SAN JOSE, Calif. -- Secure Computing Corporation (NASDAQ:SCUR), the experts in securing connections between people, applications and networks(TM), today warns that artificial intelligence (AI) software used in testing by a small number of software developers is now being widely used by hackers to find formerly undiscovered vulnerabilities.
These AI tools use a methodology referred to as "Fuzzing." This is an automated methodology for testing applications for bugs by checking allowed input for a given application and trying to force abnormal responses to see if unexpected results (bugs) can be generated. Once a bug is found, further research can determine if the bug can be exploited as a vulnerability and then be packaged as an exploit. Hackers are sharing their Fuzzing results in a collaborative effort in IRC chat rooms and in news groups to rapidly develop new threats. The large increase in application vulnerabilities that have recently been reported are thought to be a direct result of the use of Fuzzing tools. To further demonstrate the power of Fuzzing the vulnerability researchers at the Metaspolit Project are releasing a new vulnerability for MS Internet Explorer every day for the month of July.
"Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications," said Paul Henry, vice president of Strategic Accounts for Secure Computing. "Software vendors were already struggling to keep up with patches for software bugs; the use of Fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors' ability to respond with patches."
Secure Computing Corp. (Nasdaq: SCUR)