Botnets Could Meet Their Match in Mayhem

[uk666 5,298]

Botnets Could Meet Their Match in Mayhem

 

 

Software called Mayhem that won a $2 million Pentagon hacking prize is being prepared to go to work fixing up the Internet.

 

Last summer the Pentagon staged a contest in Las Vegas in which high-powered computers spent 12 hours trying to hack one another in pursuit of a $2 million purse. Now Mayhem, the software that won, is beginning to put its hacking skills to work in the real world.

 

Mayhem was created by security startup ForAllSecure, cofounded by Carnegie Mellon professor David Brumley and two of his PhD students. Brumley says the company has started adapting Mayhem to be able to automatically find and patch flaws in certain kinds of commercial software, including that of Internet devices such as routers.

 

Members of the ForAllSecure team are the presumptive winners of the Cyber Grand Challenge with their computer program called Mayhem.

 

Tests are underway with undisclosed partners, including an Internet device manufacturer, to see if Mayhem can help companies identify and fix vulnerabilities in their products more quickly and comprehensively.

 

The focus is on addressing the challenge of companies needing to devote considerable resources to supporting years of past products with security updates. Late last year, hackers used a massive botnet of compromised Internet devices such as cameras to take down sites including Reddit and Twitter.

 

“Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks—or never—until a patch is put out,” says Brumley. “Imagine a world where the first time a hacker exploits a vulnerability he can only exploit one machine and then it's patched.”

 

Last year, Brumley published results from feeding almost 2,000 router firmware images through some of the techniques that powered Mayhem. Over 40 percent, representing 89 different products had at least one vulnerability.

 

The software found 14 previously undiscovered vulnerabilities affecting 69 different software builds. ForAllSecure is also working with the Department of Defense on ideas for how to put Mayhem to real world use finding and fixing vulnerabilities. computerworld

 

 

 

[Disassembled 249]

The continual arms race marches on. A solution is found to fix or patch one item and three more are found in a global effort by hackers to penetrate systems.

 

One of the largest contributors to this is the Windows monoculture. At over 80% of all computers world wide running Windows, the hacker goes for the biggest splash for the effort.

 

Thank you for the post uk666. It's largely through efforts such as yours to inform those that don't read such articles that a wider public is educated to the perils of computer vulnerabilities.