities, but exactly how is it done? Most specifically, this exploit regarding the "MessageBox" function:

»www.darkreading.com/document.asp···d=113414

How on earth is this found?]]> http://www.dslreports.com/forum/remark,17524422 Tue, 26 Dec 2006 09:59:19 EDT