In case you hadn't caught it, there's a very cool way to catch "trusting trust" style attacks called "diverse double compiling". The idea is that compilers from sufficiently disparate sources are very unlikely to have the same malware, and while different compilers aren't expected to produce the same output for the same source they are expected to produce functionally identical output for the same source. So if you compile a compiler (where you've vetted the source) with an array of compilers, you have something that, applied to (again) that same source should produce something bitwise identical - any deviations are an attack or a bug in at least one of your compilers, and can be investigated manually.
These articles are personal philosophies you might take up using the principles of CS. So while not technically rigorous, I think they are like chicken soup for the hackers soul...I found these two articles to be both interesting and inspiring:
The Art of Deception and The Art of Intrusion by Mitnick were interesting to me when I read them a long time ago. They really show how important humans are to a system. You can have high tech security equiptment and all it takes is someone to go dumpster diving or appeal to another person's human nature.
I didn't finish it, but I enjoyed The Best of 2600. It's a collection of the old 2600 magazine. Lots of cool older stories in there.
6 comments
[ 2.9 ms ] story [ 25.2 ms ] thread[0]: https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p7...
https://dwheeler.com/trusting-trust/
- Communicating Sequential Processes https://www.cs.cmu.edu/~crary/819-f09/Hoare78.pdf
- Crash-Only Software https://www.usenix.org/legacy/events/hotos03/tech/full_paper...
- Bitcoin
- MapReduce
- The Google File System (GFS)
- Spanner
Sorry I don't have the links but they can easily be found online.
The Single Responsibility Principle Revisited -
https://thevaluable.dev/single-responsibility-principle-revi...
Climbing the wrong hill -
http://cdixon.org/2009/09/19/climbing-the-wrong-hill/
I didn't finish it, but I enjoyed The Best of 2600. It's a collection of the old 2600 magazine. Lots of cool older stories in there.