Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
Thirty years ago today, the Voyager 1 spaceprobe had completed its ncounters with the outer planets and was careening out of our solar system. The time came to shut off the probes’ cameras to preserve power and memory for the other onboard scientific instruments. But before engineers flipped the switch, one last photo opportunity was […]
While scientists have studied Moon rocks for 50 years, researchers have for the first time conducted deep analysis on a single grain of lunar dust, atom by atom. Using a common materials science technique called atom probe tomography that’s not widely used by geologists, the Chicago Field Museum’s Jennika Greer and colleagues probed the grain […]
This is so amazing. Watch what happens when a blacksmithing anvil is lowered into a large vat of pure liquid mercury. Update: One of our readers posted the link to the original video in the comments. I have replaced the animated GIF. Thanks, Crispy75. [H/t Alberto Gaitán via Bryce Lynch] Image: Screengrab from GIF
If you remember your Norse mythology (or just watched Marvel’s Thor movies), you’re probably familiar with Heimdal, the god whose ever-watchful eye was entrusted with protecting the home of the gods in Asgard. Back on Earth, Heimdal Thor is also the name of a security package from Heimdal Security, that’s actually dedicated to much the […]
Everyone’s got their nose in a phone these days, and that doesn’t seem like it’s going to change anytime soon. With the increase in mobile device and e-commerce reliance comes increased need for developers who can build the apps we’re all so glued to. In fact, employment of devs is expected to grow up to […]
Whether you love cooking at home or you swore this was going to be the year you curbed your DoorDash addiction, you know you can’t get the job done well without the proper tools on hand. For all your recipe and meal prep needs, this 3-piece Sukasu Osami Chef’s Knife set will do you right […]