Darrell Hudson

Clipping interesting articles & photos

Microsoft, Googler tussle over bug timeline

Amplify’d from www.computerworld.com

Spar over Google security engineer’s ‘fuzzer’ release, IE vulnerability

On Saturday, Michal Zalewski, a vulnerability researcher who works on Google’s security team, publicly released a new “fuzzing” tool called “cross_fuzz” that he had used to find more than 100 bugs in the five major browsers: Chrome, Firefox, Internet Explorer (IE), Opera and Safari. He also published a crash dump of one of the IE bugs he believed could be exploited.

“Working with software vendors to address potential vulnerabilities in their products before details are made public reduces the overall risk to customers,” said Jerry Bryant, a spokesman for the Microsoft Security Research Center, or MSRC, in an e-mail late Monday. “In this case, risk has now been amplified.”

“The current PR messaging from Microsoft implies that substantial differences existed between July and December fuzzer variants, and that the July 29 [fuzzer] could not reproduce the vulnerability,” Zalewski said in an update to his timeline.

“The IE team did exhaustively run the fuzzers but were unable to find the same crashes that you and Dave [of Microsoft] are now able to identify,” the message stated. “I can’t really say as to why we are able to hit some of these conditions now rather than before but please know that this was not intentional.”

Read more at www.computerworld.com



Single Post Navigation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: