[Dailydave] 666!

Parity pty.err at gmail.com
Wed Dec 16 01:50:51 EST 2015


So, I'm thinking, let's make an infosec product that's nothing but attack
surface. Seriously: just one big, fat parser. No, wait - even better: a
veritable fscking *multitude* of parsers. A parser for every conceivable
format, container, or syntax that can possibly express malicious intent.
And if something new comes along that can't be parsed, well, we'll add
whatever we need so it can parse that too.

Which means, let's just forget about building it all with just one
well-tested technology platform. No, if we want to parse ALL the things,
we're going to need the most diverse ecosystem possible: ALL the languages.
ALL the runtimes. ALL the wonky-ass under-tested open-source libraries.

And then, when we've built the all-cracking, all-decoding, all-munging,
all-tree-walking parser of the world, are we going to just leave it to
languish in some highly-filtered network segment where anomalous traffic is
so seldom seen as to be in danger of standing out? And waste such a
glorious tool in the backwater of some cloistered cardholder data
environment? NEVER.

No, the computing world's ultimate monument to attack surface can only be
properly honored by the thing it was made for: EXPOSURE. Put it on the
network boundary! No, better still, take ALL your network boundary
segments, and funnel them to a single span port! GIVE PARSERSAURICUS ALL
YOUR TRAFFIC! PARSERSAURICUS HUNGERS.

PARSERSAURICUS.

MUST.

CONSUME.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151215/b1f11f0d/attachment.html>


More information about the Dailydave mailing list