Tag Archives: link

Nginx buffer overflow
Pascal Cuoq on 18 March 2014

A buffer overflow has been discovered in recent versions of the HTTP server Nginx. Hacker News user jmnicolas pondered out loud: “I wonder if this discovery is a result of OpenBSD switching its focus from Apache to Nginx?” It took me one minute to understand what ey meant. I was...

Read More

Pascal Cuoq on 4 February 2014

Jesse Ruderman on assertions and fuzzing Jesse Ruderman has published a blog post on assertions and how they complement fuzzing. Key quote: “Fuzzers make things go wrong. Assertions make sure we find out.” Readers of this blog are accustomed to me talking about differential testing where a reference result (say...

Read More

Bear-joke security is dead
Pascal Cuoq on 24 January 2014

Likely, you have heard this one before: Two campers are surprised by an angry bear. One of them starts putting on eir running shoes. Surprised the other exclaims “What are you doing Alex? You can't outrun a bear!” To which Alex replies: “I don't have to outrun the bear. I...

Read More

Bruce Dawson on compiler bugs
Pascal Cuoq on 21 October 2013

Bruce Dawson has written a superb blog post on a Visual C++ compiler bug (now fixed) covering every aspect an essay on compiler bugs should cover. I really like one section that I am going to quote in full: Security In these paranoid days of the NSA subverting every computer...

Read More

The case for formal verification of existing software
Pascal Cuoq on 2 September 2013

Perry E. Metzger takes a look at formal verification [removed dead link]. This is good stuff; there is a lot to agree with here. However agreeing with Perry's post alone would not make a very interesting counterpoint. If agreeing was the only thing I intended to do I might even...

Read More