SlideShare ist ein Scribd-Unternehmen logo

Bugs Aren't Random

‱Als ODP, PDF herunterladen‱
‱
Dan Kaminsky
Dan Kaminsky

Unifying Building and Breaking

Internet
1 von 66
BUGS AREN’T RANDOM Unifying Building and Breaking In The Modern Age Dan Kaminsky Chief Scientist White Ops
Hello China! ïŹ Thank you DEFCON, for supporting me for almost two decades ïŹ Thank you Baidu. Only DEFCON could go to China, and you helped make that happen. ïŹ Thank you for coming :) This is my first time to your lovely country!
SO! ïŹ This is a keynote, so I’m supposed to inspire you ïŹ This is a technical talk, so there’s going to be actual lines of code on this actual screen (I promise) ïŹ The goal: Connect a series of concepts you may never have thought were linked ïŹ Consider this a “Skydive” − Start with a birds eye view − Dive headfirst into the weeds − Get ourselves a bugs eye view
60 Frames Per Second ïŹ I have a “hobby” around human perception − Ask me about Color Blindness sometime ïŹ There’s a myth that people see at 60 frames per second − Works OK for video games, makes people quite sick in VR ïŹ Not real − Obviously mythological, we don’t see in frames at all, our eyes jiggle around a lot and our brain dreams something up − It’s why we can dream − Lots of experiments show the average person seeing well past 60 ïŹ But why 60?
My Traditional Answer, ”Why 60fps?” “1940’s television technology, that’s just how fast TV’s used to run.” Correct, but incomplete.
My Traditional Answer ïŹ
Oh. I’m used to technology having its own clocks (quartz crystals). Turns out you can just use the power lines as a clock. (Can != Should)
So... We didn’t make TV’s 60fps for human vision We made TV’s 60fps because there was a 60hz clock handy Why was it 60fps?
Power was 60hz Because 1890’s and Physics Were ïŹ The induction motor was found to work well on frequencies around 50 to 60 Hz, but with the materials available in the 1890s would not work well at a frequency of, say, 133 Hz. ïŹ (Wikipedia, Utility Frequency)
So... So is 60fps nothing to do with human vision, and everything to do with 1890’s technology?
So... “There is a fixed relationship between the number of magnetic poles in the induction motor field, the frequency of the alternating current, and the rotation speed.” 60hz wasn’t just 1890’s tech. It’s also physics.
We’re Made Of Physics Too ïŹ Human vision comes from the brain ïŹ The brain circulates electromagnetic signals ● Gamma waves work at 25-100hz ïŹ PURE SPECULATION, but it’s sort of cool to go from: − 60 fps = rate human brain implements human vision − 60 fps = tricking human vision w/ television − 60 fps = timing television with spinning magnets − 60 fps = spinning magnetics at the same rate as the human brain
You might be thinking ïŹ What could this possibly have to do with bugs? − We don’t necessarily know why things are the way they are − Usually we do things because we’ve been doing them − Sometimes what we’ve been doing is good enough, sometimes what we’ve been doing is bad but nobody realizes where the bugs are ïŹ I like figuring out why − Stay intellectually honest, and you’ll find cool stuff − Know you’re speculating!
No Really, Speculative Execution Bugs ïŹ Spectre and Meltdown ïŹ Best explanation: “Did you go to the coffee shop?” ”No!” “Did you go to the bar?” “No!” “Did you go to the club?” “
 
