Yesterday (30 of April) I gave a lecture in WA (White Area) at CERN. I was talking about my new project (in fact Master of Degree thesis topic). This is automated testing tool which uses fuzzing technique. It can be used for generate CLI, API, Unit, Functionally, Regression, … , tests – in fact we can use it for all types of tests. Generated programs are independent from language. It can generate output program in JAVA, C, C++, Assembler, Python, Perl, C#, … languages – we can simply add new modules for add new languages.  To be more flexible, framework used Aspect-Oriented Programming  (AOP). First beta version of framework is published on CERN svn servers. It is integrated with DPM CLI tests and works pretty well 😉

18

Mar

by pi3

One day I was reviewing all bugs in bugtraq IDs (popular bids). I want to know which kind of bugs is it now popular and what is the trend of modern bugs. I came to two main conclusions:

1) The most popular are SQL/XSS bugs but in 60% this is found in software which nobody knows/uses (stupid kiddie)

2) We’ve got 2010 year and there is still possible to find stack overflow bugs! The most funny thing for me there is more remote stack overflow bugs than local 🙂

15

Dec

by pi3

More than year ago I was publish advisory in ‘mtr’ software. I think, personally, it is great bug because it can’t exist without unspecified situation in  libresolv library 🙂 The question is why have I written information about it on blog?

I forgot add this advisory in my site (sic!) 🙂 Now it’s ok and you can find this advisory here.

I attached to this advisory details and Proof Of Concept. If you haven’t read it yet i strongly recommend you to do it because it shows that sometimes if  we read source code we think bug doesn’t exists but sometimes other external stuff/bugs/unspecified situation help us to trigger and exploit unexisting bug 🙂

Is it a dream? Impossible? Bugs in CPU? No… it’s reality! CPU is only a piece of hardware. Everything have bugs… CPU too. I will give here only a piece of information about bugs in INTEL products…

OK. I haven’t written long time on blog. Today I want to show you what sometimes
yum can do without your knowledge. Few days ago I was upgrading one of system using yum.
Everything looked fine. I was happy that sometimes yum is useful. After work I went sleep
and next day I received messages that smth is fu** up with www…