| |
|
|
| |
|
|
Cramming Software With Thousands of Fake Bugs Could Make It More Secure, Researchers Say
It sounds like a joke, but the idea actually makes sense: More bugs, not less, could theoretically make a system safer. From a report:
Carefully scatter non-exploitable decoy bugs in software, and attackers will waste time and resources on trying to exploit them. The hope is that attackers will get bored, overwhelmed, or run out of time and patience before finding an actual vulnerability. Computer science researchers at NYU suggested this strategy in a study published August 2, and call these fake-vulnerabilities "chaff bugs." Brendan Dolan-Gavitt, assistant professor at NYU Tandon and one of the researcher on this study, told me in an email that they've been working on techniques to automatically put bugs into programs for the past few years as a way to test and evaluate different bug-finding systems. Once they had a way to fill a program with bugs, they started to wonder what else they could do with it. "I also have a lot of friends who write exploits for a living, so I know how much work there is in between finding a bug and coming up with a reliable exploit -- and it occurred to me that this was something we might be able to take advantage of," he said. "People who can write exploits are rare, and their time is expensive, so if you can figure out how to waste it you can potentially have a great deterrent effect."
Brendan has previously suggested that adding bugs to experimental software code could help with ultimately winding up with programs that have fewer vulnerabilities. |
|
|
|
| |
|
| There are no conversations. |
| |
|
|
|
|
| Miguel de Icaza |
The software patent problem is not limited to Mono. Software patents affect everyone writing software today. |
| Nomar Garciaparra |
Back then, my idol was Bugs Bunny, because I saw a cartoon of him playing ball - you know, the one where he plays every position himself with nobody else on the field but him? Now that I think of it, Bugs is still my idol. You have to love a ballplayer like that. |
| Thomas Aquinas |
To bear with patience wrongs done to oneself is a mark of perfection, but to bear with patience wrongs done to someone else is a mark of imperfection and even of actual sin. |
| Tony Fadell |
Well, you can say there is a self driving car. I'm seeing the automation of vehicles. Really, computer-assisted driving. I think that is really interesting to us because we are taking all of the sensors technologies and putting them in cars and making people safer. |
| Robert Anton Wilson |
All phenomena are real in some sense, unreal in some sense, meaningless in some sense, real and meaningless in some sense, unreal and meaningless in some sense, and real and unreal and meaningless in some sense. |
| Mike Ferguson |
America's doctors, nurses and medical researchers are the best in the world, but our health care system is broken. |
| Adam Davidson |
The America that I think most Americans would want, most economists on the right or left would want, is one in which a smart, ambitious, hardworking person without a huge amount of resources has a pretty good shot, in the end, of beating out a less smart, less ambitious, less hardworking rich person. |
| John Irving |
I write the last line, and then I write the line before that. I find myself writing backwards for a while, until I have a solid sense of how that ending sounds and feels. You have to know what your voice sounds like at the end of the story, because it tells you how to sound when you begin. |
| Swami Vivekananda |
Take up one idea. Make that one idea your life - think of it, dream of it, live on that idea. Let the brain, muscles, nerves, every part of your body, be full of that idea, and just leave every other idea alone. This is the way to success. |
| Steve Prefontaine |
Some people create with words or with music or with a brush and paints. I like to make something beautiful when I run. I like to make people stop and say, 'I've never seen anyone run like that before.' It's more than just a race, it's a style. It's doing something better than anyone else. It's being creative. |
|
|
|
|
What's the Most Sophisticated Piece of Software Ever Written?
An anonymous reader writes:
Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.
He writes...
|
| |
|
|
|
The software then checks to see if it can get on the Internet. If it can, it attempts to visit either http://www.mypremierfutbol.com or http://www.todaysfutbol.com . At the time, these servers were in Malaysia and Denmark. It opens an encrypted link and tells these servers that it has succeeded in owning a new PC. The worm then automatically updates itself with the newest version.
At this point, the worm makes copies of itself to any other USB sticks you happen to plug in. It does this by installing a carefully designed but fake disk driver. This driver was digitally signed by Realtek, which means that the authors of the worm were somehow able to break into the most secure location in a huge Taiwanese company, and steal the most secret key that this company owns, without Realtek finding ou...
This post is a comment.
|
| |
|
|
|
always knew this was possibleeee
Data exfiltrators send info over PCs' power supply cables
Malware tickles unused cores to put signals in current
f you want your computer to be really secure, disconnect its power cable.
So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurio...
|
| |
|
|
|
Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide
A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today's outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they've recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and ...
This post is a comment.
|
| |
|
|
|
Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws
Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google's elite security team. These are the ...
|
| |
|
|
|
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report.
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, T...
|
| |
|
|
|
|
Why are there a million bugs in every program I write?
|
| |
|
|
|
|
Goodbye Apache config file bugs!
|
| |
|
|
|
If you're interested... if you want to try and find bugs in the site I would actually really appreciate that.
This post is a comment.
|
| |
|
|
|
this is actually fixed. now the issue is there is probably a billion security bugs.
This post is a comment.
|
| |