Compilers are caught in a tug-of-war between increasingly exotic architectures and instruction set extensions on one hand, and our desire for advanced progra...
Intrinsic Propensity for Vulnerability in Computers? Arbitrary...
The universal Turing machine is generally considered to be the simplest, most abstract model of a computer. This paper reports on the discovery of an accidental arbitrary code execution...
In \cite{entombed}, John Aycock and Tara Copplestone pose an open question, namely the explanation of the mysterious lookup table used in the Entombed Game's Algorithm for two dimensional maze...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general at...
The Committee says these things do not exist. The Committee says these things are invisible, not our business, and not something we can or should talk about....
Someone Just Stole $50 Million from the Biggest Crowdfunded Project Ever. (Humans Can't Be Trusted)
The code behind the biggest crowdfunded project ever was supposed to eliminate the need to trust humans. But humans are tough to take out of the equation.
When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem
Xerox scanners/photocopiers randomly alter numbers in scanned documents
Xerox scanners/photocopiers randomly alter numbers in scanned documents Please see the “condensed time line” section (the next one) for a time line of how the Xerox saga unfolded. It for example depicts that I did not push the thing to the public right away, but gave Xerox a lot of time before I did so.
Late last year I released posuto, a package presenting Japanese postal code data in an easy-to-use format. It's based on data released by Japan Post, which is infamous for being widely used but hard to parse.