[Dailydave] ie fuzz prevention
matthew wollenweber
mwollenweber at gmail.com
Thu Aug 30 14:49:43 EDT 2007
Today I decided to start fuzzing IE to prepare for an upcoming pen test. I
know the target has a small externally accessible attack surface, so
developing a nice IE exploit seemed like a good idea. This is my first time
fuzzing IE, and I'm immediately surprised by two things:
1. How easy it is to get IE to throw a fault
2. How ungodly slow IE loads fuzzed pages
While the first is good, when I play the evil bad guy, the second is quite
irksome. I think it might make a good talking point for MS, I mean Firefox
loads the pages about 10x as fast so fuzzing is much easier. I can see it
now, Microsoft: "Our web browser is so slow attackers can't exploit it".
Maybe slowness is Microsoft's new anti-hacker strategy. Vista is their "most
secure" OS and you can barely even surf the web while listening to music. I
think I see a pattern!!! :)
--
Matthew Wollenweber
mwollenweber at gmail.com | mjw at cyberwart.com
www.cyberwart.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20070830/90cf006d/attachment.htm
More information about the Dailydave
mailing list