@SteveBellovin @usenixassociation Your tweet raises a lot of questions answered by my paper "Building practical security sandboxes for untrusted python code" which reviewer 2 called "Overly practical and lacking in LaTeX flair." Reviewer 3 said it "needed more math" and questioned "It works in practice, but does it work in theory?"
undefined
Adam Shostack :donor: :rebelverified:
@adamshostack@infosec.exchange
Posts
-
Dear @usenixassociation Security: this is a security conference. -
@vkc And if it's public, it's not handled with care.@vkc Oops, thought you were implying that if they didn't keep the blocklists private... sorry!
-
@vkc And if it's public, it's not handled with care.@vkc When you say “do I trust” I’m pretty sure they’re public; they’re aggregated on https://clearsky.app/.
-
Today, Project Zero released a 0-click exploit chain for the Pixel 9.@natashenka I don't know that a single click matters, unless you design it well. See also https://infosec.exchange/@adamshostack/115884932482637376
-
Holy cow fake QR codes in the wild!Holy cow fake QR codes in the wild! Stop the hacklore @boblord ! :)
https://vancouversun.com/news/whistler-fraudulent-qr-codes-parking-payment-scam
-
Heard a good one this morning about a failure of system design. -
I know there's a long academic literature on the question of "do programmers make similar mistakes."I know there's a long academic literature on the question of "do programmers make similar mistakes." Has that work been extended to security? Do programmers make the same sorts of security mistakes when writing similar programs?
-
We have always been at war with Venezuela.@codinghorror I think the word you’re looking for is “doubleplus good” 😇
-
We have always been at war with Venezuela.We have always been at war with Venezuela.