 
 No!” ïŹ Saying the same thing, at a different time, is not always saying the same thing.
What Are These Bugs? ● There are many variants (which is kind of the idea) ● Meltdown – Try to read data you’re not allowed to – You’re told no, but at the wrong time ● Spectre – Try to run code you’re not allowed to – You’re not allowed to run it, but other things go faster or slower based on what you weren’t allowed to run ● What went wrong?
We Assumed You Could Only Detect Cached/Uncached, not Content ● Wrong because when you read memory, you can say “Give me this information at (address plus a value between 0 and 255)” – You’ll be told no, but now you can check: ● “Do you have the value at address+0?” ● “Do you have the value at address+1?” ● “Do you have the value at address+2?” – Fuzzy, but you can check many, many times on a gigahertz processor, and you can flush the cache and start over ● CLFLUSH
We Assumed We Could Make Computers Faster ● “Why do we have these bugs? Isn’t this just math?” – Lots of nerd shaming ● No community in all of technology proves the mathematical correctness of their work more than microprocessor designers – They are the industrial market for theorem provers and SAT solvers – But you have to prove the right things in the right context
The Same Thing Might Be Predictable or Random Based On Context ● A corporation can be relatively predictable – Plodding, even ● An executive at that corporation can be erratic – Might quit tomorrow ● His heartbeat however is relatively predictable ● An individual heart cell in that heart might not ● All four scales occupy the same point in time and space
NOBUG, MUSTFIX ● The theorem provers did not fail when they showed no leakage of information between contexts – The right bits went to the right places ● The theorem provers weren’t being asked to show there were no timing variations dependent on secrets – Most, if not all timing variation is defined to not exist at the scale being proven
The Great Repurposing ● We turned a stability boundary, into a security boundary, and hoped it would work – Historically, most code would crash all the time ● “Historically” – The game was making sure it only corrupted its own resources – The theory was that hackers were just a new source of misbehavior, let’s just isolate them like we isolate everything else – Even independent of time, that hasn’t worked amazingly well, but in the context of time...
Hacker misbehavior Hackers are better behaved They change smaller things (from a computer’s perspective) that are bigger things (from a human’s perspective) Spectre and Meltdown change time, which is defined as nonexistent to the microprocessor designer, and made to be information carrying to everyone else
Worth Noting ● Some of the exploits against Spectre/Meltdown exploit the system scheduler timer – One tick every 15.6ms on many platforms – 1000ms/15.6ms == 64fps :)
Spectre and Meltdown Leak Bits. You can’t leak bits you do not have. ● There is a hidden architectural choice behind these bugs – Context Switching – “We have one computer that must pretend to be many computers, with many different security levels.” ● There is another decision that can be made – If you want two security domains, get two computers – You know, computers are small now.
Nano-Pi Neo $20, Quad Core, Gigabit
Up Core 4 core Intel Apollo Lake, PCIe, $89
Yes, we had to write patches for everybody ● Yes, we’re putting these patches everywhere, whether there’s a security boundary crossing or not ● But yes, not every individual node has two security domains – Sometimes, the only user really is the administrator – Sometimes, the administrator is only not the administrator when running a web browser – We are sort of getting this information down to where it needs to be in the chip – There’s a fair amount of “impedence mismatch”, and a lot of microcode patching right now is just trying to get even process ID into the branch predictor++
Explicit Security Domains Will Come ïŹ Security domains are not users ïŹ Security domains are not processes ïŹ Security domains are not even constrained to a single kernel or a single machine ïŹ They’re their own space. All the Spectre/Meltdown goop going on is trying to give the microcode an idea of whose context they’re working on. We’ll fake “what security domain” with that...for a while.
Surprising Amount Of Activity Around OS Design Out There ● User/kernel is not only not always a real security boundary ● User/kernel is actually pretty slow – Everything fast gets rid of it – DPDK networking running entirely in userspace – Kernel Mode Linux from back in the day – “Rump Kernels” aren’t kernel-less – they just run full BSD (or even Linux, w/ LKL) kernels in the same memory space as the application – HPC is actively working here – mOS, Hermitcore, Kitten, etc.
Why Am I Telling You This? ● Security that doesn’t care about the rest of IT is Security that grows increasingly irrelevant – Computing in 2023 is not going to look like Computing in 2018 – Computing in 2018 doesn’t look like what most people think computing in 2018 is ● “There’s no such thing as the cloud, there’s just other people’s servers” – ...with other people’s pagers. ● The scale of computing has completely changed, how we fix our security problems is going to require different viewpoints
The Flipside ● If you’re just looking for bugs, look for the things people think don’t matter – Attack there. ● Bugs aren’t random because their source isn’t random – Developers write certain bugs based on what they aren’t thinking about – Bug finders find certain bugs based on what they know developers aren’t thinking about ● This is not always conscious ● It’s usually true, at least in anyone I’ve found that’s good at this
Right about now is a good time to introduce The Catchy Only Vaguely Correct Catchphrase Designed To Spark Interest
There’s no such thing as reverse engineering.
What Do I Mean? “We only make the car turn left. Those other guys handle the car turning right.” “It’s just my job to get the plane in the air. If when and how it lands, not my problem.” It’s not that there aren’t different teams – it’s that if you don’t care if your work affects the other guys...thing’s gonna crash
Thesis There’s no reverse engineering, there’s no forward engineering. There’s just engineering. There are cultural elements in engineering that block the integration of forward and reverse. The primary one seems to be...
The Problem Dev vs. Test
Penetration Testing ïŹ “Hackers” like to talk about the former ïŹ We are a specific branch of the latter ïŹ The latter shouldn’t be split off, but it often has to be − Everybody always sees their own code for what it should be doing, not for what it actually is
