Tags  
December 2011
SunMonTueWedThuFriSat
     1  2  3 
 4  5  6  7  8  9  10 
 11  12  13  14  15  16  17 
 18  19  20  21  22  23  24 
 25  26  27  28  29  30  31 
Nov  |  Today  |  Jan


Today | RSS | RDF | Atom | Other


 

Advanced Search


Recent Blog Entries










Powered by Pebble
<< Book Review: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edition | Home
Book Review: A Bug Hunter's Diary
A Guided Tour Through the Wilds of Software Security
Dec 15, 2011
Tobias Klein's collected stories on finding code bugs is a short but dense and engaging read. Through a series of eight journal entries, Klein explains his process of logical inference and methodical testing to reveal real-world software bugs, all of which might have been ripe exploits in the wrong hands at the right time.

What's impressive, on first blush, is the range of computing platforms on which Klein's techniques pay off: media players, the Sun Solaris system call interface, a browser-based conference tool, Mac OS X kernel code, and a jail-broken iPhone, to name most of them. It seems so matter-of-fact and effortless, at some points, that all that seems missing are more people to do this same work. The concepts he begins with are simple, the techniques and their attendant logic -- none of it is surprising.

But for all the appearance of ease Klein projects on his subject platforms, it has little to do with an enormous capacity for details or a penetrating genius. These stories reveal instead an adept, persistent researcher who knows his tools and relies on the realities of stack- and library-based software development to create opportunities for him. Klein's real asset is a hunter's stamina, patience, and certitude that his prey is never far off. It simply takes some number of hours, carefully poring over thousands of lines of unremarkable code, to find a hint that turns into a trail that leads to an exploit.

Klein's perseverance and passion for this game are key gifts. A Bug Hunter's Diary is fun to read in part because we tune in at the dramatic turns, if you will, of each story. What deductions Klein gleans from each turn follows logically from his preparation and his methods. What also seems to help is the muted pleasure he gets from his work. He has not met a codebase he didn't like, or so I would guess.

Good, concise narration aside, these accounts won't interest readers with no taste for code review. Those easily put off by a heaping handful of details one has to mind in following the longer entries won't enjoy the ride much either. For the rest, there is something to learn from each example and more than a few valuable insights scattered along each trail. The rewards will add up for any attentive and thoroughgoing reader.

Note: If you're interested in texts that discuss the tools, processes and methods that inform this kind of work, I like Kris Kaspersky's books, Shellcoder's Programming Uncovered and Hacker Disassembling Uncovered. Do Kris a solid and buy them if you like what you see.

Tags : , , , , ,
TrackBacks[0] Comments[9]

