Posts

[Meta Analysis] Rick 'n Morty S3E1: The Hacker's Episode

Image
Hi folks, I'm a huge Rick n Morty fan, sometimes when watching it i can draw strong allegories and puns that relate to security, privacy, physics, psychology and wide range of crazy scientific fields. Knowing this I've decided to do some reviews of Rick n Morty where I expose this allegory to the wonderful folks who practice these sciences and those who would like to ;) Enjoy!



[Philosophy] A discussion on the realities of belief

Image
This is from a quora post I'd like to boast about a little on my blog because I think the rhetoric I've rendered is quiet entertaining to read :) Enjoy! 



There is no use in “belief”. According my understanding belief indicates absolutely nothing besides an assumption of pre-existing proof. When does belief happen? Let us talk about the ideology of believing things, and whether it does actually work the way people assume it does. According to how I understand the common rhetoric: belief is assumed to be what makes something true or allows you to assume things are true or means that something is true.  I am open to taking argument on my definition of the concept, this is inductive reasoning my induction will be as strictly logical (as logical as I believe i can render it) but whether this is true will depend on if this definition stands up to test. You are welcome to test it (recursion). People blur the lines between whether belief is what renders things true or if things that hav…

[Philosophy] Thoughts on the ontological duality of software data and instruction

This post is part of another I'm detailing out as an extension of my discussion of the ontology of software, I thought it might be a good idea to slip this in as a seperate post so it can be consumed in isolation and built up on / referenced future posts, enjoy!

What is program Input? Or Program Data?
If we should consider that there is such a thing as an input/data to a program, what would that be? In the common cognition this is something you enter into the program/software for computation. But how is this "entered"? What does a software do to "accept" input/data? What is input/data
Input/data is something that must change the state of a software/program deterministically and uniquely (2).  We know that a given input/data was been computed because there is a deterministic pattern of states that is assumed by the software after "accepting" the input (a kind of "response"). If a completely arbitrary set of states are assumed in response to a…

[Philosophy] The ontology of software

Image
Being a computer scientist before I am a hacker means I spend a lot of time thinking about the general ideas we use to process information and produce meaningful algorithms and computations. But of course being a philosopher before I am even a computer scientist means I think also a lot about what things are, how they are, why the the way the are and how we manage to say the are in such ways. (top-down)

I like asking questions and this aggressive question asking has led me to thinking about the ontological nature of software.  This post is a collection of a few potentially meaningless stabs I'm taking at what I perceive is the currents state of affairs (this was a typo at first, left it in as a joke for reasons obvious later) with regard to the nature of software's philosophical ontology.

Context based Entropy : How to use keyed-steganography

Image
I have spoken to a couple of people about this idea, those who know a little bit about steg often tell me this idea is pretty cool so I'll make it a little more public, see who catches it and starts doing interesting things before i do. Not saying I came up with this first, totally happy to pass the torch if I am to do so. But I do believe this idea could revolutionize security, cryptography and introduce a level of steganography to communication channels that is as hard to break as a secret key is to guess. I believe this possibly because my faculty for reasoning is flawed OR I'm missing something about my construction (I'm not a cryptographer--not a qualified one at least I'm just a dude who thinks about things a lot and just so happens to work in information security). 




So here I will lay out the idea, will all the notions expressed that I think make it work, and if they are true you should also agree with its advantages should it really work as i propose. 

[OPINION] How AI will change Information Security

AI is become more more prevalent in basically every single research area; that is to my mind undeniable. I remember when using neural nets use to be experimental (or hip and cool), now you can download a python package that handles building and training them for you! So there is definitely a significant up trend in the prevalence of AI and machine learning based technology in research.  I would need to be a special kind of moron to not guess that this will also spill over into information security.  The question is how will this affect us infosec people?

Why Security exceptions shouldn't exist.

Image
There's something that happens in pentests more often than any pentester would like to admit. Security Exceptions, findings in a security assessment that get marked as "no need to fix" by the larger organization's security operation (usually). In this post I'm going to talk about why the philosophy of this idea is fundamentally broken and will not benefit any org that has such a policy enforced in such a way.