Alert Africa | Researchers Earn $100 000 For Detecting Vulnerabilities and Creating a Tool To Fix Them
6541
post-template-default,single,single-post,postid-6541,single-format-standard,ajax_updown_fade,page_not_loaded

Researchers Earn $100 000 For Detecting Vulnerabilities and Creating a Tool To Fix Them

Researchers Earn $100 000 For Detecting Vulnerabilities and Creating a Tool To Fix Them

Posted by Msizi in Cyber security, Vulnerabilities

Facebook’s Internet Defence Prize is an initiative created by Facebook to reward and fund internet security research focusing on defence and protection. Last year a prize of $50 000 was paid to 2 individuals of Ruhr University in Bochum, Germany for their paper on “Static Detection of Second-Order Vulnerabilities in Web Applications”.

 

The team, consisting of two Ph.D. students and two professors from Georgia Tech identified new memory-corruption vulnerabilities in browsers and developed techniques for detecting them. The team’s paper, titled “Type Casting Verification: Stopping an Emerging Attack Vector” “explains a newly discovered class of C++ vulnerabilities and introduces CaVeR, a runtime bad-casting detection tool” according to an article by Threatpost.

 

Type casting is a form of data type conversion and it allows the implied conversion of one data type to another. CaVeR’s purpose is to monitor the level of a browser’s performance and make use of a new mechanism (the type hierarchy table) that traces the active browser to overcome the problems of existing approaches and to verify type-casting dynamically.

 

Facebook hopes the prize money encourages the team to continue working with CaVeR and make it accessible and reusable on a greater scale. The program has already identified two bad casts in Firefox and another in libstdc++, the GNU (a free operating system) standard C++ library used in the Chrome browser, thus resulting in the vulnerabilities being patched. They also hope that it will encourage more research targeting meaningful bugs affecting a lot of people on the internet.

 

[Source: https://threatpost.com/facebook-awards-100000-for-new-class-of-vulnerabilities-and-detection-tool/114252]
13 Aug 2015 no comments

Post a comment