This link opens in a pop-up window
External vendors develop a significant percentage of Windows kernel drivers, and Microsoft relies on these …
Nice applied research on automatically searching for privesc weaknesses in signed Windows driver binaries. While they found a lot of initial drivers to test, the corpus was slimmed down by the sources and sinks they used to search for. Still managed to find a few dozen new vulnerabilities.
Believable proxies of human behavior can empower interactive applications ranging from immersive environments to rehearsal …
This paper was featured on Ars, basically a Sims RPG with 25 LLM-based agents all doing whatever they wanted. Would be interested in seeing the results!
"The true story of how an unlikely leader helped inspire a team of rocket scientists …
If @casey recommends it, it's going to be worth a read.
This book got me interested in what expressive types can do for software development, maintenance, etc. While I never built anything real with Idris, I did love the programming approach versus that of Coq; I was able to express some type declarations that not only enforced a semantic correctness property, but also a worst-case runtime for the implementation.
I hope to see languages like Idris become more real-world useful, and more popular languages improve the expressiveness of their type systems.
The anomaly of cheap complexity. For most of human history, a more complex device was …
This talk covers such an important concept of market forces and complexity and the resulting security externalities. It does so in a clean manner that can be widely understood. It reminds me of a [paraphrased] quote of Mike Walker, "that software tells the CPU what it cannot do".
It is both an explanation for the current state of affairs, and a call to arms to improve and look for simplicity and concise definitions of the needed functionality. As a proponent of LangSec, I heartily agree!
At a seminar in the Bell Communications Research Colloquia Series, Dr. Richard W. Hamming, a …
This is required reading for every new Thinkst employee, and it was a treat to be exposed to it. It helps contextualize the process of getting stuff done, and how easy it is to build processes and offramps to not focusing on what is important.
Coming back to it periodically when I've had a bit of a lull in my own research helps to revive my interest in exploring and learning new things through research.
Jacob T.
boosted
Created in part to serve a pedagogical need, I have undertaken a project to create a decently typeset version of …
I've been enjoying Nim a lot, but finding gaps in my understanding/knowledge, hopefully this will smooth those out so I can target a larger scale project without constant Googling.
A video identification attack is a tangible privacy threat that can reveal videos that victims …
[Included in ThinkstScapes]
This paper explored using ML techniques to identify LTE devices streaming specific content via their bandwidth fingerprint. The authors identify that video streaming encodes a specific duration of video into a data-chunk, so each video has a unique sequence of transmitted chunk sizes, allowing for fingerprinting a media sample, and then classifying an encrypted network stream to determine if it is that video.
The experiment ran both open and closed world, and showed high accuracy, even with other device processes using data, and with other channel usage to increase channel capacity. In short, they were able to [with high confidence] determine what video every LTE device was watching in a cell (assuming it was seen prior).
