Archive for May, 2008

Peach 2.1 Fuzzer BETA2 Released

May 14, 2008 @ 9:29 am · Filed under Fuzzers

Michael Eddington has released Peach 2.1 Beta2 today. This release includes many bug fixes, features, improvements, and supersedes 2.0 as the recommended version to use.

Some of the updates include:

- Unittests to improve stability and reliability
- Improved COM support including properties
- Improved state machine
- Fuzz network clients easily by listening for connections, not just creating them
- Remote publishers allow sending data through a Peach Agent to a remote host
- Improved Linux and OS X support via debugger.UnixGdb monitor (uses beta pygdb module)
- Deterministic fuzzing will perform test count calculation in separate thread to speed fuzzing
- Improved documentation. See the Peach 2 Tutorial which is quickly becoming the Peach 2 Guide

I am really happy to see more support for OS X. Peach 2.1 Beta1 did not work well on OS X. You really had to do allot to get it to work.

You can download Peach 2.1 Beta2 here:
http://sourceforge.net/project/showfiles.php?group_id=149840

Comments

Major career web sites hit by spammers attack

May 12, 2008 @ 10:20 am · Filed under News

What is the future of spamming next to managed spamming appliances, like the ones already offered for use on demand? It’s targeted spamming going beyond the segmentation of the already harvested emails on per country basis, and including other variables such as city of residence, employment history, education, spoken languages, to ultimately set up the perfect foundation for targeted spamming and malware campaigns.

Email harvesting has been around since the early days of spamming, when the handy point-n-click mailto made it possible for the first databases of harvested
emails to appear.

Full story here:
http://blogs.zdnet.com/security/?p=1085

Comments

Tmin fuzzing test case optimizer released

May 6, 2008 @ 5:17 pm · Filed under Fuzzers

Tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.

The tool is somewhat related to delta, which is a more featured general purpose optimizer but is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), for hands-off detection of security fault conditions, and for easy integration with UI testing harnesses.

tmin is also capable of reducing the complexity of alphabets used on datasets that cannot be further trimmed down in size.

Below is an example run of tmin:

$ cat testcase.in
This is a lengthy and annoying hello world testcase.

$ cat testme.sh
#!/bin/bash

grep "el..*wo" || exit 0
exit 1

$ ../tmin -x ./testme.sh
tmin - complex testcase minimizer, version 0.03-beta (lcamtuf@google.com)
[*] Stage 0: loading 'testcase.in' and validating fault condition...
[*] Stage 1: recursive truncation (round 1, input = 53/53)
[*] Stage 1: recursive truncation (round 2, input = 27/53)
[*] Stage 1: recursive truncation (round 3, input = 14/53)
[*] Stage 1: recursive truncation (round 4, input = 10/53)
[*] Stage 1: recursive truncation (round 5, input = 8/53)
[*] Stage 1: recursive truncation (round 6, input = 7/53)
[*] Stage 2: block skipping (round 1, input = 7/53)
[*] Stage 2: block skipping (round 2, input = 6/53)
[*] Stage 2: block skipping (round 3, input = 5/53)
[*] Stage 3: alphabet normalization (round 1, charset = 5/5)
[*] Stage 3: alphabet normalization (round 2, charset = 5/5)
[*] Stage 4: character normalization (round 1, characters = 4/5)
[*] All done - writing output to 'testcase.small'...

== Final statistics==
Original size : 53 bytes
Optimized size : 5 bytes (-90.57%)
Chars replaced : 1 (1.89%)
Efficiency : 9 good / 49 bad
Round counts : 1:6 2:3 3:2 4:1

$ cat testcase.small
el0wo

Download:
http://code.google.com/p/tmin

Usage:
http://code.google.com/p/tmin/wiki/TminManual

Comments

NiN Gives Away Full Length Album - The Slip

May 5, 2008 @ 9:09 am · Filed under Misc, News

Nine Inch Nails is giving away their new album for free entitled The Slip, exclusively from NiN.com. The album is available in a variety of formats including high-quality MP3, FLAC and or M4A lossless at CD quality and even higher-than-CD quality 24/96 WAVE.

Click on the link below to your copy:

http://dl.nin.com/theslip/signup

Comments