Mozilla Releases Hacker Tools

Mozilla is beginning to give away programs used by both the good guys and the bad guys to discover critical program vulnerabilities.

The programs, called fuzzers, have so far been for internal use only. Fuzzers poke at programs in search of vulnerabilities that can arise when an application receives data it doesn't expect.

Programmers and security researchers use them to identify vulnerabilities that they can then fix, or warn people about. Online crooks use them to find holes that they can attack.

At the BlackHat conference today, Mike Shaver of Mozilla said the open-source tools are primarily meant to help other programmers discover holes in their own software.

To help make sure that the black hats don't get just as much use out of the fuzzers, Mozilla is only releasing older tools that it and other companies - including Microsoft, Apple and Opera - have already had the chance to use on their own programs, and theoretically close the discovered holes.

One Javascript fuzzer is available now from Mozilla. Shaver says fuzzers for HTTP and FTP testing will follow within two months or so, and other types will come after that. They'll all be announced at blogs.mozilla.com/security.

Comments

Post a comment Post a comment

0 / 1000 max characters