|
snupe
@
alphasnupe
Boston, MA
|
|
Computer Scientist; Reverse Engineer; Program Analysis; PL/FM; Hardware Security; Fuzzing; Rust; Former Research Professor; Aspiring Rapper
|
|
|
20
Tweets
|
640
Following
|
8,078
Followers
|
| Tweets |
| snupe retweeted | ||
|
Dr Heidy Khlaaf (هايدي خلاف)
@HeidyKhlaaf
|
Dec 15 |
|
In the past three years of working on large safety critical systems, I've learned that verification isn't the real problem, but it's writing specifications. Don't @ me. twitter.com/Conaw/status/1…
|
||
|
|
||
|
snupe
@alphasnupe
|
Dec 14 |
|
Oxide from @aatxe is interesting. See his paper and the related works section.
|
||
|
|
||
|
snupe
@alphasnupe
|
Dec 12 |
|
The key is that it takes a significant amount of time investment to be good at something, whether it be exploit dev or say boxing. Very few professors have real exploit dev experience, therefore it is difficult for them to really comprehend the necessary methods to teach.
|
||
|
|
||
| snupe retweeted | ||
|
John Regehr
@johnregehr
|
Sep 19 |
|
memory tagging should be a game changer for C and C++; get with the program, @intel and @apple!! pic.twitter.com/z2vXAtTb7z
|
||
|
|
||
|
snupe
@alphasnupe
|
Oct 26 |
|
Sure, but at what cost? ;)
|
||
|
|
||
|
snupe
@alphasnupe
|
Oct 26 |
|
Definitely not "unhackable", but pretty good memory safety.
|
||
|
|
||
|
snupe
@alphasnupe
|
Oct 26 |
|
Also, if memory serves correct, CHERI does not protect against data-only use after free attacks. So not exactly exact ;)
|
||
|
|
||
|
snupe
@alphasnupe
|
Oct 26 |
|
Well maybe you should broaden your scope a bit and look beyond memory safety? For instance, how does CHERI enforce a policy for a mission critical system such that X can never happen before Y?
|
||
|
|
||
|
snupe
@alphasnupe
|
Oct 9 |
|
The Rust programming language has significant potential to be impactful with respect to software security, particularly as the formal verification tools for the language mature.
|
||
|
|
||
|
snupe
@alphasnupe
|
Aug 15 |
|
Formal Methods is the answer to ending CPU side channel attacks: youtu.be/uIbPt1v6QKE
|
||
|
|
||
|
snupe
@alphasnupe
|
Aug 9 |
|
Bruce Schneier @schneierblog is trying to hawk @defcon badges. I guess times are rough bro?
|
||
|
|
||
|
snupe
@alphasnupe
|
Aug 8 |
|
It was just explained to me by a prominent security company that "symbolic execution" is the same thing as "dynamic taint analysis."
|
||
|
|
||
| snupe retweeted | ||
|
Stephen Watt
@uT_Infection
|
Mar 15 |
|
Pretty smart move of Beto to let the world know about his being a member of CDC.... that way when oppo research tries to dig up dirt from his past, nobody can accuse him of being a hacker!
|
||
|
|
||
| snupe retweeted | ||
|
andreasdotorg
@andreasdotorg
|
Jul 21 |
|
The 70s called, they want their Lisp Machine architecture back. twitter.com/epakskape/stat…
|
||
|
|
||
| snupe retweeted | ||
|
Renata Hodovan
@RenataHodovan
|
26 Jul 17 |
|
#fuzzing with grammar without writing grammar? New release of #grammarinator is out! #antlr github.com/renatahodovan/…
|
||
|
|
||
| snupe retweeted | ||
|
DARPA
@DARPA
|
Mar 14 |
|
ICYMI: we're bringing our SSITH hardware defenses to the 2019 & 2020 @defcon Voting Villages! SSITH aims to demo that correctly constructed electronics can be a substantive part of a system’s security by limiting the impact of errors made within the software stack. pic.twitter.com/JUAANXrMIg
|
||
|
|
||
| snupe retweeted | ||
|
Emin Gün Sirer
@el33th4xor
|
23 May 18 |
|
So many academics forget that our goal, as a profession, is *not* to publish papers. It's to change the world.
|
||
|
|
||
|
snupe
@alphasnupe
|
Jun 17 |
|
Contrary to popular belief, riscv-boom is vulnerable to Spectre attacks.
|
||
|
|
||
| snupe retweeted | ||
|
Dr Heidy Khlaaf (هايدي خلاف)
@HeidyKhlaaf
|
20 Nov 18 |
|
I never understood the fear mongering behind ML systems becoming self-aware. My first research project in Uni was on ML and I had the revelation that although powerful, they were utterly stupid, so I switched to PL. 10 years later, verifying DNNs, my god are they still stupid.
|
||
|
|
||
|
snupe
@alphasnupe
|
Jun 16 |
|
Perhaps the most underrated security/verification research: csail.mit.edu/research/kami-…
|
||
|
|
||