zlacker

[return to "A case against security nihilism"]
1. static+Di[view] [source] 2021-07-20 20:50:05
>>feross+(OP)
Just the other day I suggested using a yubikey, and someone linked me to the Titan sidechannel where researchers demonstrated that, with persistent access, and a dozen hours of work, they could break the guarantees of a Titan chip[0]. They said "an attacker will just steal it". The researchers, on the other hand, stressed how very fundamentally difficult this was to pull off due to very limited attack surface.

This is the sort of absolutism that is so pointless.

At the same time, what's equally frustrating to me is defense without a threat model. "We'll randomize this value so it's harder to guess" without asking who's guessing, how often they can guess, how you'll randomize it, how you'll keep it a secret, etc. "Defense in depth" has become a nonsense term.

The use of memory unsafe languages for parsing untrusted input is just wild. I'm glad that I'm working in a time where I can build all of my parsers and attack surface in Rust and just think way, way less about this.

I'll also link this talk[1], for the millionth time. It's Rob Joyce, chief of the NSA's TAO, talking about how to make NSA's TAO's job harder.

[0] https://arstechnica.com/information-technology/2021/01/hacke...

[1] https://www.youtube.com/watch?v=bDJb8WOJYdA

◧◩
2. b112+De1[view] [source] 2021-07-21 05:45:00
>>static+Di
I am scared to death of rust.

It appears that if one uses it, one become evangelicalized to it, spreads the word "Praise Rust!", and so forth.

Anything so evangelized is met with strong skepticism here.

◧◩◪
3. INTPen+No1[view] [source] 2021-07-21 07:28:20
>>b112+De1
What scares me about Rust is that people put so much trust in it. And part of that is because of what you mention, the hype in other words.

I don't follow this carefully but even I have heard of at least one Rust project that when audited failed miserably. Not because of memory safety but because the programmer had made a bunch of rookie mistakes that senior programmers might be better at.

So in other words, Rust's hype is going to lead to a lot of rewrites and a lot of new software being written in Rust. And much of that software will have simple programming errors that you can do in any language. So we're going to need a whole new wave of audits.

◧◩◪◨
4. b112+3r1[view] [source] 2021-07-21 07:47:09
>>INTPen+No1
I recall a time at the grocery store, years ago. I wanted some sliced meat, but when I approached the counter a young woman was sweeping the floor.

Naturally, she was wearing gloves.

Seeing me, she grabbed the dustpan, threw away her sweepings, put the broom away, and was prepared to now serve me...

Still wearing the same gloves. Apparently magic gloves, for she was confused when I asked her to change them. She'd touched the broom, the dustpan, the floor, stuff in the dustpan, and the garbage. All within 20 seconds of me seeing her.

Proper procedure, understanding processes, are far more effective than a misused tool.

Is rust mildly better than some languages? Maybe.

But it is not a balm for all issues, and as you say, replacing very well maintained codebases might result in suboptimal outcomes.

[go to top]