What’s Happening ïŹ Large amounts of tooling are isolated to the testers ïŹ Creates an enormous bias in developer knowledge, they end up not using tools and patterns that are too “test-y” ïŹ Ends up biasing the code they think they can write − More technically: Ends up biasing their transformations in a particular direction ïŹ Compile time influences runtime ïŹ Runtime doesn’t update the source to be compiled − Less technically: Like a car that pulls right
Concrete Example ïŹ Fortran is fast (still). Python is slow (still). Except if you use Numba. − Finally, a practical environment for transforming standard-ish Python into high perf CPU/GPU code − Requires, like all optimizers, knowledge of what types of data it’s supposed to optimize for − Games of constraints: If I can constrain what’s coming, I can throw state away and optimize only for those expectations ïŹ What happens if I constrain incorrectly? CVE numbers. ïŹ That’s why security is involved. Perf and sec are not separate universes.
The Problem ïŹ Python is dynamically typed, integers or floating point numbers or strings or whatever are distinguished at runtime ïŹ Developer pain required to declare up front what types might pass through
Another Competitor Enters The Arena ïŹ PyAnnotate by Dropbox ïŹ Monitors types used during test or production, updates the code in-place with annotations ïŹ Thus far, this hasn’t been extended to numeric optimization for Numba ïŹ Solves the problem that developers don’t actually know the right answers for expected types either ïŹ Considered appropriate only for “legacy” because
Because... ...because what? Why shouldn’t runtime influence code?
The Approach Seems Weird ïŹ “Isn’t this Profile Guided Optimization?” − No, this actually changes the source code − This is also not constrained to performance, i.e. could apply security constraints (probably been some work here) ïŹ Pair programming with a machine? − I mean, we lean on libraries a lot, to the point a lot of dev is figuring out what legos to stick together ïŹ Developers are supposed to know what the system is supposed to do. They’re not supposed to learn what the system is supposed to do by watching it fail! − A) That’s totally what they do − B) That’s totally what we do
Developer tools usually assume the developer is right ïŹ Optimization throws out information unneeded by the present system ïŹ The present system is wrong, a new system is needed, the information about how we deviated from correct to suboptimal may have been thrown out ïŹ So that’s how test tools – hacker tools – differ up front. We’re looking for that developer error.
But everyone’s tools are kind of bad ïŹ “The difference between reverse and “normal” engineering is whether you have the source code” − Assumes the source code is more comprehensible or predictable than the compiled form − I knew a guy (who will laugh when I send him this slide) who audited C++ from the compiled binary, because “who can dig through that mess, just give me the binary and I’ll walk through the table myself”. ïŹ Ultimately the more we can monitor the operation of running code, in the context of the source code generating it – the faster the loop between misconception and correction can be – the better software (or the more bugs) we’ll find.
Where I’m Going With This ïŹ 1) Full system source debugging ïŹ If things are so open source, where’s the source? Why am I specifically recompiling things I happen to be interested in, one library at a time, including the kernel? − Questions actually do have answers: Debugging tools don’t want to take a hard dependency on source being available − Went to an SSD developer some years ago, I don’t think there is a single company on the planet with all source to one of those − But I can compile Gentoo from source
 − Yes, it’s very nice. − Apt-build on ubuntu also “kind of works” – good for individual targets
ADB is old and busted ABD is the new hotness ● Always Be Debugging :) ● “But what about security boundaries? Am I going to have to type sudo all the time?”
The Problem Ever get the feeling it’s easier to be root on
 someone else’s machine? :(
Alas ● Attackers get root for years ● You get root, one line at a time – It’s still me! – No really, still me. ● And you get such a variety of software behaviors, too.
Wireshark as user
Wireshark w/ sudo
Linux knows And hides an incomplete fix...
Coming soon, sudo 2.0: a.sandwich ïŹ
This is just as silly as sudosudosudosudosudosudo ïŹ One quirk −Can’t just switch effective user all the time, that’s part of why sudo is a mess −Present plan: Make permission checks pass, but otherwise keep users what they are −Use the switches to control precise parameters (they glow!) ïŹ This is actually common behavior, we just don’t notice it −VM’s are fake roots −Containers are fake roots ● HUGE reason Docker succeeded −Kali Linux is a real root
Jupyter is almost great ïŹ Web based reboot of interactive programming ïŹ No internal interface for adding packages ● That would depend on root access! ● (But VirtualEnv) SMACK It’s a polyglot environment, supports lots of languages ● What’s going on?
As usual, there’s actually a reason ïŹ There is an answer to why we’re moderately careful doling out root access, and it’s actually not really “we’re afraid of hackers” ïŹ Users can actually break their machines pretty easily, and then come to us complaining ïŹ One class of fixes involves applying a talent bar, to be able to break the machine, or making as much software as possible not put the machine at risk by rewarding it with being immune to The Prompt ïŹ Another class involves...just making it easy to fix the thing
VIMCEPTION ● AKA “Fork The Universe” ● Boot the running system, into a VM, with the full existing configuation, knowing we can’t break anything – Possible?
Why It’s Interesting ● It’s Root ● Nothing Bad Can Happen
Raspberry Pi: A Root For Every Kid ïŹ
Clarity ïŹ “Get two computers” is also “manage your persistence”
A Hard Question ïŹ Why are we vulnerable to ransomware? ïŹ “Because the attackers can delete our data” ïŹ Why can attackers delete our data? Why can we? Isn’t storage cheap now? ïŹ Equivalent for ephemeral installs: Why do I have these difficult to protect, expensive to replace persistent installations? ïŹ As debugging didn’t want to take a dependency on source, security may not have wanted to take a dependency on zero persistent storage. − But that might be the right design to work with, to allow arbitrary “damage” to be done and always be able to return to a known safe state.
Closing Thoughts ● We should not separate development and testing ● Our hardest problems in security require alignment between how we build and how we verify ● Our best solutions in technology will understand the past to see the future – All that matters is how well we protect users, and provide the services that they need. – Our personal development cultures are not as important as actually getting the job done :)

