I was presenting at the Software Security Summit yesterday – good little conference. It's a shame that conferences that show off ways to be a problem draw huge crowds, and this one is all about being part of the solution, but it's still really small after 4 years. Got to watch Greg Hoglund present, and even though he claims they're the same slides, I always learn something – one of the smartest guys in the business.
At any rate, I was talking about some of the stuff I posted yesterday, and how some other post was trying to extrapolate my saying that crashing a client application isn't the worst thing that can happen into worrying about cars, phones, and all sorts of other stuff. The fact is that if you do get into an unstable state, and don't know how you got there or exactly how to recover, the best thing to do is to execute the least code on the way out – finding unstable states is the heart of finding security flaws. Of course, it's still bad to get into unstable states, but stuff happens…
We always use car analogies, even though they don't apply very well, but it got me thinking. We have a really big truck we use to haul our horses all over the northwest, and early last year, it just refused to go one day. Augh! A denial of service attack if there ever was one! Got it hauled off to the shop, where we found out that a piece of the turbocharger had failed, which caused most of the oil to leak out. In the Bad Old Days, this would have caused the motor to need replacement. In their wisdom, the designers of the controls systems for the truck decided that if you got into an unknown, unrecoverable state, they'd just shut the motor off. As a result, we replaced a part, added some oil, and didn't have to replace the whole motor.
It's really a much better approach than the old BMW 2002's where you found out the timing chain was worn because it cut through the oil intake and the motor seized up as a result.
It's funny that someone would use a car analogy to criticize, but in reality, the car manufacturers are taking the same approach, and I'm really glad they did – a new motor would have been really expensive.