Mudge

Today is the anniversary of the testimony I and other members of the l0pht gave to the US Senate in 1998. It was the first time the US Govt. publicly referenced “hackers” in a positive context. The coverage was national and even international. Come behind the scenes. /Thread

Dr. Morris (he doesn’t like being called Jr. he and his father have different names) was doing well the last I heard. I believe he’s still a professor at a very prestigious academic institution. He was going to be great no matter what field he chose (the security field was basically closed off by a particular professor at the time who made a big fuss and lobbied to have the book thrown at him). Fortunately there were good people like Steve Bellovin and others who went to bat for him and fought the zealot.

@dotMudge PoC|GTFO! you still are the OG :) What ever happened to Morris Jr? He would have field day in today's cyber security world.

Aleph took it much further and made it much more accessible. I’m proud to have contributed in even the slightest way.

@herrmann1001 If I recall the worm targeted two architectures, each running their own Unix builds. The exploit for the Vax CPU did not work due to the way the stack grows on that architecture. Later, someone modified the exploit to get it working on both architectures - nothing like PoCs!

@dotMudge I heard a rumor that the morris worm used buffer overflow in fingerd, and that his father was well aware of that vector...

@dyn___ @IceSolst The feds are not your friends. You are not theirs. Find the part of the Venn diagram that positively overlaps. Work within that part to solve problems. If sensitivities change over time, fine. If they stay the same, it’s still good. Win/win. EOL

@IceSolst But should we try to help them understand, or try to understand them? Yes it helps everyone. Just look at DARPA and AIxCC or just ask @dotMudge ...

What do you think of this?

In case you missed our stickers at Defcon this year, here they are. The Last Supper featuring @L0pht, @dotMudge, @WeldPond, @joegrand, @spacerog. Also fuck cancer.

@r00t0wns @L0pht @WeldPond @joegrand @spacerog You are too kind ❤️ As a fighter myself, the rm -rf cancer — rocks!

@_vrzh Leave the sweet stuff to somebody else…

@dotMudge Zappa inspired me to become the dental floss tycoon that I am today.

Taking a moment for a PSA: I still get occasional random messages saying I made a difference, or otherwise encouraged someone at some point. Those messages mean a lot. If someone’s contributions meant something to you along your journey drop them a note. It’s a small thing with big impact. Thanks for the artwork Eddie the Y3t1!

@cantcomputer Sure is. He had a multi-domain impact on my life. So I did what my PSA espouses - a long time ago.

@dotMudge you sure thats not Frank Zappa 😂

Dino Dai Zovi @dinodaizovi is induced in the @SummerC0n Hall Of Fame alongside @dotMudge @nudehaberdasher and @heidishmoo. Congratulations Dino for an amazing security impact across industry and government. Well deserved!

@cisonaut Yes - not the purpose of the post. Just cool 😉

@dotMudge Tough to tell distance- any estimate on how large these were, or the formation itself?

(Withheld for a several months) Photo (and lots of video) of drone swarms in the DC/Northern VA area Stationary dense swarm cluster with a linear set of larger drones Spotted during morning walk (~0600) to a Govt. Facility in the DC/VA area.

Btw - For many of the DM’s I have received… Not worried or concerned about the formation or size (or surprising location) for several reasons. Lot’s of us are facing problems. Please do not take this as one to add. Thought it was cool and figured others would enjoy :)

@jhietaniemi @j08ny Fantastic stuff, thank you. Already familiar with that work and I’m asking for citations to measurements on the original post. The origin research showing more than [3,4] data points. Thanks

@j08ny @dotMudge karlrupp.net/2015/06/40-yea…

Do folks know of more recent papers or data? Extra points for data highlighting improvement via component density v optimizations Tnx

@MikePFrank Those are great infographics, but would be much more useful for my work if you could cite the existing data sources (and frequency of samples) for your forecasts. I imagine you have them. Would you point me to them please? It would be very helpful :)

@dotMudge And, here's a forward-looking chart I made based on the 2022 International Roadmap for Devices & Systems:

Zero Knowledge Proofs are fascinating. There’s now a SafeDocs PDF reader driven by Formal Methods from DARPA (disclaimer: I work for DARPA): pdfa.org/resource/arlin… Think about the combination of ZKP and attainable formal methods in software 😃

I bet if everyone pings the author, he might get some of the cDc folk to sign a copy. Possibly with parts of any profit going to a worthy charity. ;) Note: I have zero financial interest, don’t really care for how he presents me, but I respect him as a journalist.

@delciogomes @cDc_Pulpit Silence on the Wire - by @lcamtuf