[Dailydave] Hacking software is lame -- try medical research...

Dave Aitel dave.aitel at gmail.com
Fri Sep 21 22:31:30 EDT 2007 

I've always thought the the point of writing exploits is not to save the
world but to create something beautiful. A good exploit does more than just
break into machines. It expands the human imagination by doing the
impossible.

-dave

Rube: Want a "som"?
George: What's a Som?
Rube: It's what I call a confection made from graham cracker and chocolate,
lightly toasted over an open fire. We're out of marshmellows.
George: Som?
Rube: It's better than nothing.

Dave Marcus and I did a podcast thing today where we talked about exploits a
bit - next time he promised it would be a show entirely about food history.
Maybe we'll dig into S'More's a bit.

On 9/21/07, Rich Mogull <rmogull-dd at securosis.com > wrote:
>
> A big part of the problem is overhead and test environments, but this
> might change (at least to some degree) in our lifetime. Part of my
> degree is in molecular biology (undergrad only) and it's a truly
> amazing and fascinating field. The problem is, the equipment to do
> any serious research is costly and difficult to obtain, never mind
> dangerous when working with humans. One nice thing about hacking/
> security research is we can just bang away on our own test systems
> with very low risk. While you can do lightweight bio research at home
> now (check out the Make issue on home DNA), working on the big issues
> requires a lot more overhead. Sure, any one of us can run a gel assay
> at home, but real DNA sequencing or cellular research isn't the kind
> of thing the average person can do in their basement (yet). So yes,
> part of it is the challenge of learning new skills and tools, but the
> other part is that you can't just hack into biology like you can tech.
>
> But JS is onto one area where we might be able to contribute without
> having to go back to school and relearn O-chem. The medical field is
> relying more and more on bioinformatics and other tech that's within
> our domain. Partnering with some medical researchers is one way to
> contribute. It's a bit of a different mindset, when you're dealing
> with living things you definitely have to be more methodical than
> most of us probably are with our code.
>
> It moves way slower, but can be seriously cool. Even as an undergrad
> I got to be the first person (with my lab partner) to DNA sequence a
> particular strain of yeast. Sounds corny, but was weirdly satisfying.
> Didn't make a good beer though...
>
> On Sep 21, 2007, at 12:14 PM, J.M. Seitz wrote:
>
> > Kristian,
> >
> >> If we consider ourselves decent "hackers", why don't we put
> >> our efforts toward helping cure this and other diseases
> >> rather than some very simple programming vulnerability?  Is
> >> it because then we would have to reinvent a whole new slew of
> >> tools and re-orient/re-educate ourselves to be successful?
> >
> > This is something I have pondered often, my mother was diagnosed with
> > Alzheimers last year at the age of 54, which is extremely young to
> > have the
> > onset of dementia, she faces 20+ years of slowly losing portions of
> > her
> > brain while maintaining a perfectly healthy body. As I worked my
> > way through
> > vuln-dev, fuzzing, RE'ing, etc. and I read some of the brilliant
> > papers from
> > infosec thought leaders, it occurred to me that it would be
> > interesting to
> > gather a group of them together and hack Alzheimers. There are lots of
> > correlating things we could all do much the same way: learn some
> > physiology
> > (OS internals, x86 assembly), determine how high-level systems
> > interact with
> > the low level systems (data flow analysis, run tracing,
> > debugging),find the
> > genetic or physiological weakspots (exploit development) and
> > determine a
> > means of detection, prevention (developer education, NX bit,binary
> > patching).
> >
> > The unfortunate thing about Alzheimer's is that there is no way to
> > even
> > properly diagnose it until post-mortem (crash dump?) and no drugs are
> > covered by any health plans, as they don't even know if the drugs
> > have any
> > effect on it.
> >
> > But, we do what we can and what we enjoy, it's what helps us all to
> > sometimes escape the harsh reality of the unchangeable things in
> > the real
> > world. Maybe Damian could port ImmunityDebugger to work with a GE MRI
> > machine? I will ask him.....
> >
> > JS
> > jms at bughunter.ca
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunitysec.com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20070921/dc92ded0/attachment-0001.htm

More information about the Dailydave mailing list