[Dailydave] Immunity Debugger on eWeek

Dave Aitel dave at immunityinc.com
Wed Aug 8 10:25:51 EDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If I had a quarter for every time someone said to me they were going
to reverse a binary into an intermediate language and do slicing on it
to find all the bugs, I'd ... well, I'd be able to buy some ice cream
at least. But regardless, the automatic analysis the article was
talking about refers to the script I was demoing at our booth at
defcon (linked off the Immunity Debugger web page):
http://www.immunityinc.com/images/immdbg-stackvars.png

It's a lot simpler than most analysis scripts, since Bas whipped it up
in a couple days to demonstrate and test the Python API. But it does
work for the trivial case here, which makes it cool in my book. Just
having all the functions marked up nicely to point out sizes is useful.

- -dave

Isaac Dawson wrote:
> I'd say chalk that one up to FUD. I love the "near automatic"
> commentary, also it's pretty easy to tell this journalist doesn't
> really know what they are saying. The fact that she did not even
> read that the tool is called "Immunity Debugger" not Debugger says
> quite enough for the rest of the content of the article. Also I bet
> some people at McAfee aren't too pleased with the managers
> response. Why is it journalists always talk to the managers and not
> the technical people? Just easier to get a hold of and get their 2
> cents worth? Doesn't he know that Foundstone creates tools to "find
>  bugs easier", and in fact has many training materials to help
> people learn how to find web vulnerabilities?
>
>>>> Marcus said he doesn't think that "the bug exists already"
>>>> argument is a
> good one. "Yes, we know that," he said. "We know the bugs are in
> the code. But making more and more tools" to make it easier to find
> those bugs, that, he said, is not going to make his customers
> happy.
>
> "They'll all do this," he said, rolling his eyes to the ceiling.
> "'Great!'" <<<
>
> Gold Jerry, Gold. -isaac
>
>
>
>
> On 8/6/07, Hybridus <hybridus at gmail.com> wrote:
>> http://www.eweek.com/article2/0,1895,2166829,00.asp
>>
>> <>What it means is more zero days, Marcus said. "And that's
>> certainly not a good thing.(Why?) I think you'll see a spike in
>> zero days, and contributions to the zero-day initiative, because
>> it makes it easier to find vulnerabilities.</>
>>
>> Vulnerability is already out there, people/tools don't create
>> them. I don't understand what's the matter with zero days..
>>
>> --
>>
>> -- _______________________________________________ Dailydave
>> mailing list Dailydave at lists.immunitysec.com
>> http://lists.immunitysec.com/mailman/listinfo/dailydave
>>
>
> ----------------------------------------------------------------------
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGudJtB8JNm+PA+iURAk/kAKDkFRDgdwT7JMeByw9GDCM50A3exwCgyW0s
ONfa/BcSZjVjjgxAKcB70Z4=
=8/NV
-----END PGP SIGNATURE-----

More information about the Dailydave mailing list