Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Idle

Zero Day Found for Universal Turing Machine (CVE-2021-32471) (theregister.com) 46

xanthos (Slashdot reader #73,578) writes: Our friends over at The Register are reporting a zero day vulnerability for one of the earliest modern computer architectures.

Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden, has published what amounts to a sql injection attack on the 1967 implementation of the simulated Universal Turing Machine (UTM) designed by the late Marvin Minsky. The exploit allow an arbitrary program to be run in place of the intended one. It has been dutifully documented as CVE-2021-32471. At this time there is no patch or workaround.

This discussion has been archived. No new comments can be posted.

Zero Day Found for Universal Turing Machine (CVE-2021-32471)

Comments Filter:
  • by Anonymous Coward

    It's so stu. And then why not also write "art int"?

  • by ebcdic ( 39948 ) on Sunday May 16, 2021 @09:53AM (#61390274)
    ... none of my Turing machines is connected to the internet.
    • That doesn't prevent a physical attack though. Do you completely trust everyone you let near your Turing machines? Do any of them call you "comrade" or mention bitcoin a lot?

    • by hawk ( 1151 )

      >... none of my Turing machines is connected to the internet.

      mine are, but only through a firewall on my Analytical Engine . . .

    • You need to watch out for side channel attacks, by the grad student interns in the cubicles next to you and by the cleaning lady.

  • by WoodstockJeff ( 568111 ) on Sunday May 16, 2021 @09:55AM (#61390276) Homepage

    Even if it doesn't affect many people.

  • One of the programming challenges at SPOJ involves writing code in .bf, where input validation is practically infeasible. While there wasn't a chance for arbitrary code, an unexpected value could still disrupt the program. With other esoteric programming languages, input validation would be a luxury, and it's no surprise that something theoretical would come out.

    When I followed a few links, I came across a sample exploit [github.io], but I don't see why it's an exploit, nor do I understand what said machine is trying t

    • I don't think this is a matter of utility but novelty. They said there is no patch and I wonder if it's a matter of fundamental hardware design. I am not to familiar with the architecture but I have a feeling it's virtually single user, so either the user is effectively already by default a super user or the system has minimal design in terms of user access. In such an environment, the exploit is really just the novelty of finding it. It likely affects no more than hobbists and at best it could be used

    • writing code in .bf, where input validation is practically infeasible.,

      You just need a halfway decent macro processor, and the language is fine.

      • by Sigma 7 ( 266129 )

        Or creating an input subroutine rather than doing input directly. It's not like I was required to use .bf, there was also the choice of Intercal which gets close to implementing that feature.

      • What about the other "bf" [wikipedia.org]? I always wondered if/how one can produce a grammar for this.
        • That's a good question. The answer is likely to revolve around whether or not you can build up reusable primitives that the macro processor can reuse.

          For example, if you can write code to print a string to the terminal, then the macroprocessor can use that and you now only have to write once command to print a string. This is similar to what we do with assembly: build primitives and reuse them instead of writing raw assembly every time.

      • I would suggest m4 then :P

  • ... in 60 years, and it will be very vulnerable.
  • ... encounter Zawinski's Law [catb.org].

  • ... right after both Turing and Minsky return from lunch. They'll sign the cheque promptly and send via express post.

    In the meantime, we need your banking information for international shipping and processing fees... you know, so their respective estates can also reward you with the prize money.
  • Look, I'm replying from my Universal Turing Machine, clearly it is safe from atta

    NO CARRIER
    • Look, I'm replying from my Universal Turing Machine, clearly it is safe from atta

      NO CARRIER

      I have 1 mod point left today. You don't get to have it. Some Slashdot memes deserve to die.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...