Weaponizing Noam Chomsky
I wanted to ask Dan Kaminsky, who btw is a brilliant presenter (more below), about doing grammar and writing style analysis to determine who wrote a paper. I can see the techniques as potentially having forensic uses. Don’t ask me what his talk was about, I would not be able to recall any useful details. Here is what his talk description stated:
Weaponizing Noam Chomsky, or Hacking with Pattern Languages
There is no man page for the English language, but kids pick it up anyway (more or less). There is deep structure hidden inside every human generated language, especially those we intend to fuzz. I will discuss and demonstrate new, useful, and purty purty tools for rendering complex patterns automatically, potentially in realtime, and breaking things with it. New toys will be released, including a generic XML fuzzer (rawk!).
This was my first time seeing Dan talk and it was very entertaining and surprising to watch him react and respond to questions from the audience. No matter how annoying or frequently the questions came, he was quick on his feet(even after drinking four beers) to counter-attack.
Dan is an excellent presenter. I’m always happy to see him present. Word is he’s also a great drinker. I’d like to participate in that some time too.
Let us know next time you are going to any good presentations and we will try to join ya.
Wow, no wonder I thought you were silent lately, I hadn’t updated my RSS for you! :)
Glad you got to see Dan talk. His presentations are always very insightful and animated; he’s obviously genuinely excited about all this stuff, and he has traditionally been a very out-of-the-box thinker who has created some amazingly creative and novel attacks and abuses. And yes, he seems to always be at least somewhat drunk for his presentations (or in the process of drinking). :)
I am pretty sure when you talk about grammar styles for forensics, you’d delving into the area of linguistics, similar to handwriting specialists in the FBI or something. Definitely out of our league, and I swear I’ve heard mutterings of similar thoughts in the securitybasics mailing list from Secfocus a year ago about similar stuff…
Ahh, thanks, both of you :)
Yes, using this stuff for forensics is a major direction this is moving into — Sequitur being linear time means we can build up a combined grammar from a couple hundred sample “bad hard drives”, subtract collisions against known “good hard drives”, and then find similarities against unknown drives.
There’s also some other algorithms in plagiarism detection that may generate nicer grammars.
Oh, and I only drink at Defcon…OK, Shmoocon and Toorcon too. Thank you, Hikari.