Empfohlen

A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix ThingsDan Kaminsky
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toorDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 

Empfohlen

A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix ThingsDan Kaminsky
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toorDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Dan Kaminsky
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On BitcoinDan Kaminsky
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8Dan Kaminsky
 
Confidence web
Confidence webConfidence web
Confidence webDan Kaminsky
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006Dan Kaminsky
 
Interpolique
InterpoliqueInterpolique
InterpoliqueDan Kaminsky
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defenseDan Kaminsky
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_cccDan Kaminsky
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 cccDan Kaminsky
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Large Components in the Rearview Mirror
Large Components in the Rearview MirrorLarge Components in the Rearview Mirror
Large Components in the Rearview MirrorMichelle Brush
 
Keynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapKeynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapSecurityTube.Net
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Testing for the deeplearning folks
Testing for the deeplearning folksTesting for the deeplearning folks
Testing for the deeplearning folksVishwas N
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Dan Kaminsky
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On BitcoinDan Kaminsky
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Confidence web
Confidence webConfidence web
Confidence webDan Kaminsky
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006Dan Kaminsky
 
Interpolique
InterpoliqueInterpolique
InterpoliqueDan Kaminsky
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defenseDan Kaminsky
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_cccDan Kaminsky
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 cccDan Kaminsky
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Large Components in the Rearview Mirror
Large Components in the Rearview MirrorLarge Components in the Rearview Mirror
Large Components in the Rearview MirrorMichelle Brush
 
Keynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapKeynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapSecurityTube.Net
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 

Was ist angesagt? (20)

Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On Bitcoin
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
 
Confidence web
Confidence webConfidence web
Confidence web
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Web
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defense
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_ccc
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 ccc
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Large Components in the Rearview Mirror
Large Components in the Rearview MirrorLarge Components in the Rearview Mirror
Large Components in the Rearview Mirror
 
Keynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapKeynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication Gap
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
 

Ähnlich wie Bugs Aren't Random

Testing for the deeplearning folks
Testing for the deeplearning folksTesting for the deeplearning folks
Testing for the deeplearning folksVishwas N
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
 
1. The Game Of The Century
1. The Game Of The Century1. The Game Of The Century
1. The Game Of The CenturyAlexandre Linhares
 
What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrongafa reg
 
On Inherent Complexity of Computation, by Attila Szegedi
On Inherent Complexity of Computation, by Attila SzegediOn Inherent Complexity of Computation, by Attila Szegedi
On Inherent Complexity of Computation, by Attila SzegediZeroTurnaround
 
Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014Noah Sussman
 
Planning for Uncertainty
Planning for UncertaintyPlanning for Uncertainty
Planning for UncertaintyMarcin Czenko
 
From đŸ€Š to đŸżïž
From đŸ€Š to đŸżïžFrom đŸ€Š to đŸżïž
From đŸ€Š to đŸżïžOri Pekelman
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Back to basics simple, elegant, beautiful code
Back to basics simple, elegant, beautiful codeBack to basics simple, elegant, beautiful code
Back to basics simple, elegant, beautiful codeAndrew Harcourt
 
How well are you delivering your experience?
How well are you delivering your experience?How well are you delivering your experience?
How well are you delivering your experience?Andrew Fisher
 
Reversed Tests Pyramid - Agile Prague 2014
Reversed Tests Pyramid - Agile Prague 2014Reversed Tests Pyramid - Agile Prague 2014
Reversed Tests Pyramid - Agile Prague 2014Wiktor Ć»oƂnowski
 
The hunt of the unicorn, to capture productivity
The hunt of the unicorn, to capture productivityThe hunt of the unicorn, to capture productivity
The hunt of the unicorn, to capture productivityBrainhub
 
Complex things explained easily
Complex things explained easilyComplex things explained easily
Complex things explained easilyLuca Tumedei
 
DataDay 2023 Presentation - Notes
DataDay 2023 Presentation - NotesDataDay 2023 Presentation - Notes
DataDay 2023 Presentation - NotesMax De Marzi
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Charity Majors
 
Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...
Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...
Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...Sam Livingston-Gray
 
Teaching Your Computer To Play Video Games
Teaching Your Computer To Play Video GamesTeaching Your Computer To Play Video Games
Teaching Your Computer To Play Video Gamesehrenbrav
 
Moved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmx
Moved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmxMoved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmx
Moved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmxMilen Dyankov
 
Five Cliches of Online Game Development
Five Cliches of Online Game DevelopmentFive Cliches of Online Game Development
Five Cliches of Online Game Developmentiandundore
 

Ähnlich wie Bugs Aren't Random (20)

Testing for the deeplearning folks
Testing for the deeplearning folksTesting for the deeplearning folks
Testing for the deeplearning folks
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
 
