LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

[Posted August 17, 2011 by jake]

Turns out we have a large index of the web, so we cranked through 20 terabytes of SWF file downloads followed by 1 week of run time on 2,000 CPU cores to calculate the minimal set of about 20,000 files. Finally, those same 2,000 cores plus 3 more weeks of runtime were put to good work mutating the files in the minimal set (bitflipping, etc.) and generating crash cases. These crash cases included an interesting range of vulnerability categories, including buffer overflows, integer overflows, use-after-frees and object type confusions.
-- Google security team on fuzzing Flash at "Google scale"

Is losing your genomic privacy an excessive price to pay for surviving cancer and evading plagues?

Is compromising your sensory privacy through lifelogging a reasonable price to pay for preventing malicious impersonation and apprehending criminals?

Is letting your insurance company know exactly how you steer and hit the gas and brake pedals, and where you drive, an acceptable price to pay for cheaper insurance?

-- Charlie Stross's USENIX 2011 keynote: Network Security in the Medium Term, 2061-2561 AD
(Log in to post comments)

Security quotes of the week

Posted Aug 18, 2011 2:03 UTC (Thu) by Baylink (subscriber, #755) [Link]

> Fixing so many issues in such a short time frame shows a real commitment to security from Adobe, for which we are grateful.

Well, it proves that Adobe isn't suicidal, at least.

Security quotes of the week

Posted Aug 18, 2011 4:15 UTC (Thu) by foom (subscriber, #14868) [Link]

The comments on the Google blog post are quite silly.
"This is completely unfair competition and unfair practices vis-a-vis other security researchers (or fuzzer enthus).
[...]
You guyz killed couple of my bugs.
"

Security quotes of the week

Posted Aug 18, 2011 11:59 UTC (Thu) by dw (subscriber, #12017) [Link]

Just for perspective, the compute time alone would be worth around $1m if run on EC2, not accounting storage, or getting hold of the index in the first place (I believe there are companies around that crawl and sell such things, or at least there used to be).

Alternatively a relatively small bot net might also do the trick.

Security quotes of the week

Posted Aug 22, 2011 13:50 UTC (Mon) by ortalo (subscriber, #4654) [Link]

Hmmm. Do you pervasively suggest that:
a) EC2 prices are too high;
b) security is invaluable;
c) Google's pile of cash is really neat;
d) Amazon's strategic plan had better involve botnets?

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds