Dark mode: ON

Infosec Decoded Season 4 #19: Memory Safety

With Doug Spindler and @sambowne@infosec.exchange

Tue, Mar 5, 2024

Doug Spindler

Pig Butchering- John Oliver

Woman steals $100 Million from the Army

LG Terms of use written on card box

Walmart buys/offers to buy Visio TVs - for the advertising revenue. Walmart can monitor what TV shows you are monitoring and us targeted ads

TV watchers are reporting streaming TV shows suddenly stop play as viewing license expires mid show.

Sam Bowne

Secure by Design: Google’s Perspective on Memory Safety

We see no realistic path for an evolution of C++ into a language with rigorous memory safety guarantees that include temporal safety.

At the same time, a large-scale rewrite of existing C++ code into a different, memory-safe language appears very difficult and will likely remain impractical.

This means that we will likely be operating a very substantial C++ codebase for quite some time. We thus consider it important to complement a transition to memory safe languages for new code and particularly at-risk components with safety improvements for existing C++ code,

Memory safety bugs are responsible for the majority (~70%) of severe vulnerabilities in large C/C++ code bases.

Android 13 introduced 1.5M lines of Rust with zero memory safety vulnerabilities. This prevented an estimated hundreds of memory safety vulnerabilities.

Google CEO Sundar Pichai Forgot the Most Important Rule of Leadership. It Could Cost Him His Job
Google should be leading in AI, but they aren't. Their Gemini AI product was so flawed at launch, it was pulled back. He has faced intense criticism over a series of layoffs, including more than 12,000 at the beginning of last year.

Most leaders think culture is about values and mission statements. It isn't. It's not even about building cool products. More than anything else, culture is about the way people feel about working for you.

Former Twitter executives sue Elon Musk for more than $128 million in severance

Diet drinks boost risk of dangerous heart condition by 20%, study says
First over-the-counter birth control pill in US ships to retailers, costing about $20 for one-month pack
CVS, Walgreens say they’ll start dispensing abortion pill mifepristone

Hackers steal Windows NTLM authentication hashes in phishing attacks

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

CISA cautions against using hacked Ivanti VPN gateways even after factory resets