Fuzzing to find a zero day
Consideration of software flaws and hackers is often a secondary priority for software developers, who often value sales and novel applications over security, some critics say.
One of the ways hackers try to find vulnerabilities in software or operating systems is by "fuzzing," inserting random data fed to programs until they crash.
A software program, the fuzzer is designed to launch the fuzz attacks, track the crashes and collect the details.
The hacker is on the lookout for zero days, software flaws that can enable a hacker to substitute his own commands and take control of a computer or network.
The attack, or exploit, begins as the attacker leverages the flaws that can be made to run commands. These commands typically include directions to download and install malicious software known as malware.
Sometimes the exploit is sent directly to a targeted system. Hackers also rely on a kind of manipulation, known as "social engineering," to trick a victim into downloading a file containing the exploit from a Web site or e-mail attachment.
Although everything may seem normal, the exploit takes over, or "pwns," the computer or devices, giving the hacker control.
GRAPHIC: Patterson Clark and Robert O'Harrow Jr. - The Washington Post. Published June 3, 2012.