Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
“A sneezing monkey, a walking fish and a jewel-like snake are just some of a biological treasure trove of over 200 new species discovered in the Eastern Himalayas in recent years,” reports the World Wildlife Foundation today.
Three scientists won the world’s top science prize today, for their “mechanistic studies of DNA repair.” Their work mapped how cells repair deoxyribonucleic acid (DNA) to prevent damaging errors from appearing in genetic information. Tomas Lindahl, Paul L. Modrich and Aziz Sancar today received the Nobel Prize in Chemistry for “having mapped and explained how […]
Maciej Ceglowski (previously) spoke to a O’Reilly’s Strata Big Data conference this month about the toxicity of data — the fact that data collected is likely to leak, and that data-leaks resemble nuclear leaks in that even the “dilute” data (metadata or lightly contaminated boiler suits and tools) are still deadly when enough of them […]
Watching Netflix, Hulu or other streaming services can unfortunately be difficult while traveling outside the US. Rather than bypass these restrictions with the help of a complex and slow VPN, choose a faster and simpler solution with Getflix. Instead of rerouting all your Internet traffic through a different server, this handy service only routes the […]
Shake, stir, and muddle your way to delicious homemade cocktails with this must-have bar set. Expect only the finest quality tools from MakersKit — enabling you to unleash your inner mixologist.Top 12 Favorite Things of 2014, Sunset MagazineQuart-size vintage-style Mason jar shakerRetro double jigger for accurate measurementsStrainer & spouts for a mixologist-style smooth pourHardwood muddler […]
The Lytro Illum dares to be different, boasting even more robust features than its first generation predecessor and a sleek design reminiscent of professional DSLRs. What’s so cool about it? Most cameras capture the position of light rays, producing a statoc 2D image.