Blog

Tag Archives: cybersecurity

Microsoft's bug bounty program
Pascal Cuoq on 19 June 2013

I like Robert Graham's analysis on Microsoft's new bug bounty program. I would never have thought of selling vulnerabilities to the NSA (but then I am not American and not a security researcher). Does the NSA not employ qualified people to look for vulnerabilities as their day job? Is that...

Read More

Attack by Compiler
Pascal Cuoq on 20 May 2013

The title of this post, “Attack by Compiler”, has been at the back of my mind for several weeks. It started with a comment by jduck on a post earlier this year. The post's topic, the practical undefinedness of reading from uninitialized memory, and jduck's comment, awakened memories from a...

Read More

Google forking WebKit
Pascal Cuoq on 4 April 2013

Blink as seen from the inside As you have undoubtedly heard if you follow at all this sort of thing, as of April 3, Google is forking WebKit. Its Chrome browser will henceforth rely on its own variation of the popular rendering engine, Blink. This is big news. If I...

Read More

From Facebook to Silent Circle, through the “metrics” Frama-C plug-in
Pascal Cuoq on 16 February 2013

From Facebook to Silent Circle Some computers at Facebook were recently compromised because of a zero-day in Java. Nothing unexpected. Last december instead of writing a full blog post I lazily linked to Robert Graham predicting this sort of thing for the year 2013. Speaking of Facebook do you know...

Read More

ENSL seminar
Pascal Cuoq on 1 February 2013

Seminar As anticipated, I was at my alma mater's student seminar last tuesday. School and seminar were very much like I remembered them. The latter was improved by orange juice and biscuits to chat around after the talk, that I do not think were part of the protocol when I...

Read More