Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
I can’t believe I have to write this, but maybe jamming other people’s shit up your ass isn’t a great idea. When done by medical professions, under very specific circumstances, a fecal transplant can mean the difference between life and death: implanting feces containing healthy gut microbiome into a patient’s body has been used by […]
Good news! This week, folks living in as far north as Michigan may get treated to a stunning light show as Auroras will be shining brighter and further away from the planet’s axis than usual. What a rare treat! The bad news: the same phenomenon that causes the Northern Lights to do their thing could […]
In 1990, once NASA’s twin Voyager probes had completed their grand tour of the solar system, it came time to shut off their cameras to preserve power and memory for the other scientific instruments onboard. But before that happened, there was one last photo opportunity not to be missed. Carl Sagan, a member of the […]
When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]
For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]
The web is a big place, but it’s by no means infinite where domain names are concerned. New domain seekers, in particular, are feeling the burn as .com domain names become increasingly saturated, forcing many to choose a second-rate domain name or rename their brand entirely.Opting for a .tech domain not only affords you a […]