I remember when fuzzing was just sending long strings to RPC programs, and
tapping the cloaca of all Unix programs, the signal handler, to see
what came out. But now, to be a hacker, you have to be a scientist.
Computer science is a real thing. But most computer scientists I know can't
explain how to do it because it comes out sounding like a deep dive into a
dungeons and dragons campaign run by toddlers. And perhaps, the hardest
thing with computer science is knowing when you're stuck, when the noise
inherent in your system has overwhelmed the signal, and hence, you.
Really I lied. The hardest thing is knowing when someone else on your team
is stuck and being able to reach into their understanding of the System and
unstick them. Because science, like digestion, is a team sport.
You can, if you want, undertake fun experiments. For example, you could as
a hacker just say publicly what 0day you know are sitting around, waiting
to be found. You can be as loud and annoying about it as possible, then
just wait a few years and see if there are any cool BlackHat talks on the
subject
<https://www.blackhat.com/us-20/briefings/schedule/#room-for-escape-scribbli…>
or not, and if the market makes any particular changes to how it deals with
that technology. There will not be any. This might make you ask more
questions - more uncomfortable ones.
"What is an acceptable parasitic load in a system?" you might ask in this
way. In the animal kingdom, it is an astonishing 40%
<https://www.nationalgeographic.com/animals/article/animals-evolution-parasi….>.
In computers, it is probably the same, where the science of hacking is
equally ignored and reviled, both profitable and prophetless.
Most hackers you know are specialized in the mystic art of Transformation.
A heap overrun becomes an information leak which becomes code execution. A
denial of service becomes a side channel attack becomes a local privilege
escalation. Sometimes it's hard to see the science in this. A friend of
yours will look down upon it as "just engineering". But it's not enough to
just find one bug anymore, or even one transformation of a single bug.
Every bug must pass through multiple slits at the same time now, like a
lost waveform. This takes some science.
My point is this: If you think you are defending against Engineers, but
really you are defending against Scientists, you've already lost. And if a
country wants to build and maintain offensive power in cyberspace, it has
to understand how to care for and nurture the places that treat it as a
science.
-dave
