|
snupe
@
alphasnupe
Boston, MA
|
|
Computer Scientist; Reverse Engineer; Program Analysis; PL/FM; Hardware Security; Fuzzing; Rust; Former Research Professor; Aspiring Rapper
|
|
|
20
Tweetovi
|
739
Pratim
|
8.075
Osobe koje vas prate
|
| Tweetovi |
| snupe proslijedio/la je tweet | ||
|
Dr Heidy Khlaaf (هايدي خلاف)
@HeidyKhlaaf
|
15. pro |
|
In the past three years of working on large safety critical systems, I've learned that verification isn't the real problem, but it's writing specifications. Don't @ me. twitter.com/Conaw/status/1…
|
||
|
|
||
|
snupe
@alphasnupe
|
14. pro |
|
Oxide from @aatxe is interesting. See his paper and the related works section.
|
||
|
|
||
|
snupe
@alphasnupe
|
13. pro |
|
The key is that it takes a significant amount of time investment to be good at something, whether it be exploit dev or say boxing. Very few professors have real exploit dev experience, therefore it is difficult for them to really comprehend the necessary methods to teach.
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
John Regehr
@johnregehr
|
19. ruj |
|
memory tagging should be a game changer for C and C++; get with the program, @intel and @apple!! pic.twitter.com/z2vXAtTb7z
|
||
|
|
||
|
snupe
@alphasnupe
|
27. lis |
|
Sure, but at what cost? ;)
|
||
|
|
||
|
snupe
@alphasnupe
|
27. lis |
|
Definitely not "unhackable", but pretty good memory safety.
|
||
|
|
||
|
snupe
@alphasnupe
|
27. lis |
|
Also, if memory serves correct, CHERI does not protect against data-only use after free attacks. So not exactly exact ;)
|
||
|
|
||
|
snupe
@alphasnupe
|
27. lis |
|
Well maybe you should broaden your scope a bit and look beyond memory safety? For instance, how does CHERI enforce a policy for a mission critical system such that X can never happen before Y?
|
||
|
|
||
|
snupe
@alphasnupe
|
10. lis |
|
The Rust programming language has significant potential to be impactful with respect to software security, particularly as the formal verification tools for the language mature.
|
||
|
|
||
|
snupe
@alphasnupe
|
15. kol |
|
Formal Methods is the answer to ending CPU side channel attacks: youtu.be/uIbPt1v6QKE
|
||
|
|
||
|
snupe
@alphasnupe
|
10. kol |
|
Bruce Schneier @schneierblog is trying to hawk @defcon badges. I guess times are rough bro?
|
||
|
|
||
|
snupe
@alphasnupe
|
8. kol |
|
It was just explained to me by a prominent security company that "symbolic execution" is the same thing as "dynamic taint analysis."
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
Stephen Watt
@uT_Infection
|
16. ožu |
|
Pretty smart move of Beto to let the world know about his being a member of CDC.... that way when oppo research tries to dig up dirt from his past, nobody can accuse him of being a hacker!
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
andreasdotorg
@andreasdotorg
|
21. srp |
|
The 70s called, they want their Lisp Machine architecture back. twitter.com/epakskape/stat…
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
Renata Hodovan
@RenataHodovan
|
26. srp 2017. |
|
#fuzzing with grammar without writing grammar? New release of #grammarinator is out! #antlr github.com/renatahodovan/…
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
DARPA
@DARPA
|
14. ožu |
|
ICYMI: we're bringing our SSITH hardware defenses to the 2019 & 2020 @defcon Voting Villages! SSITH aims to demo that correctly constructed electronics can be a substantive part of a system’s security by limiting the impact of errors made within the software stack. pic.twitter.com/JUAANXrMIg
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
Emin Gün Sirer
@el33th4xor
|
23. svi 2018. |
|
So many academics forget that our goal, as a profession, is *not* to publish papers. It's to change the world.
|
||
|
|
||
|
snupe
@alphasnupe
|
17. lip |
|
Contrary to popular belief, riscv-boom is vulnerable to Spectre attacks.
|
||
|
|
||
| snupe proslijedio/la je tweet | ||
|
Dr Heidy Khlaaf (هايدي خلاف)
@HeidyKhlaaf
|
20. stu 2018. |
|
I never understood the fear mongering behind ML systems becoming self-aware. My first research project in Uni was on ML and I had the revelation that although powerful, they were utterly stupid, so I switched to PL. 10 years later, verifying DNNs, my god are they still stupid.
|
||
|
|
||
|
snupe
@alphasnupe
|
16. lip |
|
Perhaps the most underrated security/verification research: csail.mit.edu/research/kami-…
|
||
|
|
||