Andy
BeyondMachines 
Injection vulnerability, level ultimate
Reminds me of Snow Crash
Reminds me of Snow Crash
bytebroWait, that's from 2017, according to the banner?
jaseg@beyondmachines1 the articles on that paper (link below) are bullshit fearmongering. The researchers didn’t show an actual attack at all. They intentionally introduced a flaw in a program and then showed they could trigger their intentionally introduced flaw.
Given how this data looks I don’t think this scenario is realistic at all. I didn’t read past the paper’s abstract, but whatever is the actual merit of that research it isn’t what the headlines are about.
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-ney.pdf
@jaseg good to know. But there were other commenters that mentioned other avenues of exploit using the DNA data, from what I gather, the metadata elements added to the biological material.
tenkuma@jaseg @beyondmachines1 I already felt that there was a catch like that. You usually can't just hack anything by makin it just read malicious code. That would make no sense.
OwOday@jaseg @beyondmachines1 this is what happens when you are just goofing in your lab and your prof forces you to publish and then the media goes crazy with your paper because the title potential
Jeremy Kahn@trochee I am stealing this!
@stevewfolds@trochee @beyondmachines1 @cstross Autoclaves failed to clean autopsy tool with prions, someone got CJD.
@stevewfolds @beyondmachines1 @cstross
Well, we'll cross that bridge when they encode remote execution exploits into protein sequences
@trochee @beyondmachines1 @cstross CRISPR is doing some amazing things. Stem cells from teeth have applications. Shamed that we cut research in the US.
@trochee @beyondmachines1 @cstross Been reading & buying books by @cstross since Accelerando on the web in 2005.
@stevewfolds @trochee @beyondmachines1 @cstross did not understand but the word prion was enough to give me a chill
@tenkuma @trochee @beyondmachines1 @cstross
I’ve had an amateur interest in Prions and protein folding. Donated 70-80,000 hours of computer time to folding@home.
https://en.m.wikipedia.org/wiki/Prion
I’ve had an amateur interest in Prions and protein folding. Donated 70-80,000 hours of computer time to folding@home.
https://en.m.wikipedia.org/wiki/Prion
Infoseepage@beyondmachines1 I dimly remember reading about a hitman who had clued into just how good trace forensics were getting and how even a single hair might betray him. His solution was to go to busy hair salons after closing and raid their dumpster for a bag full of hair. When he'd kill someone, he'd carpet bomb the room with the hair of dozens upon dozens, hiding his own like a needle in a haystack.
@beyondmachines1 There is a popular Covid test for those that believe in frequent testing. It does DNA amplification, which results in a huge number of strands being created inside the test medium. If you damage the medium/dispose of it improperly, you can contaminate your environment and DNA is very stable. Do it wrong and you might make it so that a particular room always produces false positives, for instance.
@beyondmachines1 I can almost imagine a combination of these approaches where someone has a huge number of DNA strands produced which are designed to jam the works of DNA sequencers.
draeath@Infoseepage @beyondmachines1 usually the strings are broken up into small pieces through a combination of temperature and some sort of a solvent? (Don't know the right term), even when amplification doesn't do that already.
Those tiny fragments are what's read in, and they're essentially stacked up with statistics magic.
Nothing actually sequences by reading the whole thing in like a microscopic paper tape or the like.
Mrinappropriate@Infoseepage @beyondmachines1 Hmm. Interesting.
Alaric Snell-Pym@beyondmachines1 as somebody who writes software to process genome sequences, I can say from the kind of processing we do it would be hard to accidentally make this kind of vulnerability... But the crufty parsers for other things like HGVS strings (used to express variants, looks like "NM_004333.6(BRAF):c.1799T>A (p.Val600Glu)") and VCF files (encapsulation used to store the gene sequences) scare me and ARE probably full of holes! Most of the processing is in pointer safe languages tho 🤞
stefani banerian@beyondmachines1 and target the CODIS database ? ? ?
@stefani that's an interesting spin. Why not?
Rob Agar🐀@beyondmachines1 duh. Don’t execute random DNA you extract from strangers
Daburu Dar@beyondmachines1 I think this is almost the plot of an episode of Star Trek. One of the less good franchises, maybe Discovery?
Call me Mênio
TonyC@beyondmachines1
Little Bobby Gattaca
Little Bobby Gattaca
Tagaziel
Shaun Griffith@beyondmachines1 @beyondmachines1 @beyondmachines1 This is just BS. No one in their right mind would parse DNA as anything else. Besides, there's only 4 symbols. Turning this into binary or anything else other than genetic triplets is playing games.
"Look Mom! I wrote some malware in the fridge magnets!"
"Great Kelly! Let's convert that to ASCII and compile it as Javascript, and see what it does!"
Thorne Lawler@beyondmachines1 @cstross
Procedure: Inject a synthetic sequence which buffer-overruns the sequencer and prints Hello World in the resulting gene map.
Result 1: Testing with bacillus anthracis, the expected result is observed, along with some minimal line-noise adjacent to the injection.
Result 2: Testing with homo sapiens, the expected result is observed eventually, but more than a megabyte of line-noise is emitted.
Result 3: Testing with sepia apama, the test did not complete. Test rig was later found (through analysis of printed recordings) to have autonomously accessed the campus internet proxy, uploaded several terabytes of data then corrupted all electronic logs and printed out a 666-page document in an unidentified hebrew-like script.
Analysis of this text by the Linguistics department proved inconclusive, as the entire team subsequently absconded or experienced violent, fatal accidents within the following 24 hours.
Stryder Notavi
WillTootMaybe
besselj
Killa Koala@beyondmachines1 We should've stopped at the abacus, slide rules were a step too far and it's been all downhill since then.
LisPi@beyondmachines1 I wonder this will change anything about development practices in the field.
Shane Celis@beyondmachines1 Hacker is being escorted through the prison intake system. They take his blood. “I'm in," he whispers.
@shanecelis totally a start of an airport novel I would buy
maybeanerd
madd0ck@beyondmachines1 wait, does that mean I could do something like AI image poisoning but with my DNA 👀
Dave@beyondmachines1 one of my favorite parts of my job is that I correctly guessed both of the faculty members involved with this from the title alone, since I’ve worked with both of them and this seemed like the intersection of their work.
@beyondmachines1 who is arguing it could become more likely...