Microsoft Fuzzing Botnet Finds 1,800 Office Bugs 111
CWmike writes "Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs, a company security engineer said on Wednesday. Office developers found the bugs by running millions of 'fuzzing' tests, a practice employed by both software developers and security researchers, that searches for flaws by inserting data into file format parsers to see where programs fail by crashing. 'We found and fixed about 1,800 bugs in Office 2010's code,' said Tom Gallagher, senior security test lead with Microsoft's Trustworthy Computing group, who last week co-hosted a presentation on Microsoft's fuzzing efforts at the CanSecWest security conference. 'While a large number, it's important to note that that doesn't mean we found 1,800 security issues. We also want to fix things that are not security concerns.'"
xkydgtufhlofhil (Score:5, Funny)
ghulkgiplgbvihlnk luioguilgil.bjohj110-o; Huto;bn
Hey, Microsoft! (Score:5, Funny)
"We also want to fix things that are not security concerns."
It's 5AM EST. April Fools' day is over everywhere but a few pacific islands. Give it up already.
Re:Hey, Microsoft! (Score:3, Funny)
While a large number, it's important to note that that doesn't mean we found 1,800 security issues
Don't worry, we all know that you haven't fixed any security issues.
Re:Hey, Microsoft! (Score:2, Funny)
It would actually be believable except for the "also". :P
Re:"Botnet?" (Score:5, Funny)
FTFA:
Microsoft was able to find such a large number of bugs in Office 2010 by using not only machines in the company's labs, but also under-utilitized or idle PCs throughout the company. The concept isn't new: The Search for Extraterrestrial Intelligence (SETI@home) project may have been the first to popularize the practice, and remains the largest, but it's also been used to crunch numbers in medical research and to find the world's largest prime number.
"We call it a botnet for fuzzing," said Gallagher, referring to what Microsoft has formally dubbed Distributed Fuzzing Framework (DFF). The fuzzing network originated with work by David Conger, a software design engineer on the Access team.
Odd that they would call it that publicly, given the negative connotation of the word. I would have called it "fuzzy clouds grid computing" or something like that.
Re:"Botnet?" (Score:4, Funny)
Let me explain: Microsoft discovered that all of their desktop computers were zombied with malware, and after wresting control from the botnet C&C, decided to take advantage of this increased ability to remotely administer their computers to run QA tests, on the off chance there might be some need for it.
</joke>
Re:"Botnet?" (Score:5, Funny)
They had to infect the computers with Office 2010.
Re:"Botnet?" (Score:5, Funny)
"Cluster Fuzzed" would be much better, specially when somebody finds a remote exploit in their cluster code, then Microsoft will be cluster fucked.
Re:"Botnet?" (Score:2, Funny)
Re:New bugs (Score:5, Funny)
Re:1800 down, 10,000,000 to go (Score:3, Funny)
The same as I thought. Tip, meet iceberg.
Re:xkydgtufhlofhil (Score:2, Funny)
Windows: "It's not a bug, it's a feature."
GNOME: "It's not a bug, it's a design decision."
Re:xkydgtufhlofhil (Score:3, Funny)
>In this case you could say that he's not only giving an example, but is testing the slashdot user comments code as well.
It's testing not just the user comments code, but also the moderation system code and the moderators themselves. In this case, it appears that he found a bug which causes the comment to be moderated Insightful by providing a certain combination of random characters as input. I will now attempt to replicate this problem.
______TEST DATA FOLLOWS______
TvaHokVAwgZGLrzPnDsIzHnKwuOOQEgaFskFJx-9JH@eIbwWSYhujyXDekeBP-9YQlfiZtdOZXlupfvy
UYXenTsWzzF#SScvbvWXtMMcbMg@xIsRC!OiViEDnt-9fQRGXEgvbfdlBATolRyiVYmcKyHi-9bLVcYx
JrPmw