Security Cloud Privacy Tech
NULL & Input Validation

NULL & Input Validation

11 minute read | Last updated 16-Aug-2019 | An icon depicting a retail tag with a heart for 'favourite' DevOpsRant

Mornings With Mark no. 0195

Watch the episode on YouTube

Join the discussion on LinkedIn

Share on Twitter

Bad Robot Transcript

Morning, everybody. How you doing today? I miss an episode of the show. We’re going to talk about this shaky underpinnings of a lot of the code out there using a really interesting and funny example. Just stumbled across this great wired article on that related back to a talk. That was given at last weekend Las Vegas by Joseph Tutera explaining the challenges.

He’s had with his vanity license plate in California immediately. I was intrigued because I’m thinking how does somebody get a talk in a demeanor security conference around a license plate while it turns out he had a vanity plate and that vanity plate simply said no. Genius that he wasn’t looking for trouble when you set out on this as you can read from the wired article and I fully recommend that you read it through but you wasn’t looking for trouble.

He was simply looking for a great vanity plate. He jokes that he was going to try to get void for his Partners car so they could be null and void as I can totally appreciate the concise genius having a vanity plate that says no but the interesting thing is the story he tells in this talk essentially what ends up happening is that he started to get all of the errors out of the parking ticket database system.

So if there is a ticket that’s written that doesn’t have a proper license plate assignment. It ends up getting Associated to his and her first this didn’t really cause any issues. It’s sort of grown over time and that’s a really interesting thing because a lot of people don’t realize how shaky a lot of this code.

There’s a huge push to get things out the door really really quickly and to make sure that you know, you’re kind of building in a minimally viable product MVP and that you’re testing and integrating and now that’s a really really great except for a lot of the time at you build up a significant amount of technical debt, and we talked about technical debt and have it’s really just a whole bunch of security issues waiting to happen.

But this this sort of theme keeps coming back and I really wanted to bring it up because I thought the story was absolutely hilarious that you know, and unfortunately for you have to deal with is that are associated to Hammond that I can’t pay us any mind work through this stuff.

But I think the best part of the story was at the end when a journalist Christopher come through and says, you know what you deserve it like you were asking for it because Christopher is last name is actually know and he’s headed to get with this his whole life and he’s got these Dre anecdotes in that, you know.

People won’t accept email from his domain now Mediacom American Express is drop him off its books apparently all together and because of the last name in this again highlights the weakness in a lot of software and I think that’s the real challenge is that we’ve accepted as a as a digital citizenry.

We have accepted a certain amount of stuff just crashes right like you’re using your iPad and something crashes your car just restart the app and it’s good you’re playing a video game and it crashes that happened to get frustrated you move on you’ll think of it. Have you reboot your window systems, you know several times a week.

It’s not a big deal. This is just something that we accept but the problem is is that each of those is generated from an error somewhere as much as we know that computers are logical and they will execute the same thing over and over and over again. They are infinitely complex or not.

Actually infinitely complex, but ridiculously complex is probably a better way to phrase it and they’re programmed by humans and we make mistakes all the time that I used quite often. When trying to explain some of the challenges around cybersecurity specifically is a while back. I actually did some digging and try to figure out how many lines of code could execute in a normal system try and ask for a web page and it turns out it’s somewhere around a hundred million billion.

Well, you’ve got the basic input-output system your bios on your computer that boots up there is a code in the microprocessor. There is code in a video card are there is code in the hard-drive there’s code in all of the hardware that then boots up into the software stock, which is ridiculously large wrist and Boots up into the brown which is ridiculously large was in Boots up into the browser is an application-layer and all this that there’s a mountain in lines errors on any number of those and there are a ton of those errors could lead to security issues noticed wired story.

I just got a good chuckle out of because in the end it’s relatively But we do know that from security vulnerabilities from common msconfig eurasians that there are real world in real significant consequences to these types of mistakes in the case of no that’s a basic 101 stuff and yet it’s still happening time and time again, right when I see a complicated technical breach on Olmos.

Thanks. Like I appreciate the fact that this is technically complicated and it would have gotten anybody when we see the basics of the basics happen time and time and time again that to me says that something is very very rotten in the state of Technology creation and software development need to do better to my comment earlier in the last episode.

Their Run apps like being dead security and privacy needs to be built into it by Design the way we do that is by educating helping people understand how to build better from day one as well as after the fact or right now, all of our efforts are after the fact we’re trying to catch the stuff after the horse has left the barn.

We need to work better. We need to build it in we need to get people to understand that sometimes going slightly slower but generate higher quality technology is better and I think as Citizens as consumers, we need to be able to accept that and what is developers is technologist.

We absolutely need to hold of that because we can’t keep making it into steaks cuz Weldon no case is harmless. What about the ones that are Let me know what you think. Hit me up online at Mark and see a eye in the comment down below nose Always by email me at Mark end.

