Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
University of Zurich researchers used transcranial magnetic stimulation, a noninvasive method of inhibiting activity in parts of the brain, to “turn off” people’s ability to control their impulses. They focused on the temporoparietal junction, an area of the brain thought to play an important role in moral decisions, empathy, and other social interactions. They hope […]
Are you jonesing for a dose of optimism and possibility? In the mood to contemplate the cosmos? Want to experience a musical message for extraterrestrials the way it was meant to be played? The Voyager Golden Record: 40th Anniversary Edition, a project I launched with Timothy Daly and Lawrence Azerrad, is a lavish vinyl box […]
In Rich do not rise early: spatio-temporal patterns in the mobility networks of different socio-economic classes, a group of transportation engineers analyze an open data-set about the commutes of people in the Colombian cities of Medellín and Manizales, concluding that the rich and the poor commute the furthest distances, but that the rich have much […]
From self-driving cars to stock market predicting software to the recommendations you get on Amazon and Netflix, machine learning is at the core of modern technology. You could find yourself building technology that is literally changing the world with the skills you’ll learn in The Complete Machine Learning Bundle. This bundle of 10 courses includes 406 lessons that will teach […]
This Python Mega Course will help you learn to code by teaching you to build 10 real-world apps that each highlight a unique use of Python.Job prospects for coders are still growing steadily—and with Python being one of the most popular coding languages out there today, it’s important for job seekers to demonstrate a widespread understanding of the […]
The Atmos R2 may be bigger than the brand’s previously-released vapes, but we argue that in this case it’s definitely a good thing. A bigger heating chamber means more room for packing it full. And the bigger battery means longer, more fulfilling vape sessions. In fact, you can use the Atmos R2 for up to about 25 […]