fuzzing



Security researcher and Google employee Michal Zalewski is warning of a potentially serious security hole that affects the three major Web browsers, Internet Explorer, Firefox and Google’s Chrome browser and that could make it easy for attackers to push malicious downloads from domains other than that being visited by unsuspecting Web users.

The news last week was that the U.S. House Energy & Commerce Committee has asked the Government Accountability Office to investigate the security of the software that runs medical devices. But a prominent researcher says that security flaws in such devices are common, and that more federal oversight is necessary to change what he describes as a culture of lax security among medical device makers.

Adobe took pains to defuse a dispute between the company and famed Google security researcher Tavis Ormandy, posting more information about the holes fixed with a patch for its Flash Player software. Adobe had claimed that 13 separate vulnerabilities were patched with the bulletin APSB11-21, while Ormandy said that patch addressed hundreds of holes. 

The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators.   During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year’s Pwn2Own hacker challenge and his thoughts on improvements in Apple’s Mas OS X.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.