CA I will talk about this and everything else Under the Sun and on the digital interwebs Co Max episode of a show. Morning, everybody. How you doing today? I miss an episode of the show. We’re going to talk about this shaky underpinnings of a lot of the code out there using a really interesting and funny example.

Just stumbled across this great wired article on that related back to a talk. That was given at last weekend Las Vegas by Joseph Tutera explaining the challenges. He’s had with his vanity license plate in California immediately. I was intrigued because I’m thinking how does somebody get a talk in a demeanor security conference around a license plate while it turns out he had a vanity plate and that vanity plate simply said no.

Genius that he wasn’t looking for trouble when you set out on this as you can read from the wired article and I fully recommend that you read it through but you wasn’t looking for trouble. He was simply looking for a great vanity plate. He jokes that he was going to try to get void for his Partners car so they could be null and void as I can totally appreciate the concise genius having a vanity plate that says no but the interesting thing is the story he tells in this talk essentially what ends up happening is that he started to get all of the errors out of the parking ticket database system.

So if there is a ticket that’s written that doesn’t have a proper license plate assignment. It ends up getting Associated to his and her first this didn’t really cause any issues. It’s sort of grown over time and that’s a really interesting thing because a lot of people don’t realize how shaky a lot of this code.

There’s a huge push to get things out the door really really quickly and to make sure that you know, you’re kind of building in a minimally viable product MVP and that you’re testing and integrating and now that’s a really really great except for a lot of the time at you build up a significant amount of technical debt, and we talked about technical debt and have it’s really just a whole bunch of security issues waiting to happen.

But this this sort of theme keeps coming back and I really wanted to bring it up because I thought the story was absolutely hilarious that you know, and unfortunately for you have to deal with is that are associated to Hammond that I can’t pay us any mind work through this stuff.

But I think the best part of the story was at the end when a journalist Christopher come through and says, you know what you deserve it like you were asking for it because Christopher is last name is actually know and he’s headed to get with this his whole life and he’s got these Dre anecdotes in that, you know.

People won’t accept email from his domain now Mediacom American Express is drop him off its books apparently all together and because of the last name in this again highlights the weakness in a lot of software and I think that’s the real challenge is that we’ve accepted as a as a digital citizenry.

We have accepted a certain amount of stuff just crashes right like you’re using your iPad and something crashes your car just restart the app and it’s good you’re playing a video game and it crashes that happened to get frustrated you move on you’ll think of it. Have you reboot your window systems, you know several times a week.

It’s not a big deal. This is just something that we accept but the problem is is that each of those is generated from an error somewhere as much as we know that computers are logical and they will execute the same thing over and over and over again. They are infinitely complex or not.

Actually infinitely complex, but ridiculously complex is probably a better way to phrase it and they’re programmed by humans and we make mistakes all the time that I used quite often. When trying to explain some of the challenges around cybersecurity specifically is a while back. I actually did some digging and try to figure out how many lines of code could execute in a normal system try and ask for a web page and it turns out it’s somewhere around a hundred million billion.

Well, you’ve got the basic input-output system your bios on your computer that boots up there is a code in the microprocessor. There is code in a video card are there is code in the hard-drive there’s code in all of the hardware that then boots up into the software stock, which is ridiculously large wrist and Boots up into the brown which is ridiculously large was in Boots up into the browser is an application-layer and all this that there’s a mountain in lines errors on any number of those and there are a ton of those errors could lead to security issues noticed wired story.

I just got a good chuckle out of because in the end it’s relatively But we do know that from security vulnerabilities from common msconfig eurasians that there are real world in real significant consequences to these types of mistakes in the case of no that’s a basic 101 stuff and yet it’s still happening time and time again, right when I see a complicated technical breach on Olmos.

Thanks. Like I appreciate the fact that this is technically complicated and it would have gotten anybody when we see the basics of the basics happen time and time and time again that to me says that something is very very rotten in the state of Technology creation and software development need to do better to my comment earlier in the last episode.

Their Run apps like being dead security and privacy needs to be built into it by Design the way we do that is by educating helping people understand how to build better from day one as well as after the fact or right now, all of our efforts are after the fact we’re trying to catch the stuff after the horse has left the barn.

We need to work better. We need to build it in we need to get people to understand that sometimes going slightly slower but generate higher quality technology is better and I think as Citizens as consumers, we need to be able to accept that and what is developers is technologist.

We absolutely need to hold of that because we can’t keep making it into steaks cuz Weldon no case is harmless. What about the ones that are Let me know what you think. Hit me up online at Mark and see a eye in the comment down below nose Always by email me at Mark end.

CA I will talk about this and everything else Under the Sun and on the digital interwebs Co Max episode of a show.

More Content

Prev: AppSec Is Dead

Next: Privacy Expectations

Back to top

Related Content