This bot hunts software bugs for the Pentagon

by
WIRED
from Ars Technica - All content on (#54DQ3)
CGC_mayhem.jpg-640x424.jpeg

Late last year, David Haynes, a security engineer at the Internet infrastructure company Cloudflare, found himself gazing at a strange image. It was pure gibberish," he says. A whole bunch of gray and black pixels, made by a machine." He declined to share the image, saying it would be a security risk.

Haynes' caution was understandable. The image was created by a tool called Mayhem that probes software to find unknown security flaws, made by a startup spun out of Carnegie Mellon University called ForAllSecure. Haynes had been testing it on Cloudflare software that resizes images to speed up websites and fed it several sample photos. Mayhem mutated them into glitchy, cursed images that crashed the photo-processing software by triggering an unnoticed bug, a weakness that could have caused headaches for customers paying Cloudflare to keep their websites running smoothly.

Cloudflare has since made Mayhem a standard part of its security tools. The US Air Force, Navy, and Army have used it, too. Last month, the Pentagon awarded ForAllSecure a $45 million contract to widen use of Mayhem across the US military. The department has plenty of bugs to find. A 2018 government report found that nearly all weapons systems the Department of Defense tested between 2012 and 2017 had serious software vulnerabilities.

Read 14 remaining paragraphs | Comments

index?i=Xf9YPqvg6m8:BCI9OXNeTAc:V_sGLiPB index?i=Xf9YPqvg6m8:BCI9OXNeTAc:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments