Reverse engineering patches making disclosure a moot choice?
When Microsoft released limited information on a critical vulnerability in Internet Explorer last month, reverse engineer Halvar Flake decided to dig deeper.
Using his company's tool for analyzing the differences in the patched and unpatched versions of a program, Flake pinpointed the portable networked graphics (PNG) vulnerability that Microsoft fixed with its latest update, locating the specific changes in less than 20 minutes.
By Robert Lemos at SecurityFocus.
[ Read more ]