Blog

Tag Archives: cybersecurity

Nginx buffer overflow
Pascal Cuoq on 18 March 2014

A buffer overflow has been discovered in recent versions of the HTTP server Nginx. Hacker News user jmnicolas pondered out loud: “I wonder if this discovery is a result of OpenBSD switching its focus from Apache to Nginx?” It took me one minute to understand what ey meant. I was...

Read More

An interesting SSL implementation bug: CVE-2013-5914
Pascal Cuoq on 23 February 2014

SSL in the news SSL is a protocol for point-to-point confidential and authenticated communication over an insecure medium. It is the protocol behind HTTPS, among many other uses. In an Internet-connected system, the SSL implementation stands at the frontier between the system and the hostile outside world. For this reason,...

Read More

Bear-joke security is dead
Pascal Cuoq on 24 January 2014

Likely, you have heard this one before: Two campers are surprised by an angry bear. One of them starts putting on eir running shoes. Surprised the other exclaims “What are you doing Alex? You can't outrun a bear!” To which Alex replies: “I don't have to outrun the bear. I...

Read More

Bruce Dawson on compiler bugs
Pascal Cuoq on 21 October 2013

Bruce Dawson has written a superb blog post on a Visual C++ compiler bug (now fixed) covering every aspect an essay on compiler bugs should cover. I really like one section that I am going to quote in full: Security In these paranoid days of the NSA subverting every computer...

Read More

The case for formal verification of existing software
Pascal Cuoq on 2 September 2013

Perry E. Metzger takes a look at formal verification [removed dead link]. This is good stuff; there is a lot to agree with here. However agreeing with Perry's post alone would not make a very interesting counterpoint. If agreeing was the only thing I intended to do I might even...

Read More