[HN Gopher] Gene sequencer malware injection via encoded DNA
       ___________________________________________________________________
        
       Gene sequencer malware injection via encoded DNA
        
       Author : carlsborg
       Score  : 15 points
       Date   : 2021-06-06 21:57 UTC (1 hours ago)
        
 (HTM) web link (www.wired.com)
 (TXT) w3m dump (www.wired.com)
        
       | Thorentis wrote:
       | I immediately thought of that Bones episode where a computer is
       | set on fire because a bone put into a scanner had some kind of
       | malware embedded in it. The future is now.
        
       | Causality1 wrote:
       | Sanitize. Your. Inputs. No exceptions.
        
         | jjtheblunt wrote:
         | that almost looks like a logical implication:
         | 
         | sanitize your inputs ---> no exceptions!
        
       | mgarfias wrote:
       | Surely there is a Gibson meat space joke here somewhere.
        
       | jacquesm wrote:
       | Burried quite far into the article:
       | 
       | "the researchers admit, they also had to take some serious
       | shortcuts in their proof-of-concept that verge on cheating.
       | Rather than exploit an existing vulnerability in the fqzcomp
       | program, as real-world hackers do, they modified the program's
       | open-source code to insert their own flaw allowing the buffer
       | overflow."
       | 
       | I think they should leave out the verge. But it _is_ an
       | interesting thing to think about, that you can encode DNA with
       | the specific intent to cause a buffer overflow in a vulnerable
       | program. But not this one.
        
         | tantalor wrote:
         | Yeah, adding `if(<my-input>) { <bug> }` to the code first is
         | _definitely_ cheating.
        
       ___________________________________________________________________
       (page generated 2021-06-06 23:00 UTC)