lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu Aug 25 19:40:16 2005
From: labs-no-reply at idefense.com (iDEFENSE Labs)
Subject: iDEFENSE Labs Releases File Format Fuzzing Tools
	and Announces Quarterly Award Winners

Open Source Tools
-----------------

iDEFENSE Labs is officially releasing three tools designed to automate
the discovery of file format vulnerabilities. FileFuzz, SPIKEfile and
notSPIKEfile were originally released at Black Hat 2005 and have now
been released as open source tools and are available for download from:

   http://labs.idefense.com

FileFuzz:
Authored by Michael Sutton, FileFuzz is a graphical, Windows based file
format fuzzing tool. FileFuzz was designed to automate the creation of
abnormal file formats and the execution of applications handling these
files. FileFuzz also has built in debugging capabilities to detect
exceptions resulting from the fuzzed file formats. 

SPIKEfile:
Authored by Adam Greene, SPIKEfile is a Linux based file format fuzzing
tool, based on SPIKE 2.9. It was designed to automate the launching of
applications and detection of exceptions caused by fuzzed files. It uses
standard SPIKE scripts to generate files and utilizes ptrace to pick up
interesting signals and dump register state.

notSPIKEfile:
Authored by Adam Greene, notSPIKEfile is a Linux based file format
fuzzing tool. It was designed to automate the launching of applications
and detection of exceptions caused by fuzzed files. It operates on an
existing valid file and creates fuzzed files. It utilizes ptrace to pick
up interesting signals and dump register state.
 
More information, screenshots and source code are available on the
software releases page and bundled archive.

Quarterly VCP Award Winners
---------------------------

iDEFENSE Labs is pleased to announce the following three contributors as
the award winners of the incentive program for the 1st quarter of 2005.

    * $3,000 1st place Tim
    * $2,000 2nd place fingerout
    * $1,000 3rd place anonymous

This quarter also marks our first payment under our retention program.
Retention program award winners are as follows:

    * $5,000 1st place syscall
    * $4,000 2nd place anonymous
    * $3,000 3rd place infamous41md@...pop.com
    * $2,000 3rd place Gael Delalleau
    * $1,000 3rd place CIRT.DK

Please note that this is the final quarter that payments will be made
under the original pricing scheme. Going forward, payments will reflect
the improved programs announced on 07/26/2005.

Congratulations. For information regarding the details of the rewards
program please refer to:

        http://www.idefense.com/poi/teams/vcp_reward_programs.jsp

Further information about iDEFENSE Labs, the Vulnerability Contributor
Program and access to open source tools can be found at:

        http://labs.idefense.com

Michael Sutton
Director, iDEFENSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