Reply | Permalink Re: Book Review: A Bug Hunter's Diary
christian louboutin boots are now available online for discounted prices. christian louboutin pumps is one of the most recognized name brands in the world of high fashion. You will find A-list celebrities such as Sarah Jessica Parker, Janet Jackson and Nicole Kidman wearing christian louboutin wedges. Since it's conception, the louboutin boots has been produced into a variety of designs, colors, shapes, and styles that have won top picks of millions of women the world over. You are sure to find something of your liking when shopping from either a christian louboutin shoes store or outlet for. Many of the listed discount christian louboutin found in the main stores or department stores can be found in the outlets, so get out there and start shopping! A great place to shop for gorgeous christian louboutin sandals is online. Shopping online will save you up to 70% on all of the latest christian louboutin shoes styles. For those of you wanting to save big bucks on your christian louboutin uk, try shopping online. You can find great buys and save on the hottest designer christian louboutin slingback through online auctions.
Comment from christian louboutin shoes on March 6, 2012 8:47:58 PM PST
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
even although elegance arrives through the inside, it is most totally assisted with some methods through the outside, for example pleaser increased heels from the best customized brand.
Comment from cheap louboutin shoes on March 12, 2012 12:42:13 AM PDT
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
Hatfield that have been developed to Jordan Fridays inspiration from World War II P-51 Mustang fighter, New Nike Air Jordan 13(XIII) on sale which is most visible at the end of the shark teeth shapes. Air Jordan V retroed in 2000 in great demand, including Michael Jordan high school, 100% Authentic Nike Air Jordan XIV (14) Basketball Shoes a new feature (Ranney high) color matching. 2006 several re-retro Fridays have been published, including the very popular LS "Grape" Fridays in the LS Burgundy Fridays, "popular" fire red "Fridays in the" green beans " Fridays, and "Stealth Blue" [11] V-'s. Nike Air Jordan 14 ( XIV ) Retro Cheap nike air jordan 14 shoes With the latter, a very limited laser design, black / metallic / fire red [12] color in early 2007 release. Jordan in May 2009, confirmed that "DMP II" the release of two composition of the Jordan V's. Nike Air Jordan 15 ( XV ) Nike Air Jordan Retro 15 Nike Air Jordan 15 for sale In March this year, existing products, which also is known as "Raging Bull" Pack a recent photo leak. Most of the pictures leaked is the way of the Jordan to five colors, including the composition of butter varsity red suede uppers. Pairing an eye-catching color is black bottom, lace area, tongue, and crystal-like clean only classic 3M material tongue. [13] The second color way, 100% Authentic Nike Air Jordan XVI (16) Basketball Shoes Cheap Jordan 16 Shoes Nike Air Jordan 16 Shoes for sale black laces and midsole 3M material base. The retail price of $ 310. [14] in the third quarter of 2011 ", it was confirmed that the Jordan brand will launch a new package Jordan retro" Lenny "and" grape "color.
Comment from Anonymous on March 18, 2012 10:46:12 PM PDT
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
Birkenstock
Comment from Birkenstock on April 10, 2012 7:05:13 PM PDT
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
Abercrombie et Fitch est reconnu comme un magasin spécialisé de vêtements sport pour hommes, femmes, et enfants. Ses boutiques de vêtements sportswear décontracté fournir, qui se compose de chemises tricotées et tissées, des graphiques T-shirts, polaires, jeans et pantalons tissés, shorts, chandails, vêtements de plein air et, ainsi que des articles personnels et recours alternatives et add-ons sous Abercrombie et Fitch, Abercrombie, Abercrombie, et les marques Ruehl.
Comment from Abercrombie on April 18, 2012 8:23:57 PM PDT
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
En outre, l'institution gère des boutiques et directe aux consommateurs des opérations offrant soutiens-gorge, sous-vêtements, les produits personnels, recours et vêtements de nuit et à domicile les articles et les alternatives pour les femmes sous la marque Gilly Hicks.
Comment from Abercrombie on April 18, 2012 8:24:13 PM PDT
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
Hogan sta cambiando senza alcun arresto e questo può essere visto negli spettacoli Hogan negli ultimi anni. Molti elementi speciali sono assorbiti dal Hogan.Hogan ha una tradizione molto speciale che ogni stagione, Hogan opererà in collaborazione con un designer eccellente e di talento. Questa stagione, Hogan collaborerà con Karl Lagerfeld, un talentuoso e famoso nel settore moda.
Comment from Hogan on April 19, 2012 1:25:07 AM PDT
Reply | Permalink Re: Book Review: A Bug Hunter's Diary
Spiegate ai vostri requisiti attuali. Infine, è saggio trova sul proprio come uno specializzato saggio. Assicurati che il tuo attuale produttore di fermezza può essere sicuro di sé, senza titolo di testa grossa. Spesso ricontrollare il vostro attuale struttura frase con traslitterazione. Un sacco di autori si ha riferito che non può certo prendersi cura di scrittori freelance che non dimostrano certo piacere ampia del loro operare per allenarsi su un correttore ortografico! Last but not least, Toot il clacson!
Comment from Hogan on April 19, 2012 2:08:11 AM PDT
Reply | Permalink mulberry factory shop
There are a lot of styles of shoes you can choose from if you are like most modern folks, Custom sneakers are a must! But where to find the sweetest deals and the latest custom kicks?
Comment from mulberry factory shop on May 18, 2012 9:04:07 PM PDT


Add a comment

Title
Body
HTML : b, i, blockquote, br, p, pre, a href="", ul, ol, li
Math Quiz 1 + 5 = (Helps stop blog spam)
Name
E-mail address
Website
Remember me Yes  No 

E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

TrackBack to http://radio.javaranch.com/michael/addTrackBack.action?entry=1323995357220

Powered by Pebble 1.9.1 [ Login ] Content © Michael Ernest