Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
Beatboxer Tom Thum had ENT doctor and laryngeal surgeon Dr Matthew Broadhurst shine an endoscopic camera down his throat while beatboxing: “I wanted to find out how my larynx functioned when beatboxing compared to how it functions normally with speech, and whether or not there were any abnormalities in my laryngeal anatomy. I also had […]
Gastric bypass surgery is remarkably effective at promoting weight-loss (it cuts the long-term risk of early death from morbid obesity by 40%), and it’s long been presumed that the major action by which it worked was that, by bypassing the parts of the gut where most food absorbtion takes place, it limited the calories that […]
Timothy writes, “Diego Gómez is a Colombian conservation biologist. When he was a college student, he shared a single research paper online so that others could read and learn from it, just as he did. Diego was criminally prosecuted for copyright infringement, and faced up to 8 years in prison.”
If you are camping during rainy season, or just want a TSA-approved lighter, these plasma torches make perfect travel companions. These gas-free lighters create a small plasma beam that’s safer than butane to use and more environmentally friendly. It creates a super-hot, splashproof flame so you can get a campfire going, or have a smoke […]
If you don’t want to get stuck footing the bill for a hit and run, this dashboard-mounted camera offers up to 2K resolution to make sure you always have a reliable witness, and it’s available in the Boing Boing Store for 30% off it’s usual price.The PapaGo mounts unobtrusively to your windshield to see everything […]
While some people still maintain that everything in Apple’s walled garden “just works” and is immune to the rampant malware of the Windows world, the reality is different. The Mac’s growing market share has made it a much more viable target for malicious actors, and its built-in tools aren’t always enough to fix things. Drive […]