No. You’re just suffering from software-sucks syndrome.
-
-
Replying to @matthew_d_green @halvarflake
What happens (speaking vaguely as an academic, though in the wrong field) is that someone comes to us and says “here’s this super powerful bug that’s really easy to exploit” and the first thing we think is “surely someone will squash the really obvious exploit path, what then?”
1 reply 0 retweets 8 likes -
Replying to @matthew_d_green @halvarflake
And then before we know it, we’ve extrapolated nine cycles of patch/exploit forward to the point where the attacker’s only way to win is to get Turing completeness, yay!
2 replies 1 retweet 5 likes -
Replying to @matthew_d_green @halvarflake
Whereas what happens in the real world is that nobody ever fixes the really obvious exploitation path and everyone laughs at the eggheads with their silly ideas.
1 reply 5 retweets 16 likes -
Replying to @matthew_d_green @halvarflake
As a related example, in cryptography we have nine billion examples of sophisticated cryptographic side-channel attacks, that succeed by extracting key bits — but in the real world you can just use Spectre/Foreshadow to dump RAM. The real world sucks.
2 replies 7 retweets 25 likes -
Replying to @matthew_d_green @halvarflake
AND FROM OUR PERSPECTIVE THIS IS ALL *YOUR* FAULT.
1 reply 1 retweet 7 likes -
Replying to @matthew_d_green
So the issue in (academic) vulnerability work is slightly different. A lot originates in the re-discovery of ROP and the need to distinguish it from already published exploits; the fact that you can emulate the equivalent of a conditional branch was then conjured up.
2 replies 0 retweets 9 likes -
Replying to @halvarflake @matthew_d_green
This made the phrase "Turing complete" seep into the discussion about exploits, when it really is a shorthand for "we are confident we can read almost every piece of memory and compute with it and write to it". This is *very* different from "it is an exploit when we achieve...
1 reply 1 retweet 5 likes -
Replying to @halvarflake @matthew_d_green
... Turing completeness". Javascript in a browser looks pretty Turing-complete to me (if I had an infinite RAM machine of course, but that is a different can of worms).
2 replies 0 retweets 4 likes -
Replying to @halvarflake
Well like I said, the practical fact is that most exploits only require a system call. But you could imagine a system where somehow defenders had managed to make that not a viable strategy. And there TC starts to be more interesting.
2 replies 1 retweet 1 like
I dunno, does it? The attack you're imagining is stealing compute time? It feels like the days where that could have been interesting are long gone, cheap compute & interpreters everywhere is the norm now 
-
-
Replying to @taviso @halvarflake
I see. So the objection is that TC is not by itself useful, but rather than even TC computation does not mean your program can exceed its access limitations in a meaningful way. That makes sense.
2 replies 1 retweet 5 likes -
Is that really how it was defined though?
1 reply 0 retweets 0 likes - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.