Jacob Torrey

Chess Vs. Poker

Or: why we're playing the wrong game

Nota Bene: This post is a summary of a disconnection I've noticed in the information security community (myself included) and has been influenced by discussions with others, namely Prof. Bratus; please consider this an invitation to dialogue or comment, and not a one-size-fits all argument.

Having spent a busy spring and summer traveling . . .

Read More

September 13, 2014

Con-a-thon Talk Notes

In my last post, I provided a high-level summary of each of the three Las Vegas conferences, but no real technical meat about what I learned while in the desert. I'm going to take a few moments to type some notes or musings about the talks I attended for posterity.


  • Skull And Bones (And Warez) - Secret Societies of the Computer . . .

Read More

August 14, 2014

Reflections on a Las Vegas Con-a-thon

Or: BSidesLV, Black Hat and DEF CON

I have survived a week in the hot desert and returned safely and smoothly to the Mile High. While the memories are still fresh, I wanted to reflect on my time at the three large conferences and what I liked, what I didn't and lessons learned.


Formed initially as an answer to the other conferences getting too large and too . . .

Read More

August 13, 2014

My MiniLock Concerns

Or on the cyber-playing field

Disclaimer: Some of my concerns and proposed changes may be addressed and included into the miniLock code before the official release, greatly improving security. I will post a new entry once the merge has happened to describe the changes and how they make miniLock much more secure. Until then, please take the below with a large grain of salt . . .

Read More

July 21, 2014

Speaking Engagement: BSidesLV 2014

I will be speaking at BSidesLV this August; my talk is titled: "Cluck Cluck: On Intel's Broken Promises". This talk will cover a CPU/x86 architecture bug on most recent systems (2004-present) that provides an OS independent method to break out of virtual memory. The lesson I hope to impart of my audience is that in adding a new . . .

Read More

July 06, 2014

Towards a new model of computational expressiveness

Since joining the cult of LangSec, I've spent a great deal of time pondering what makes a programming language or environment "useful" and believe that the current model centered around Turing-completeness is no longer sufficient to describe the nuances between varied environments. The root of this stems from the huge divergence . . .

Read More

June 01, 2014

Speaking Engagement: BlackHat USA 2014

I will be speaking at this year's BlackHat conference in Las Vegas August 6-7 about some of my DARPA Cyber Fast Track work "MoRE: Measurement of Running Executables". Below is a short synopsis of the briefing:

This talk will cover the concept of translation lookaside buffer (TLB) splitting for code hiding and how the evolution . . .

Read More

May 28, 2014