Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
A trio of scholars who study the psychology and philosophy of science have written a fantastic paper for Springer’s Sythese looking at the way that climate change conspiracy theorists construct their view of the world, and how these conspiracy theories contain self-contradictory theses (like the idea that climate change can’t be predicted and the idea […]
Princeton University psych prof Susan Fiske published an open letter denouncing the practice of using social media to call out statistical errors in psychology research, describing the people who do this as “terrorists” and arguing that this was toxic because of the structure of social science scholarship, having an outsized effect on careers.
Blue writes, “Peter Watts has be stricken with debilitating pain, loss of range of motion and motor control. Watts’ doctors remain baffled despite a battery of tests, and Watts has reached out to his fans to ask for their theories and ideas as to what might be causing his illness.”
With this comprehensive course in App & Game Development for iOS and Android, you’ll be able to take full advantage of this career opportunity without committing to going back to school full time. You’ll learn how to build immersive, interactive games and apps from start to finish using Python, C#, Unity, and HTML—some of the most in-demand programming […]
CloudPress is a responsive WordPress theme builder that allows you to create a whole site in less than 30 minutes. CloudPress comes with tools like pre-built headers, content blocks, and footers—all you have to do is pick what you like, and drag and drop. With your subscription, you get access to 13 professionally designed WordPress themes, over 80 […]
If you own a dog, you’ve most likely heard of BarkBox – the monthly subscription box for dogs. What started as a simple idea to try out the subscription model on pet owners has since developed a cult following of dog lovers. If you haven’t given it a try yet, this one month free deal is the […]