1. The Game Of The Century
1. The Game Of The Century1. The Game Of The Century
1. The Game Of The Century
 
What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrong
 
On Inherent Complexity of Computation, by Attila Szegedi
On Inherent Complexity of Computation, by Attila SzegediOn Inherent Complexity of Computation, by Attila Szegedi
On Inherent Complexity of Computation, by Attila Szegedi
 
Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014
 
Planning for Uncertainty
Planning for UncertaintyPlanning for Uncertainty
Planning for Uncertainty
 
From đŸ€Š to đŸżïž
From đŸ€Š to đŸżïžFrom đŸ€Š to đŸżïž
From đŸ€Š to đŸżïž
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
 
Back to basics simple, elegant, beautiful code
Back to basics simple, elegant, beautiful codeBack to basics simple, elegant, beautiful code
Back to basics simple, elegant, beautiful code
 
How well are you delivering your experience?
How well are you delivering your experience?How well are you delivering your experience?
How well are you delivering your experience?
 
Reversed Tests Pyramid - Agile Prague 2014
Reversed Tests Pyramid - Agile Prague 2014Reversed Tests Pyramid - Agile Prague 2014
Reversed Tests Pyramid - Agile Prague 2014
 
The hunt of the unicorn, to capture productivity
The hunt of the unicorn, to capture productivityThe hunt of the unicorn, to capture productivity
The hunt of the unicorn, to capture productivity
 
Complex things explained easily
Complex things explained easilyComplex things explained easily
Complex things explained easily
 
DataDay 2023 Presentation - Notes
DataDay 2023 Presentation - NotesDataDay 2023 Presentation - Notes
DataDay 2023 Presentation - Notes
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)
 
Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...
Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...
Cognitive Shortcuts: Models, Visualizations, Metaphors, and Other Lies (Casca...
 
Teaching Your Computer To Play Video Games
Teaching Your Computer To Play Video GamesTeaching Your Computer To Play Video Games
Teaching Your Computer To Play Video Games
 
Moved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmx
Moved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmxMoved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmx
Moved to https://slidr.io/azzazzel/web-application-performance-tuning-beyond-xmx
 
Five Cliches of Online Game Development
Five Cliches of Online Game DevelopmentFive Cliches of Online Game Development
Five Cliches of Online Game Development
 

Mehr von Dan Kaminsky

Chicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenChicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenDan Kaminsky
 
Interpolique
InterpoliqueInterpolique
InterpoliqueDan Kaminsky
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slidesDan Kaminsky
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminskyDan Kaminsky
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminskyDan Kaminsky
 
Dmk audioviz
Dmk audiovizDmk audioviz
Dmk audiovizDan Kaminsky
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open sshDan Kaminsky
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminskyDan Kaminsky
 

Mehr von Dan Kaminsky (12)

Chicken
ChickenChicken
Chicken
 
Chicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenChicken Chicken Chicken Chicken
Chicken Chicken Chicken Chicken
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slides
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Dmk audioviz
Dmk audiovizDmk audioviz
Dmk audioviz
 
Bo2004
Bo2004Bo2004
Bo2004
 
Gwc3
Gwc3Gwc3
Gwc3
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
 

KĂŒrzlich hochgeladen

ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€Fs
 
ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€Fs
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Potsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœ
Potsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœPotsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœ
Potsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœys8omjxb
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
択理(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
択理(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćŠžç†(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
択理(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€z xss
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€Fs
 

KĂŒrzlich hochgeladen (20)

Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(UALć­ŠäœèŻ)è‹±ć›œäŒŠæ•Šè‰șæœŻć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
 
ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(ManagementæŻ•äžšèŻäčŠ)æ–°ćŠ ćĄçźĄç†ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(AUTæŻ•äžšèŻäčŠ)æ–°è„żć…°ć„„ć…‹ć…°ç†ć·„ć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Potsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœ
Potsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœPotsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœ
Potsdam FHć­ŠäœèŻ,æłąèŒšćŠćș”ç”šæŠ€æœŻć€§ć­ŠæŻ•äžšèŻäčŠ1:1ćˆ¶äœœ
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
択理(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
択理(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćŠžç†(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
択理(UofRæŻ•äžšèŻäčŠ)çœ—ćˆ‡æ–Żç‰čć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
ćźšćˆ¶(LincolnæŻ•äžšèŻäčŠ)æ–°è„żć…°æž—è‚Żć€§ć­ŠæŻ•äžšèŻæˆç»©ć•ćŽŸç‰ˆäž€æŻ”äž€
 

