[ale] How to hack a bank
JK
jknapka at kneuro.net
Wed Apr 28 16:56:03 EDT 2010
On 4/28/2010 12:47 PM, Michael Trausch wrote:
> Yet another reason to use the one truly secure format for information
> interchange: plain text.
>
> Seriously, I don't understand why every non-trivial document format in
> existence has to present a wide attack surface that can be relatively
> easily used to enhance the vulnerability of any particular system or
> network. Just once, I'd like to see something as widely adopted as PDF,
> but without the sort of nasty teeth that PDF, MS Word, ODT, etc., bring
> with them.
Anything that needs an interpreter of any complexity is going to be
vulnerable, and arguably anything that does non-trivial document
formatting is in that category. As a wise man (Knuth? Norvig? McCarthy?)
once said, "All data is code".
We need to learn how to create truly reliable software. I think
functional programming and automatic verification are going to be key,
but those technologies are barely on anyone's real-world radar these
days.
Anyway, speaking of Knuth, there's always TeX. Closest thing we've
got to a bug-free document formatting system. So close that I don't
believe anyone's collected more than $327.68 in bug fees yet. That
guy puts his money where his mouth is: http://en.wikipedia.org/wiki/TeX
As for "widely adopted"... I actually got my girlfriend in grad
school -- an English major, believe it or not -- to start using LaTeX,
but I don't know if she stuck with it. And I mostly use plain text
these days, unless my employer forces me to use Word.
-- JK
--
Forget Jesus: stars died so that you could be here today.
- physicist Lawrence Krauss
More information about the Ale
mailing list