Blog

Tag Archives: cybersecurity

Cyberhackathon - Frama-C + Binsec - 28/04/23
André Maroneze on 27 March 2023

(This is an announcement for an event near Paris; first follows the French version, then an English version.) Si vous êtes près de Paris, venez au Cyber-hackathon Frama-C + Binsec, le 28/04 de 9h à 17h, au CEA List, dans le campus Paris-Saclay (Nano-Innov, 2 bd Thomas Gobert, 91120 Palaiseau)...

Read More

Nginx buffer overflow
Pascal Cuoq on 18 March 2014

A buffer overflow has been discovered in recent versions of the HTTP server Nginx. Hacker News user jmnicolas pondered out loud: “I wonder if this discovery is a result of OpenBSD switching its focus from Apache to Nginx?” It took me one minute to understand what ey meant. I was...

Read More

An interesting SSL implementation bug: CVE-2013-5914
Pascal Cuoq on 23 February 2014

SSL in the news SSL is a protocol for point-to-point confidential and authenticated communication over an insecure medium. It is the protocol behind HTTPS, among many other uses. In an Internet-connected system, the SSL implementation stands at the frontier between the system and the hostile outside world. For this reason,...

Read More

Bear-joke security is dead
Pascal Cuoq on 24 January 2014

Likely, you have heard this one before: Two campers are surprised by an angry bear. One of them starts putting on eir running shoes. Surprised the other exclaims “What are you doing Alex? You can't outrun a bear!” To which Alex replies: “I don't have to outrun the bear. I...

Read More

Bruce Dawson on compiler bugs
Pascal Cuoq on 21 October 2013

Bruce Dawson has written a superb blog post on a Visual C++ compiler bug (now fixed) covering every aspect an essay on compiler bugs should cover. I really like one section that I am going to quote in full: Security In these paranoid days of the NSA subverting every computer...

Read More