Bugs Aren't Random

  • 1. BUGS AREN’T RANDOM Unifying Building and Breaking In The Modern Age Dan Kaminsky Chief Scientist White Ops
  • 2. Hello China! ïŹ Thank you DEFCON, for supporting me for almost two decades ïŹ Thank you Baidu. Only DEFCON could go to China, and you helped make that happen. ïŹ Thank you for coming :) This is my first time to your lovely country!
  • 3. SO! ïŹ This is a keynote, so I’m supposed to inspire you ïŹ This is a technical talk, so there’s going to be actual lines of code on this actual screen (I promise) ïŹ The goal: Connect a series of concepts you may never have thought were linked ïŹ Consider this a “Skydive” − Start with a birds eye view − Dive headfirst into the weeds − Get ourselves a bugs eye view
  • 4. 60 Frames Per Second ïŹ I have a “hobby” around human perception − Ask me about Color Blindness sometime ïŹ There’s a myth that people see at 60 frames per second − Works OK for video games, makes people quite sick in VR ïŹ Not real − Obviously mythological, we don’t see in frames at all, our eyes jiggle around a lot and our brain dreams something up − It’s why we can dream − Lots of experiments show the average person seeing well past 60 ïŹ But why 60?
  • 5. My Traditional Answer, ”Why 60fps?” “1940’s television technology, that’s just how fast TV’s used to run.” Correct, but incomplete.
  • 7. Oh. I’m used to technology having its own clocks (quartz crystals). Turns out you can just use the power lines as a clock. (Can != Should)
  • 8. So... We didn’t make TV’s 60fps for human vision We made TV’s 60fps because there was a 60hz clock handy Why was it 60fps?
  • 9. Power was 60hz Because 1890’s and Physics Were ïŹ The induction motor was found to work well on frequencies around 50 to 60 Hz, but with the materials available in the 1890s would not work well at a frequency of, say, 133 Hz. ïŹ (Wikipedia, Utility Frequency)
  • 10. So... So is 60fps nothing to do with human vision, and everything to do with 1890’s technology?
  • 11. So... “There is a fixed relationship between the number of magnetic poles in the induction motor field, the frequency of the alternating current, and the rotation speed.” 60hz wasn’t just 1890’s tech. It’s also physics.
  • 12. We’re Made Of Physics Too ïŹ Human vision comes from the brain ïŹ The brain circulates electromagnetic signals ● Gamma waves work at 25-100hz ïŹ PURE SPECULATION, but it’s sort of cool to go from: − 60 fps = rate human brain implements human vision − 60 fps = tricking human vision w/ television − 60 fps = timing television with spinning magnets − 60 fps = spinning magnetics at the same rate as the human brain
  • 13. You might be thinking ïŹ What could this possibly have to do with bugs? − We don’t necessarily know why things are the way they are − Usually we do things because we’ve been doing them − Sometimes what we’ve been doing is good enough, sometimes what we’ve been doing is bad but nobody realizes where the bugs are ïŹ I like figuring out why − Stay intellectually honest, and you’ll find cool stuff − Know you’re speculating!
  • 14. No Really, Speculative Execution Bugs ïŹ Spectre and Meltdown ïŹ Best explanation: “Did you go to the coffee shop?” ”No!” “Did you go to the bar?” “No!” “Did you go to the club?” “
 
 
 No!” ïŹ Saying the same thing, at a different time, is not always saying the same thing.
  • 15. What Are These Bugs? ● There are many variants (which is kind of the idea) ● Meltdown – Try to read data you’re not allowed to – You’re told no, but at the wrong time ● Spectre – Try to run code you’re not allowed to – You’re not allowed to run it, but other things go faster or slower based on what you weren’t allowed to run ● What went wrong?
  • 16. We Assumed You Could Only Detect Cached/Uncached, not Content ● Wrong because when you read memory, you can say “Give me this information at (address plus a value between 0 and 255)” – You’ll be told no, but now you can check: ● “Do you have the value at address+0?” ● “Do you have the value at address+1?” ● “Do you have the value at address+2?” – Fuzzy, but you can check many, many times on a gigahertz processor, and you can flush the cache and start over ● CLFLUSH
  • 17. We Assumed We Could Make Computers Faster ● “Why do we have these bugs? Isn’t this just math?” – Lots of nerd shaming ● No community in all of technology proves the mathematical correctness of their work more than microprocessor designers – They are the industrial market for theorem provers and SAT solvers – But you have to prove the right things in the right context
  • 18. The Same Thing Might Be Predictable or Random Based On Context ● A corporation can be relatively predictable – Plodding, even ● An executive at that corporation can be erratic – Might quit tomorrow ● His heartbeat however is relatively predictable ● An individual heart cell in that heart might not ● All four scales occupy the same point in time and space
  • 19. NOBUG, MUSTFIX ● The theorem provers did not fail when they showed no leakage of information between contexts – The right bits went to the right places ● The theorem provers weren’t being asked to show there were no timing variations dependent on secrets – Most, if not all timing variation is defined to not exist at the scale being proven
  • 20. The Great Repurposing ● We turned a stability boundary, into a security boundary, and hoped it would work – Historically, most code would crash all the time ● “Historically” – The game was making sure it only corrupted its own resources – The theory was that hackers were just a new source of misbehavior, let’s just isolate them like we isolate everything else – Even independent of time, that hasn’t worked amazingly well, but in the context of time...
  • 21. Hacker misbehavior Hackers are better behaved They change smaller things (from a computer’s perspective) that are bigger things (from a human’s perspective) Spectre and Meltdown change time, which is defined as nonexistent to the microprocessor designer, and made to be information carrying to everyone else
  • 22. Worth Noting ● Some of the exploits against Spectre/Meltdown exploit the system scheduler timer – One tick every 15.6ms on many platforms – 1000ms/15.6ms == 64fps :)
  • 23. Spectre and Meltdown Leak Bits. You can’t leak bits you do not have. ● There is a hidden architectural choice behind these bugs – Context Switching – “We have one computer that must pretend to be many computers, with many different security levels.” ● There is another decision that can be made – If you want two security domains, get two computers – You know, computers are small now.
  • 24. Nano-Pi Neo $20, Quad Core, Gigabit
  • 25. Up Core 4 core Intel Apollo Lake, PCIe, $89
  • 26. Yes, we had to write patches for everybody ● Yes, we’re putting these patches everywhere, whether there’s a security boundary crossing or not ● But yes, not every individual node has two security domains – Sometimes, the only user really is the administrator – Sometimes, the administrator is only not the administrator when running a web browser – We are sort of getting this information down to where it needs to be in the chip – There’s a fair amount of “impedence mismatch”, and a lot of microcode patching right now is just trying to get even process ID into the branch predictor++
  • 27. Explicit Security Domains Will Come ïŹ Security domains are not users ïŹ Security domains are not processes ïŹ Security domains are not even constrained to a single kernel or a single machine ïŹ They’re their own space. All the Spectre/Meltdown goop going on is trying to give the microcode an idea of whose context they’re working on. We’ll fake “what security domain” with that...for a while.
  • 28. Surprising Amount Of Activity Around OS Design Out There ● User/kernel is not only not always a real security boundary ● User/kernel is actually pretty slow – Everything fast gets rid of it – DPDK networking running entirely in userspace – Kernel Mode Linux from back in the day – “Rump Kernels” aren’t kernel-less – they just run full BSD (or even Linux, w/ LKL) kernels in the same memory space as the application – HPC is actively working here – mOS, Hermitcore, Kitten, etc.
  • 29. Why Am I Telling You This? ● Security that doesn’t care about the rest of IT is Security that grows increasingly irrelevant – Computing in 2023 is not going to look like Computing in 2018 – Computing in 2018 doesn’t look like what most people think computing in 2018 is ● “There’s no such thing as the cloud, there’s just other people’s servers” – ...with other people’s pagers. ● The scale of computing has completely changed, how we fix our security problems is going to require different viewpoints
  • 30. The Flipside ● If you’re just looking for bugs, look for the things people think don’t matter – Attack there. ● Bugs aren’t random because their source isn’t random – Developers write certain bugs based on what they aren’t thinking about – Bug finders find certain bugs based on what they know developers aren’t thinking about ● This is not always conscious ● It’s usually true, at least in anyone I’ve found that’s good at this
  • 31. Right about now is a good time to introduce The Catchy Only Vaguely Correct Catchphrase Designed To Spark Interest
  • 32. There’s no such thing as reverse engineering.
  • 33. What Do I Mean? “We only make the car turn left. Those other guys handle the car turning right.” “It’s just my job to get the plane in the air. If when and how it lands, not my problem.” It’s not that there aren’t different teams – it’s that if you don’t care if your work affects the other guys...thing’s gonna crash
  • 34. Thesis There’s no reverse engineering, there’s no forward engineering. There’s just engineering. There are cultural elements in engineering that block the integration of forward and reverse. The primary one seems to be...
  • 36. Penetration Testing ïŹ “Hackers” like to talk about the former ïŹ We are a specific branch of the latter ïŹ The latter shouldn’t be split off, but it often has to be − Everybody always sees their own code for what it should be doing, not for what it actually is
