Reviews and Comments

Curious to see how model fine-tuning works as well as see about detection accuracy for tuned LLMs.

Suggested by @khae to read.

This paper (and the associated code/service: timevault.drand.love/) may be one of the most/only valuable contributions to come from the entire web3 ecosystem. The ability to commit to a future decryption time is a powerful primitive, such as in auctions, coordinated disclosure, and other "dead man's switch" scenarios.

I look forward to this work being critiqued and built-upon for a whole host of interesting offerings.

Found this posted by @ct_bergstrom@fediscience.org as the "best paper I've read this year", which is a strong endorsement.

While an interesting modeling exercise, and certainly something to be worried about if you own or rely on a GEO satellite, the hostile takeover of an entire LEO constellation would be incredibly impactful beyond temporary jamming of a GEO bird.

This paper predictably finds a lack of authentication and cryptographic protections in a legacy RF protocol that is designed to work around the world for life-saving signals. While they determine is it possible to spoof a signal in a lab environment, and call for improved authentication, etc. they fail to include the international legal framework surrounding these signals, and the fact that in a safety-critical environment, a signal discarded due to lack of nonce freshness is more risky than allowing bad actors with drones to send illegal signals.

A good reminder that edge cases in state machines can have severe security implications, even if the crypto itself is done well.

Great talk on a timely topic. Other applications of this work could have significant benefits across numerous fields, including pharmaceutical research, repeatable science, etc.

This paper explored the weaknesses and risks associated with modern exception handlers (across all major OS and architectures) in unwinding attacker-controlled state. The most powerful example is a bypass of stack canaries where a function throws an exception after the overflow but before the function return; the exception handler would eventually execute attacker-controlled memory.

There is an attempt to quantify the overall impact of this mitigation bypass by looking at the Debian repos for code that uses exception handlers, but it is quite context sensitive. The paper concludes with three CVEs that would be exploitable with current mitigations (stack canaries, etc.) using the new technique.

Nice applied research on automatically searching for privesc weaknesses in signed Windows driver binaries. While they found a lot of initial drivers to test, the corpus was slimmed down by the sources and sinks they used to search for. Still managed to find a few dozen new vulnerabilities.

This paper was featured on Ars, basically a Sims RPG with 25 LLM-based agents all doing whatever they wanted. Would be interested in seeing the results!

If @casey recommends it, it's going to be worth a read.

This book got me interested in what expressive types can do for software development, maintenance, etc. While I never built anything real with Idris, I did love the programming approach versus that of Coq; I was able to express some type declarations that not only enforced a semantic correctness property, but also a worst-case runtime for the implementation.

I hope to see languages like Idris become more real-world useful, and more popular languages improve the expressiveness of their type systems.

This talk covers such an important concept of market forces and complexity and the resulting security externalities. It does so in a clean manner that can be widely understood. It reminds me of a [paraphrased] quote of Mike Walker, "that software tells the CPU what it cannot do".

It is both an explanation for the current state of affairs, and a call to arms to improve and look for simplicity and concise definitions of the needed functionality. As a proponent of LangSec, I heartily agree!

This is required reading for every new Thinkst employee, and it was a treat to be exposed to it. It helps contextualize the process of getting stuff done, and how easy it is to build processes and offramps to not focusing on what is important.

Coming back to it periodically when I've had a bit of a lull in my own research helps to revive my interest in exploring and learning new things through research.