Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
Periodic Stats is a dead-easy web-based Periodic Table to click around, showing all the stats and the history of each element. The only thing missing are illustrations of each one! [via Reddit]
To demonstrate the Magnus effect, YouTuber PeterSripol grabbed a couple of KFC buckets and tricked out an RC plane. The resulting trial and error is mostly the latter.
One of the weirdest places in Antarctica is Blood Falls, a five-story cascade of blood-red liquid pouring from Taylor Glacier. Researchers finally traced its source: a saltwater lake millions of years old trapped under the glacier.
Bamboo has lots of uses beyond just being panda food. Things like bikes, roads, scaffolding, and musical instruments are made from the fast-growing grass. But unless you are participating in a tropical-themed LARP, you probably wouldn’t want a shirt made from bamboo stalks. So why do bamboo bed sheets make any sense? Because yarn extracted from […]
If you want to work in tech, but don’t have any desire to code web apps to help businesses sell things to other business, you might want to consider a career in cybersecurity. Judging from the apparent complete infiltration of Russian hackers in American cyberspace, it seems fair to speculate that there’s a major shortage of […]
All moms are different. But all moms like getting flowers on Mother’s Day, and that’s a fact (not, however a fact we can document in any fashion.) Instead of getting chewed out for forgetting to call her on the second Sunday of May, you can take care of it ahead of time with Teleflora’s flower […]