  • 37. What’s Happening ïŹ Large amounts of tooling are isolated to the testers ïŹ Creates an enormous bias in developer knowledge, they end up not using tools and patterns that are too “test-y” ïŹ Ends up biasing the code they think they can write − More technically: Ends up biasing their transformations in a particular direction ïŹ Compile time influences runtime ïŹ Runtime doesn’t update the source to be compiled − Less technically: Like a car that pulls right
  • 38. Concrete Example ïŹ Fortran is fast (still). Python is slow (still). Except if you use Numba. − Finally, a practical environment for transforming standard-ish Python into high perf CPU/GPU code − Requires, like all optimizers, knowledge of what types of data it’s supposed to optimize for − Games of constraints: If I can constrain what’s coming, I can throw state away and optimize only for those expectations ïŹ What happens if I constrain incorrectly? CVE numbers. ïŹ That’s why security is involved. Perf and sec are not separate universes.
  • 39. The Problem ïŹ Python is dynamically typed, integers or floating point numbers or strings or whatever are distinguished at runtime ïŹ Developer pain required to declare up front what types might pass through
  • 40. Another Competitor Enters The Arena ïŹ PyAnnotate by Dropbox ïŹ Monitors types used during test or production, updates the code in-place with annotations ïŹ Thus far, this hasn’t been extended to numeric optimization for Numba ïŹ Solves the problem that developers don’t actually know the right answers for expected types either ïŹ Considered appropriate only for “legacy” because
  • 42. The Approach Seems Weird ïŹ “Isn’t this Profile Guided Optimization?” − No, this actually changes the source code − This is also not constrained to performance, i.e. could apply security constraints (probably been some work here) ïŹ Pair programming with a machine? − I mean, we lean on libraries a lot, to the point a lot of dev is figuring out what legos to stick together ïŹ Developers are supposed to know what the system is supposed to do. They’re not supposed to learn what the system is supposed to do by watching it fail! − A) That’s totally what they do − B) That’s totally what we do
  • 43. Developer tools usually assume the developer is right ïŹ Optimization throws out information unneeded by the present system ïŹ The present system is wrong, a new system is needed, the information about how we deviated from correct to suboptimal may have been thrown out ïŹ So that’s how test tools – hacker tools – differ up front. We’re looking for that developer error.
  • 44. But everyone’s tools are kind of bad ïŹ “The difference between reverse and “normal” engineering is whether you have the source code” − Assumes the source code is more comprehensible or predictable than the compiled form − I knew a guy (who will laugh when I send him this slide) who audited C++ from the compiled binary, because “who can dig through that mess, just give me the binary and I’ll walk through the table myself”. ïŹ Ultimately the more we can monitor the operation of running code, in the context of the source code generating it – the faster the loop between misconception and correction can be – the better software (or the more bugs) we’ll find.
  • 45. Where I’m Going With This ïŹ 1) Full system source debugging ïŹ If things are so open source, where’s the source? Why am I specifically recompiling things I happen to be interested in, one library at a time, including the kernel? − Questions actually do have answers: Debugging tools don’t want to take a hard dependency on source being available − Went to an SSD developer some years ago, I don’t think there is a single company on the planet with all source to one of those − But I can compile Gentoo from source
 − Yes, it’s very nice. − Apt-build on ubuntu also “kind of works” – good for individual targets
  • 46.
  • 47.
  • 48. ADB is old and busted ABD is the new hotness ● Always Be Debugging :) ● “But what about security boundaries? Am I going to have to type sudo all the time?”
  • 49. The Problem Ever get the feeling it’s easier to be root on
 someone else’s machine? :(
  • 50. Alas ● Attackers get root for years ● You get root, one line at a time – It’s still me! – No really, still me. ● And you get such a variety of software behaviors, too.
  • 53. Linux knows And hides an incomplete fix...
  • 54. Coming soon, sudo 2.0: a.sandwich ïŹ
  • 55. This is just as silly as sudosudosudosudosudosudo ïŹ One quirk −Can’t just switch effective user all the time, that’s part of why sudo is a mess −Present plan: Make permission checks pass, but otherwise keep users what they are −Use the switches to control precise parameters (they glow!) ïŹ This is actually common behavior, we just don’t notice it −VM’s are fake roots −Containers are fake roots ● HUGE reason Docker succeeded −Kali Linux is a real root
  • 56. Jupyter is almost great ïŹ Web based reboot of interactive programming ïŹ No internal interface for adding packages ● That would depend on root access! ● (But VirtualEnv) SMACK It’s a polyglot environment, supports lots of languages ● What’s going on?
  • 57. As usual, there’s actually a reason ïŹ There is an answer to why we’re moderately careful doling out root access, and it’s actually not really “we’re afraid of hackers” ïŹ Users can actually break their machines pretty easily, and then come to us complaining ïŹ One class of fixes involves applying a talent bar, to be able to break the machine, or making as much software as possible not put the machine at risk by rewarding it with being immune to The Prompt ïŹ Another class involves...just making it easy to fix the thing
  • 58. VIMCEPTION ● AKA “Fork The Universe” ● Boot the running system, into a VM, with the full existing configuation, knowing we can’t break anything – Possible?
  • 59.
  • 60.
  • 61.
  • 62. Why It’s Interesting ● It’s Root ● Nothing Bad Can Happen
  • 63. Raspberry Pi: A Root For Every Kid ïŹ
  • 64. Clarity ïŹ “Get two computers” is also “manage your persistence”
  • 65. A Hard Question ïŹ Why are we vulnerable to ransomware? ïŹ “Because the attackers can delete our data” ïŹ Why can attackers delete our data? Why can we? Isn’t storage cheap now? ïŹ Equivalent for ephemeral installs: Why do I have these difficult to protect, expensive to replace persistent installations? ïŹ As debugging didn’t want to take a dependency on source, security may not have wanted to take a dependency on zero persistent storage. − But that might be the right design to work with, to allow arbitrary “damage” to be done and always be able to return to a known safe state.
  • 66. Closing Thoughts ● We should not separate development and testing ● Our hardest problems in security require alignment between how we build and how we verify ● Our best solutions in technology will understand the past to see the future – All that matters is how well we protect users, and provide the services that they need. – Our personal development cultures are not as important as actually getting the job done :)