Dailydave mailing list archives
Re: Hacking software is lame -- try medical research...
From: Philippe Langlois <philippelanglois () free fr>
Date: Sat, 22 Sep 2007 00:54:39 +0200
Rich, You put your finger on one area that actually we deal with everyday in the security domain (with the DMCA in the US, DADvSI in France, Stasi 2.0 in Germany, NDA to access some proprietary data or APIs, having worked for DoD or classified contractors and not being able to mention word X and project Y, etc...) I call that "fluidity", and it is affected by many influences: laws, costs, people or organization in dominant position. Think about full disclosure vs. the old 1980-ish way to handle vulns, that was one fluidity war. I'm sure we'll see huge improvement in fluidity of tech in the bio domain, but some hurdle will have to be overcome (is _that_ english? uh... i hope :). Already you can send samples to some companies and get the DNA sequencing online from their server within days etc... So that's a big plus in favor of fluidity. Now there is the patent problem in bio (luckily we have yet avoided software patents in europe). Wired ran an article years ago about "bio hackers" engineering bees in their basement IIRC, etc... We'll see certainly some bio-hackers doing fun stuff. I guess the first hacks will have also economical impacts and that the blob will try to have it both ways (cf. "Mediated" by Thomas de Zengotita, in my opinion this guy is the result of Chomsky and McLuhan cross-breed, excellent). It's definitely going to be an interesting thing to witness. As far as the hacking connection, it might come from the FabLab (I classify FabLab definitely as hacker type project) (cf. Neil Gershenfeld, http://fab.cba.mit.edu/ and http://www.reprap.org/ ). FabLab is one instance of the "virtual to IRL" movement that is exemplified by Make: Magazine, hackers spaces, we-make-money-not-art blog, etc... FabLabs brought computing, networking and physical hacking together. Soon there will be a need to bring in biology in the mix. And we'll see really interesting things. Develop the tools and the infrastructure that bring fluidity to the field, the hacks will follow, naturally. Best, Philippe. On 21 Sep 2007, at 23:12, Rich Mogull wrote:
A big part of the problem is overhead and test environments, but this might change (at least to some degree) in our lifetime. Part of my degree is in molecular biology (undergrad only) and it's a truly amazing and fascinating field. The problem is, the equipment to do any serious research is costly and difficult to obtain, never mind dangerous when working with humans. One nice thing about hacking/ security research is we can just bang away on our own test systems with very low risk. While you can do lightweight bio research at home now (check out the Make issue on home DNA), working on the big issues requires a lot more overhead. Sure, any one of us can run a gel assay at home, but real DNA sequencing or cellular research isn't the kind of thing the average person can do in their basement (yet). So yes, part of it is the challenge of learning new skills and tools, but the other part is that you can't just hack into biology like you can tech. But JS is onto one area where we might be able to contribute without having to go back to school and relearn O-chem. The medical field is relying more and more on bioinformatics and other tech that's within our domain. Partnering with some medical researchers is one way to contribute. It's a bit of a different mindset, when you're dealing with living things you definitely have to be more methodical than most of us probably are with our code. It moves way slower, but can be seriously cool. Even as an undergrad I got to be the first person (with my lab partner) to DNA sequence a particular strain of yeast. Sounds corny, but was weirdly satisfying. Didn't make a good beer though... On Sep 21, 2007, at 12:14 PM, J.M. Seitz wrote:Kristian,If we consider ourselves decent "hackers", why don't we put our efforts toward helping cure this and other diseases rather than some very simple programming vulnerability? Is it because then we would have to reinvent a whole new slew of tools and re-orient/re-educate ourselves to be successful?This is something I have pondered often, my mother was diagnosed with Alzheimers last year at the age of 54, which is extremely young to have the onset of dementia, she faces 20+ years of slowly losing portions of her brain while maintaining a perfectly healthy body. As I worked my way through vuln-dev, fuzzing, RE'ing, etc. and I read some of the brilliant papers from infosec thought leaders, it occurred to me that it would be interesting to gather a group of them together and hack Alzheimers. There are lots of correlating things we could all do much the same way: learn some physiology (OS internals, x86 assembly), determine how high-level systems interact with the low level systems (data flow analysis, run tracing, debugging),find the genetic or physiological weakspots (exploit development) and determine a means of detection, prevention (developer education, NX bit,binary patching). The unfortunate thing about Alzheimer's is that there is no way to even properly diagnose it until post-mortem (crash dump?) and no drugs are covered by any health plans, as they don't even know if the drugs have any effect on it. But, we do what we can and what we enjoy, it's what helps us all to sometimes escape the harsh reality of the unchangeable things in the real world. Maybe Damian could port ImmunityDebugger to work with a GE MRI machine? I will ask him..... JS jms () bughunter ca _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Hacking software is lame -- try medical research... Kristian Erik Hermansen (Sep 21)
- Re: Hacking software is lame -- try medical research... M. Shirk (Sep 21)
- Re: Hacking software is lame -- try medical research... J.M. Seitz (Sep 21)
- Re: Hacking software is lame -- try medical research... Rich Mogull (Sep 21)
- Re: Hacking software is lame -- try medical research... Philippe Langlois (Sep 21)
- Re: Hacking software is lame -- try medical research... dan (Sep 22)
- Re: Hacking software is lame -- try medical research... Dave Aitel (Sep 21)
- Re: Hacking software is lame -- try medical research... Rich Mogull (Sep 21)
- Message not available
- Re: Hacking software is lame -- try medical research... Kristian Erik Hermansen (Sep 21)