#DailyBug #MSIE11 #CVE-2016-0199 #MS16-063
Garbage collector attribute type confusion
details are now life athttp://blog.skylined.nl/
-
-
Replying to @berendjanwever
What is the key technique to find Type Confusion bugs in browsers?
1 reply 0 retweets 0 likes -
Replying to @HackSysTeam
luck, persistence, and (most importantly) "data coverage": trying to feed semi- or invalid data to APIs and see if they bork.
1 reply 0 retweets 1 like -
Replying to @berendjanwever
What do you use for data coverage? And by data coverage, do you mean code coverage?
1 reply 0 retweets 0 likes -
Replying to @HackSysTeam
No: the same code will run fine with valid types of data & crash with invalid: you need to try every type of data you can find.
2 replies 0 retweets 2 likes -
Replying to @berendjanwever
Ah! I see. Yeah, dedication. Well, how do you measure code coverage?
1 reply 0 retweets 0 likes -
Replying to @HackSysTeam
I don't. I measure how much bugs I'm finding and improve my fuzzers (or write new ones) if it starts dropping :)
1 reply 0 retweets 0 likes -
Replying to @berendjanwever
You bugs have always been impressive. Mind following back for DM if you want to listen to my pitfalls ;-)
1 reply 0 retweets 0 likes
I've got an open door policy: you should be able to message me regardless of whether I am following you or not. :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.