Artwork

Ben Laurie: CaPerl: Running Hostile Code Safely

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 155121485 series 1146744
Content provided by Black Hat / CMP and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat / CMP and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
There are many circumstances under which we would like to run code we don't trust. This talk presents a method for making that possible with various popular scripting languages-the test case is Perl, but the technique will work with other languages. Also presented is an open source implementation for Perl, and various examples of its use - for instance, a web server that will run arbitrary code uploaded to it. Although some experience of Perl is useful, it is not essential. The basis of the technique is to compile a slightly modified dialect of Perl into capability-enforcing standard Perl, which is then run using a vanilla Perl interpreter. Ben Laurie has worked for years on cryptography and security, particularly in the open source world. Perhaps best known for authoring Apache-SSL, the ancestor of almost all secure free webservers, he is also a core team member of OpenSSL and a founding director of the Apache Software Foundation. In his copious spare time, he is Director of Security for The Bunker Secure Hosting. He has published papers on subjects as diverse as knotted DNA and anonymous money. His current obsessions are privacy and security.
  continue reading

61 episodes

#Tech #Blackhat Breifings And Training #Blackhat Usa 2005 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Video #Audio #Tech News #Jeff Moss #Podcasting #Conventions