Turns out we have a large index of the web, so we cranked through 20
terabytes of SWF file downloads followed by 1 week of run time on 2,000 CPU
cores to calculate the minimal set of about 20,000 files. Finally, those
same 2,000 cores plus 3 more weeks of runtime were put to good work
mutating the files in the minimal set (bitflipping, etc.) and generating
crash cases. These crash cases included an interesting range of
vulnerability categories, including buffer overflows, integer overflows,
use-after-frees and object type confusions.
on fuzzing Flash at "Google scale"
Is losing your genomic privacy an excessive price to pay for surviving cancer and evading plagues?
Is compromising your sensory privacy through lifelogging a reasonable price to pay for preventing malicious impersonation and apprehending criminals?
Is letting your insurance company know exactly how you steer and hit the gas and brake pedals, and where you drive, an acceptable price to pay for cheaper insurance?
USENIX 2011 keynote: Network Security in the Medium Term, 2061-2561 AD
to post comments)