Legitimate software routines designed to test out vulnerabilities and bugs in software are openly being used maliciously by code crackers and cyber-criminals (don’t get me started on the popular press using the word ‘hacker’ to mean ‘criminal’ – that’s a late-night debate that requires a stiff drink) to break into computer systems.
Artificial Intelligence (AI) software uses a technique known as ‘fuzzing’ to check for bugs and try to force abnormal responses – the same kind of thing a software cracker might want to do to break into a secure site or get your credit card number.
Apparently these exploits are readily shared in chat rooms and news groups.
"Software vendors were already struggling to keep up with patches for software bugs. The use of fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors’ ability to respond with patches," said Paul Henry, vice president of strategic accounts at Secure Computing.
Potentially worrying stuff, yet again highlighting legitimate tools being used for illegitimate gains.