Turing, languages and basilisks
Thu, 2011-12-29 08:13
A very nice keynote from the Chaos Computing Conference about why too complex protocols are a bad idea security wise:
http://boingboing.net/2011/12/28/linguistics-turing-completene.html
And they are hiding not just online, but inside your operating system and memory manager.
Feels very appropriate for EP. Yesterday's session had some major combat hacking (mass forking exhuman hackers in your morph processors, oh dear...) and this talk suggests a major vulnerability: egos doing perception are parsing messages from the environment, and hence big security risks - not just basilisk hacks, but maybe even ordinary hacks too:
"Don't look at that wall! There is a barcode pattern there that causes the combat optimizations of the visual processing in your Reaper to crash. Oh, and my voice acts as a carrier wave for a phonetic version of that hack. Too bad you couldn't avoid paying attention to my warning, or patched your 0E1C868632A066670633..."
__________________
Thu, 2011-12-29 21:52
#2
Re: Turing, languages and basilisks
"Don't look at that wall! There is a barcode pattern there that causes the combat optimizations of the visual processing in your Reaper to crash. Oh, and my voice acts as a carrier wave for a phonetic version of that hack. Too bad you couldn't avoid paying attention to my warning, or patched your 0E1C868632A066670633..."
It reminds me of the old png tricks that utilized executables hidden in footer or header data to run hacks. I can see it being possible, but only if the person is running the right software. Simply putting a barcode up isn't going to do anything unless they are running some barcode-reading software with the right flaw or error (of course, that might be common in a hab that uses 2d or 3d barcodes for signs and public information). Turning it off would shut off that opening.
I could see some other interesting glitches coming up, especially with regards to AI and always-running automated software:
- Hackers could create a dilemma which is specifically designed to be unsolvable by a specific AI's logic code (a maze or riddle designed to create a recursive loop in its software, for example).
- Hackers might get access to maintenance codes designed for preventing the use of specific software or hardware on employees of the hypercorp that made them ("Of course your Reaper crashed. It just received a Direct Action stand-down code.").
- Recognition software might have specific combinations of elements that make something unrecognizable as whatever you are detecting (placing certain things on your face registers you as a completely different person, for example).
__________________
"Question with boldness even the existence of a god; because, if there be one, he must more approve the homage of reason, than that of blindfolded fear." - Thomas Jefferson, Letter to Peter Carr, 1787
"That sounds like heresy. We're going to wipe you from the history books for that crap!" - Texas Board of Education, Ruling on March 12th, 2010
Thu, 2011-12-29 22:06
#3
Re: Turing, languages and basilisks
Brings back a memory from Robocop: Directive 4
No harming or letting harmed a ruling cadre of the OCP
The idea of a trojan attacking only certain softwares could be a mean for some Hypercorps to cripple the rep of the concurrence
Imagine a commercial on the Mesh feeds that carries bits of codes designed to cause malfunctions in certain key function of products, and making said product to fail. the hotlines of the 'faulty' product retailer will be overloaded, and the mouth-to-ear will spread that this morph/bot/implant is unreliable. the rep would go down
__________________
"This is how a human dies! At Ramming speed!"
ANN Reporter Emily Wong, RIP 2186
Q U I N C E Y ^_*_^ F O R D E R
"This is how a human dies! At Ramming speed!"
ANN Reporter Emily Wong, RIP 2186
Mon, 2012-01-02 10:43
#4
Re: Turing, languages and basilisks
Found this paper, which has a lot of related material:
http://www.cs.dartmouth.edu/~sergey/langsec/papers/Bratus.pdf
I especially liked the sentence "Successful exploitation is always evidence of someone’s incorrect assumptions about the computational nature of the system". This is they key. Get somebody to believe that something is "just" text, a normal device or a morph and as soon as they start trusting it you can exploit them.
For EP purposes there are many tidbits of terminology that can be used here when doing securitybabble in the game. Another relevant angle is that the argument that exploits are all about finding or creating an unexpected computational system inside the target: in our world this mainly means a security flaw, but in EP it can mean that a seed AI can be injected. Even if the target is unable to run a superintelligence, even a mere AI on the wrong side of the firewall can be bad news.
__________________
Fri, 2012-01-20 17:10
#5
Re: Turing, languages and basilisks
A very nice keynote from the Chaos Computing Conference about why too complex protocols are a bad idea security wise:
http://boingboing.net/2011/12/28/linguistics-turing-completene.html
And they are hiding not just online, but inside your operating system and memory manager.
I know Meredith - she is good people, and incredibly learned in this particular field. The industry would do well to listen and learn from her.
Feels very appropriate for EP. Yesterday's session had some major combat hacking (mass forking exhuman hackers in your morph processors, oh dear...) and this talk suggests a major vulnerability: egos doing perception are parsing messages from the environment, and hence big security risks - not just basilisk hacks, but maybe even ordinary hacks too:
In the first game I ran I used something like this as the adventure hook to bring them together. Someone smuggled a basilisk hack which was packaged as the payload of a worm onto Extropia but did not know it. The worm had infected an ecto, which the NPC was playing around with. When the payload went off it used a combination of visual and auditory stimuli to throw the character into a berserk frenzy, and promptly tore into the PCs... then, just to make a critical failure fun, I had the worm attempt to propagate itself through the NPC's scream (which gave a bonus on the save and a much shorter runtime in the PCs that failed the check).
Hats off to my players, they figured out that the worm would propagate onto any information processing system it could find and went to incredible lengths to airwall it into the EP equivalent of a DOS machine, and then killed the power.
__________________
I am everywhere.
Fri, 2012-01-20 17:11
#6
Re: Turing, languages and basilisks
Increased complexity in any pattern makes it easier to hide things within those patterns. Especially if our perceptions become numb to them. The increasing ubiquity of QR codes (one appeared on a bottle of soda I bought!) is an example. How long before someone sneaks an exploit into one of them and we pick it up without knowing? One scan of the QR and our phones are vulnerable...
It is already being done (people tried SQL injections for about a week, found that they did not really work, and then started developing really nifty exploits in the scanners themselves). Never scan QR codes at hacker cons. __________________
I am everywhere.
This reminds me of an old D&D trope: "What it say on the wall?" "It says 'you are reading an explosive rune.'"
Increased complexity in any pattern makes it easier to hide things within those patterns. Especially if our perceptions become numb to them. The increasing ubiquity of QR codes (one appeared on a bottle of soda I bought!) is an example. How long before someone sneaks an exploit into one of them and we pick it up without knowing? One scan of the QR and our phones are vulnerable...
"The ruins of the unsustainable are the 21st century’s frontier."
— Bruce Sterling