[Dailydave] Hacking software is lame -- try medical research...

Rich Mogull rmogull-dd at securosis.com
Fri Sep 21 17:12:05 EDT 2007 

A big part of the problem is overhead and test environments, but this  
might change (at least to some degree) in our lifetime. Part of my  
degree is in molecular biology (undergrad only) and it's a truly  
amazing and fascinating field. The problem is, the equipment to do  
any serious research is costly and difficult to obtain, never mind  
dangerous when working with humans. One nice thing about hacking/ 
security research is we can just bang away on our own test systems  
with very low risk. While you can do lightweight bio research at home  
now (check out the Make issue on home DNA), working on the big issues  
requires a lot more overhead. Sure, any one of us can run a gel assay  
at home, but real DNA sequencing or cellular research isn't the kind  
of thing the average person can do in their basement (yet). So yes,  
part of it is the challenge of learning new skills and tools, but the  
other part is that you can't just hack into biology like you can tech.

But JS is onto one area where we might be able to contribute without  
having to go back to school and relearn O-chem. The medical field is  
relying more and more on bioinformatics and other tech that's within  
our domain. Partnering with some medical researchers is one way to  
contribute. It's a bit of a different mindset, when you're dealing  
with living things you definitely have to be more methodical than  
most of us probably are with our code.

It moves way slower, but can be seriously cool. Even as an undergrad  
I got to be the first person (with my lab partner) to DNA sequence a  
particular strain of yeast. Sounds corny, but was weirdly satisfying.  
Didn't make a good beer though...

On Sep 21, 2007, at 12:14 PM, J.M. Seitz wrote:

> Kristian,
>
>> If we consider ourselves decent "hackers", why don't we put
>> our efforts toward helping cure this and other diseases
>> rather than some very simple programming vulnerability?  Is
>> it because then we would have to reinvent a whole new slew of
>> tools and re-orient/re-educate ourselves to be successful?
>
> This is something I have pondered often, my mother was diagnosed with
> Alzheimers last year at the age of 54, which is extremely young to  
> have the
> onset of dementia, she faces 20+ years of slowly losing portions of  
> her
> brain while maintaining a perfectly healthy body. As I worked my  
> way through
> vuln-dev, fuzzing, RE'ing, etc. and I read some of the brilliant  
> papers from
> infosec thought leaders, it occurred to me that it would be  
> interesting to
> gather a group of them together and hack Alzheimers. There are lots of
> correlating things we could all do much the same way: learn some  
> physiology
> (OS internals, x86 assembly), determine how high-level systems  
> interact with
> the low level systems (data flow analysis, run tracing,  
> debugging),find the
> genetic or physiological weakspots (exploit development) and  
> determine a
> means of detection, prevention (developer education, NX bit,binary
> patching).
>
> The unfortunate thing about Alzheimer's is that there is no way to  
> even
> properly diagnose it until post-mortem (crash dump?) and no drugs are
> covered by any health plans, as they don't even know if the drugs  
> have any
> effect on it.
>
> But, we do what we can and what we enjoy, it's what helps us all to
> sometimes escape the harsh reality of the unchangeable things in  
> the real
> world. Maybe Damian could port ImmunityDebugger to work with a GE MRI
> machine? I will ask him.....
>
> JS
> jms at bughunter.ca
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

More information about the Dailydave mailing list