[langsec-discuss] Brainoverflow and basic understanding
fabi at fabif.de
Fri Jun 1 13:46:41 UTC 2012
my name is fabian. For those who visited berlinsides, I'm the guy who
did the Pokemon TD Game Hack lightningtalk. Meredith, you probably can
remember me. Just to have a face and a connection in mind ;) Also I'm
german, so I'm very sorry for some weird grammar fails :P
28c3 was my first conference and I saw Merediths talk about "science of
insecurity". I didn't expect such a "theoretical" talk at this
conference. I'm very interested in mathematics and theoretic computer
science - unfortunately my brain is too bad. But I give not up! :D I
want to understand as much as I can. So after the talk at 28c3 It was
for me like "Ok... I think I got it, but... mhmhm... no not really" but
I had the feeling I understood it. Time passed and we had some more
formal language and compiler construction at university. Then came
berlinsides 0x03 and I heard a lot of "parser" jokes in some
presentations. And at one point it made "click!". OH WTF I THINK I GOT
IT NOW!... So when I came home from berlinsides I rewatched the talk
very carefully and It started to make sense. This was a really great
feeling. The awareness, that an exploit is just a not wanted accepted
word for a grammatic. and the programmer who tried to implement the
grammatic created some weird connections/states in his parser.
Well I assume this is a very basic view, but I think I can now move
forward with this.
I also tried to access the langsec mail archive (
https://lists.langsec.org/pipermail/langsec-discuss/), to read and learn
more, but either nobody wrote on this list ever, or the mails are not
I search for more material I can learn from. For the beginning some
simple stuff - Im not very confident with my brain when I try to
understand crazy formulas :(
I also want to learn a functional programming languages likr Haskell or
Ada, because I hope/think this also can improve the way of thinking. Is
there an easy or cool introduction in this functional thinking?
@sergey, in your lightning talk you talked about "pidgeon holes" - that
it is sad that we loose the good idea behind ASLR, because we think it's
an anti exploit technique.
Did I understand this right? Unfortunately I didn't understand it.
Probably because there is my english language barrier and I only have an
very abstract view to ASLR - as an anti exploit technique xD
So would you mind to give me a source/paper/... or just an abstract
about what you tried to say?
-> does this also belongs to language theoretic security?
I hope I'm not too much off road, if so, I'm very happy with any
correction and leads to the right direction :)
Thank you very much,
-- smrrd.de // yellowh.at --
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss