Microsoft Unveils Open Source Exploit Finder 310
Houston 2600 sends this excerpt from the Register about an open-source security assessment tool Microsoft presented at CanSecWest:
"Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it's still under development. As its name suggests, !exploitable Crash Analyzer (pronounced 'bang exploitable crash analyzer') combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a 'game changer' because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk."
Bang exploitable (Score:1, Funny)
LOL
Damn you microsoft! For the next few months I won't be able to read the "not" operator without giggling.
Open Source?! Wait for it... (Score:3, Funny)
'hellfrozeover' tag in 3... 2... 1...
I'm feeling quite dizzy... (Score:4, Funny)
Microsoft has released an open source product that detects security flaws in code... my irony detector just exploded. :)
Things that make you go hmmm... (Score:5, Funny)
Could Microsoft be purposely trying to confuse people and associate the terms "open source" and exploits?
It's nice to see... (Score:3, Funny)
Microsoft releasing their internal tools finally. I myself am waiting for their '!MakePortedAppsSuck' and '!CrushAllResistance' apps with baited breath...
Re:auto-hack or brute force? (Score:1, Funny)
They also don't say they've run any of it on Microsoft products or standards before...
Quite a few(think SMB) could have used a bit of fuzz-testing before the ink dried.
pronounced 'bang exploitable crash analyzer' (Score:2, Funny)
interesting excerpt from bang source code (Score:5, Funny)
int assess_severity( struct* bug )
{
string vendor = get_application_vendor( bug );
if ((vendor == "Google") ||
(vendor == "Adobe") ||
(vendor == "Mozilla"))
return MAJOR_RISK_UNINSTALL_IMMEDIATELY;
else if (vendor == "Microsoft")
return TRIVIAL_SECURITY_RISK;
else
return MODERATE_SECURITY_RISK;
}
Re:It's nice to see... (Score:4, Funny)
with baited breath...
Speaking of Microsoft and security, I think you've picked up a worm.
Re:Bang exploitable (Score:5, Funny)
Every time they see "!=" they interpret is as "bang equals". That sounds like definitely equals, doesn't it? Like, dude, those are so equal it's not even funny, equal.
No wonder they have all those buffer overflow exploits. Their logic checks that include the not modifier are all wrong.
Re:really? (Score:2, Funny)
Are you sure, Coward?
Please, no need for the formality. You can call me Anonymous...
Re:I'm feeling quite dizzy... (Score:2, Funny)
Rules of Open Source club (Score:5, Funny)
1. Fork the project
2. Change the name
Re:It's nice to see... (Score:3, Funny)
Re:Bang exploitable (Score:2, Funny)
Bang Exploitable Crash Analyzer, programmed in C Pound Point Net.
Re:There's already proof that this can't work (Score:5, Funny)
Exactly. That's why I'm also against railroad crossing gates, smoke detectors, and those silly "Bridge Out" warning signs.
Here is the code (Score:3, Funny)
#include <stdlib.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
#ifdef WIN32
fprintf(stderr, "Your system is not secure\n");
#else
fprintf(stderr, "Your system is not popular enough to be targetted, therefore it is secure\n");
#endif
return 0;
}
Re:interesting excerpt from bang source code (Score:2, Funny)
Sorry if I come across as an asshole. I'm currently working to raise the code quality at my company and see similar code every day. It gives me the itch...
Microsoft Unveils Open Source Exploit Finder? (Score:3, Funny)
What! You mean they Open Sourced Windows!??!