Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Week of Oracle Database Bugs

From: sinan.eren () immunitysec com
Date: Mon, 27 Nov 2006 14:12:53 -0500 (EST)

Jared,

I don't think there could be anything special or uber cool about a fuzzer.

I always assume there are millions out there that write better and 
thousands more lines of C/python/ruby code than me every single day. They 
have much more free time in their hands and the usual academic buzz words 
(genetic algorithms etc.) to ponder on all day. OULU being the prime example.
There is no point in me targeting their share of the fish so instead as 
somebody with tiny resources would, I go for the deep sea fish which they 
never ever seem to catch with their sweeps since they don't reach deep 
enough.

It would be naive to think that you can outsmart all that lot and hunt 
with similar tools and still believe it is uniquely yours.

cheers,
sinan


On Mon, 27 Nov 2006, Jared DeMott wrote:





For example, bugs found with fuzzers are rarely worth a lot of money.
As Sinan says, "Fish caught with a wide net go brown quickly".


Interesting.  Would you say that's always true, even if someone believes
they have a "special" secret uber cool whatever fuzzer?
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: