Thursday, March 08, 2007

security.apple.com/fuzzers (or why Apple is Smarter than Microsoft and Cisco)

At Apple they obviously have some internal site on fuzzing instead of googling all day long

xxxxxxx.apple.com - - [09/Mar/2007:00:20:15 +0000] "GET /secwiki/FuzzingTools HTTP/1.1" 200 36039 "http://security.apple.com/fuzzers" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3" "-"

But at Microsoft and Cisco they are still doing stupid shit like this:

xxxxxxxx.cisco.com - - [22/Jan/2007:07:10:11 +0000] "GET /secwiki/ISIC HTTP/1.1" 200 11929 "http://www.google.com/search?q=Mike+Frantzen+isic&hl=zh-CN&lr=&newwindow=1&start=10&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" "-"

or

xxxxxxx.microsoft.com - - [04/Jan/2007:04:47:16 +0000] "GET /secwiki/FuzzingTools HTTP/1.1" 200 45940 "http://www.google.com/search?hl=en&q=fuzzing+files" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" "-"

Sigh. Just imagine the sheer excitement of running ISIC over and over again on infinite number of IOS hardware/software combinations. The Horror....

No comments: