Re: Hacking software is lame -- try medical research...

[Philippe Langlois <philippelanglois () free fr>]

Rich,

You put your finger on one area that actually we deal with everyday  
in the security domain (with the DMCA in the US, DADvSI in France,  
Stasi 2.0 in Germany, NDA to access some proprietary data or APIs,  
having worked for DoD or classified contractors and not being able to  
mention word X and project Y, etc...)

I call that "fluidity", and it is affected by many influences: laws,  
costs, people or organization in dominant position. Think about full  
disclosure vs. the old 1980-ish way to handle vulns, that was one  
fluidity war.

I'm sure we'll see huge improvement in fluidity of tech in the bio  
domain, but some hurdle will have to be overcome (is _that_ english?  
uh... i hope :). Already you can send samples to some companies and  
get the DNA sequencing online from their server within days etc... So  
that's a big plus in favor of fluidity. Now there is the patent  
problem in bio (luckily we have yet avoided software patents in  
europe). Wired ran an article years ago about "bio hackers"  
engineering bees in their basement IIRC, etc... We'll see certainly  
some bio-hackers doing fun stuff.

I guess the first hacks will have also economical impacts and that  
the blob will try to have it both ways (cf. "Mediated" by Thomas de  
Zengotita, in my opinion this guy is the result of Chomsky and  
McLuhan cross-breed, excellent). It's definitely going to be an  
interesting thing to witness.

As far as the hacking connection, it might come from the FabLab (I  
classify FabLab definitely as hacker type project) (cf. Neil  
Gershenfeld, http://fab.cba.mit.edu/ and http://www.reprap.org/ ).  
FabLab is one instance of the "virtual to IRL" movement that is  
exemplified by Make: Magazine, hackers spaces, we-make-money-not-art  
blog, etc... FabLabs brought computing, networking and physical  
hacking together. Soon there will be a need to bring in biology in  
the mix. And we'll see really interesting things.

Develop the tools and the infrastructure that bring fluidity to the  
field, the hacks will follow, naturally.

Best,
Philippe.


On 21 Sep 2007, at 23:12, Rich Mogull wrote:

> A big part of the problem is overhead and test environments, but this
> might change (at least to some degree) in our lifetime. Part of my
> degree is in molecular biology (undergrad only) and it's a truly
> amazing and fascinating field. The problem is, the equipment to do
> any serious research is costly and difficult to obtain, never mind
> dangerous when working with humans. One nice thing about hacking/
> security research is we can just bang away on our own test systems
> with very low risk. While you can do lightweight bio research at home
> now (check out the Make issue on home DNA), working on the big issues
> requires a lot more overhead. Sure, any one of us can run a gel assay
> at home, but real DNA sequencing or cellular research isn't the kind
> of thing the average person can do in their basement (yet). So yes,
> part of it is the challenge of learning new skills and tools, but the
> other part is that you can't just hack into biology like you can tech.
>
> But JS is onto one area where we might be able to contribute without
> having to go back to school and relearn O-chem. The medical field is
> relying more and more on bioinformatics and other tech that's within
> our domain. Partnering with some medical researchers is one way to
> contribute. It's a bit of a different mindset, when you're dealing
> with living things you definitely have to be more methodical than
> most of us probably are with our code.
>
> It moves way slower, but can be seriously cool. Even as an undergrad
> I got to be the first person (with my lab partner) to DNA sequence a
> particular strain of yeast. Sounds corny, but was weirdly satisfying.
> Didn't make a good beer though...
>
> On Sep 21, 2007, at 12:14 PM, J.M. Seitz wrote:
>
> > Kristian,
> >
> > > If we consider ourselves decent "hackers", why don't we put
> > > our efforts toward helping cure this and other diseases
> > > rather than some very simple programming vulnerability?  Is
> > > it because then we would have to reinvent a whole new slew of
> > > tools and re-orient/re-educate ourselves to be successful?
> >
> > This is something I have pondered often, my mother was diagnosed with
> > Alzheimers last year at the age of 54, which is extremely young to
> > have the
> > onset of dementia, she faces 20+ years of slowly losing portions of
> > her
> > brain while maintaining a perfectly healthy body. As I worked my
> > way through
> > vuln-dev, fuzzing, RE'ing, etc. and I read some of the brilliant
> > papers from
> > infosec thought leaders, it occurred to me that it would be
> > interesting to
> > gather a group of them together and hack Alzheimers. There are  
> > lots of
> > correlating things we could all do much the same way: learn some
> > physiology
> > (OS internals, x86 assembly), determine how high-level systems
> > interact with
> > the low level systems (data flow analysis, run tracing,
> > debugging),find the
> > genetic or physiological weakspots (exploit development) and
> > determine a
> > means of detection, prevention (developer education, NX bit,binary
> > patching).
> >
> > The unfortunate thing about Alzheimer's is that there is no way to
> > even
> > properly diagnose it until post-mortem (crash dump?) and no drugs are
> > covered by any health plans, as they don't even know if the drugs
> > have any
> > effect on it.
> >
> > But, we do what we can and what we enjoy, it's what helps us all to
> > sometimes escape the harsh reality of the unchangeable things in
> > the real
> > world. Maybe Damian could port ImmunityDebugger to work with a GE MRI
> > machine? I will ask him.....
> >
> > JS
> > jms () bughunter ca
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunitysec com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave