Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analyzing Binaries For Security Problems

Posted by CowboyNeal on from the look-ma-no-source-code dept.

Matt writes "At the last talk at BlackHat in Las Vegas, Greg Hoglund demonstrated a product for sale by his new company that analyzes binaries for security vulnerabilities. He showed the analysis of several commercial products, the results of which were shockingly insecure. This product should help end the debate of closed source or open source applications being more or less secure."

4 of 304 comments (clear)

  1. Slackware Linux ships with just such a product by Anonymous Coward · · Score: 4, Funny
    It's called "file", and you can use it to recognize problematic/insecure binaries.

    $ file /usr/lib/jed/bin/w32/w32shell.exe
    /usr/lib/jed/bin/w32/w32shell.exe: MS Windows PE 32-bit Intel 80386 console executable not relocatable

    And voila!

  2. Uh oh by beacher · · Score: 5, Funny

    I just put my boss's Windows 2003 Server CD under a microscope to examine the binaries.. Started zooming in.. and then SNAP. The bitch cracked into 2. I'll put gentoo on the server now and just tell him that a security cracker broke his shit.
    -B

  3. Re:obfuscation by darkov · · Score: 4, Funny

    I'd like to know exactly how it does this.

    It searches for '(c) Copyright Microsoft Corporation'.

    --
    Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
  4. Re:Like the concept, but... by Anonymous Coward · · Score: 5, Funny

    Speaking as a programmer I can say this is a load of horse pucky. Firstly, if we wanted to use encryption, we would simply use encryption. Secondly, stenograhpy is deliberating hiding information within outher information, but that's not what compiled code is doing.

    Speaking as a stenographer, I can say this is a load of horse pucky. Stenography is using shorthand to write/type things. You must be thinking of steganography, which is hiding information.