[erlang-questions] Erlang offensive paper

Richard A. O'Keefe ok@REDACTED
Thu Jun 2 00:18:19 CEST 2016

A rough summary:
  - The underlying C code can be attacked through Erlang.
    * Avoid NIFs if you can.
  - The default distribution machinery has weak security.
    * Search the archives for alternative distribution methods,
      e.g., TLS
  - Secrets can leak out through the OS and attacks can leak in.
    * Can dumps be routed to another machine, through TLS?
    * Limit use of external commands.

Whatever happened to Laurie Brown's work on "Safe Erlang"?

More information about the erlang-questions mailing list