DARPA's Machine Challenge Solves CrackAddr Puzzle
Mike Walker, the DARPA program manager responsible for the Cyber Grand Challenge, details how autonomous systems solved a decade-old security challenge. [VIDEO]
Seven autonomous supercomputers faced off against each other in DARPA's Cyber Grand Challenge (CGC) event on the first day of the DEFCON security conference. In the end, a system known as 'Mayhem' won the $2 million grand prize and in the process helped solve a decade-old security challenge that revolved around detecting a particular type of vulnerability.
Mike Walker, the DARPA program manager responsible for CGC, commented during a press conference that some bugs are so well known that they become famous. One such example is CrackAddr, the name of a function that can split up parts of an email address.
In 2005 it was in Sendmail, which was widely deployed at the time. Within Sendmail there was a bug that Walker referred to as a "complex loop satisfaction" bug, involving an enormous number of inputs, although only one at the end can cause an exceptional system condition.
"The bug became famous in 2010 when a researcher named Halvar Flake presented a paper of CrackAddr. He said a person found the flaw in 2005 and yet there still isn't automation that can find it," Walker said.
Flake's CrackAddr challenge went unaswered until last week's CGC event, where the big autonomous systems were able to detect and remediate the flaw in real time, without any human interaction.
Watch the full video with Mike Walker below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.