undefined | Better HN

0 pointslph8y ago0 comments

Agreed. I think maybe the value of the paper is that non-computer scientist biologists will read it and gain awareness.

To computer scientists, it's pretty obvious that DNA used as input to a program could be maliciously crafted.

0 comments

3 comments · 1 top-level

dboreham8y ago· 2 in thread

I'm not sure that is obvious because as a lay-Biologist the input data is just strings of ... um 2-bit ? symbols with no known encoding format (we haven't discovered the "JPEG" of DNA yet). Is quite surprising to me that anyone could screw up parsing that kind of data such that the process could be taken over.

Now if DNA contained an encoded turing-complete language that the lab ends up executing...

But I think we're some way off from achieving that.

mattkrause8y ago

The parsing is actually fine.

The issue is that they forced a buffer to overflow--they put N bytes of data into a bucket that was can only hold n bytes. The extra N-n bytes were carefully chosen so that they would do something "interesting" when they spill out of the bucket and into the program's code (there are ways of avoiding this, like the No-eXcecute bit, which I guess were ignored/turned off for this demo).

In some ways, this is easier to do with unstructured data. If there was some specific format, the overflowed data would have to fit into that format AND do something malicious.

dboreham8y ago

This makes no sense to me as someone who has written plenty of protocol code. The DNA data is essentially random bits. It has no packet size.

1 more reply

j / k navigate · click thread line to collapse