Sergey Bratus on Learning from Hackers

March 10th, 2010

I just saw Sergey Bratus’s talk at TROOPERS 10. He’s an interesting guy, and his talk was good. He’s a CS professor at Dartmouth, and he’s actually making an effort, on behalf of the academic community, to inject some genuine security clue into the education of CS students. He obviously has a tough topic to address, but he looks like he’s on the right track to me.

One thing he pointed out is that a lot of vulnerabilities over the years have actually resulted from the accidental creation of Turing-complete systems. (He has a nice Cthulu slide making the point.)

It struck me that one goal of “secure programming” would be the avoidance of the creation of Turing-complete systems. It’s a crazy world when it’s harder to avoid the creation of such a system than it is to actually create one.

Anyway, Marsh and I are speaking in a couple of hours. If you’re here, come by and bring your rotten tomatoes!

Un-twittering my blog

March 10th, 2010

Sorry for all of the blog spam; I had experimented with the idea of auto-posting my tweets to my blog, on the theory that I rarely tweet, and it tended to be the same sort of thing I’d have posted here. Turns out that I tweet more often than I thought, and generally about pretty useless stuff. :-)

On the upside, at least three people complained about it in the last 12 hours, so obviously someone still reads my blog! Heh…

Fixed. Noted for future reference. Thanks.

RT @marshray: @WEareTROOPERS I…

March 9th, 2010

RT @marshray: @WEareTROOPERS In Heidelberg for #troopers10 anyone going out? <– Headed to Untere Straße. +41 79 843 96 82 to meet up

OpenSSL site is back up. Here’…

March 9th, 2010

OpenSSL site is back up. Here’s the rfc5746 announcement: http://bit.ly/buleD4

Heidelberg-bound

March 8th, 2010

I’m getting ready to head out to Heidelberg, Germany with Marsh to attend TROOPERS10. Marsh and I are finally doing a more technical version of the TLS talk. It should be a great time!

If you’re going to be in the area (Heidelberg or northern Switzerland, where I’m flying in/out of), drop me a line!

Oh yeah, and Apahce 2.2.15 – w…

March 8th, 2010

Oh yeah, and Apahce 2.2.15 – with safe renegotiation support. Doesn’t look like it got backported to 2.0, which is vulnerable.

Looks like OpenSSL 0.9.8m was …

March 8th, 2010

Looks like OpenSSL 0.9.8m was released, with support for safe renegotiation (RFC 5746). But,, openssl.org is down. Popular release? :-)

Neat: SMS question to GOOGLE (…

March 7th, 2010

Neat: SMS question to GOOGLE (e.g., “wal-mart, leawood, KS”) and get an answer w/ ph#, address, and maps link.

iphone re-unlocked. blacksn0w …

March 7th, 2010

iphone re-unlocked. blacksn0w ftw!

Insane: SSL is so broken that …

March 7th, 2010

Insane: SSL is so broken that even Schneier thinks it’s useless. Or something like that? :-) http://bit.ly/d4DEY5