Tuesday, August 28, 2007

My Year at Digital Bond and Gifts that Keep On Giving



Although I have since sworn off fuzzing (I've been clean for quite some time, I promise) I was pleased to see that the small toolset I developed for fuzzing TPKT, COTP, and OSI protocols used by ICCP, MMS, and IEC61850 was released to vetted Digital Bond subscribers.

Bring on the clueless news stories.

Of course there were a lot of tragedy and comedy that happened behind the scenes (but none that trumped when the crappy Python fuzzer I wrote in CIAG back in 2002 was called "threat to national security" now that was truly a happy day and the tragedy? the frightening number of emails on the topic to various members of Cisco PSIRT arguing about whether or not said tool should ever see the light of day) that only a handful of folks will ever be privy to, but one of the more amusing anecdotes that is public (if you know the right google keywords) was when a private email I sent to board members of the UCA Foundation asking for contact information for a couple of the smaller SCADA vendors got posted their sharepoint site you can imagine the fun that was had by all end users started asking "what up with that?" to their vendors. And, no doubt, some heated emails were exchanged between myself and others. Ah, sweet memories.

No comments: