Automatic Exploit Generation

This somewhat scary story could up the arms race between software producers and black-hat hackers. The concept is that by comparing two versions of the same program, one with a flaw, and one with that flaw patched, you can automatically generate code that exploits that flaw.

It’s (hopefully) a way off being an immediate and active threat, but it could mean that services such as Windows Update could themselves act as a resource for those looking for exploits.

Possible repercussions might (and I’m guessing here) include techniques that make it more difficult or expensive for hackers to use this technique, such as reducing users right to choose when to install security updates, attempting to introduce false positives to slow hackers down, or increasing the the number of changes bundled with each release.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: