What's new (once every X months):
January 24, 2008:
New home on the web.
April 9, 2006:
Also worth checking out: distributed search engine.
March 24, 2006:
Did it get hacked?
March 17, 2006:
This is cool: Andrew Tanenbaum et. al. discover an RFID virus.
Go run your Norton on it! You will get your favorite low false positives rate! Oh, sorry, you can't, huh? Then why do you keep complaining about my virus detection method??
Feb 16, 2006:
On Vista being "too secure":
"Professor Anderson said people were discussing the idea of making computer
vendors ensure "back door keys" to encrypted material were made available."
This is wonderful! I have always been dreaming about Professor Anderson teaming up with
Microsoft and installing backdoors on my computer. I trust these very nice people, and
I'm sure the whole world would only benefit from control by the British government and other
friendly organizations.
August 20, 2005:
Keeping enemies close at the Google Dance
imho, CNN has significantly downplayed the power of "web search
optimization", referring to it as "dirty tricks for pathetic losers". Please!
This optimization is a very large industry, and there are examples
of ridiculous Google output where you start wondering if the ads are on the left
or on the right, because the entire front page looks like a cheezy commercial.
The question is, can they keep it under control, or is it going to turn into
Altavista?
I mean, sure, some output is very useful, especially when it comes to
commercially uninteresting phrases. By the way, it would be interesting to see
some statistics on the value of search phrases and their frequency. I'm sure
they have it from their search and AdWords...
June 17, 2005:
It is interesting how people in the Middle Ages liked to toy with covert
messages and puzzles: the
Voynich Manuscript and the possible
hints at
human anatomy in the Michelangelo frescoes are two fine examples of this.
May 25, 2005:
Internet infection holds files 'hostage' -- doesn't this remind of
"Superworms and Cryptovirology: a Deadly Combination"
? Oh, wait, there were no worms involved yet.
March 3, 2005:
Interesting
article on virus detection.
March 3, 2005:
Old but still funny:
Microsoft Announces Ads for the Blue Screen of Death
here.
"...Displayed more than a billion times a day..."
"...a captive audience, with over 90 percent of the computer desktops in the world..."
"...an excellent platform for advertisers, comparable only to the Super Bowl..."
These days there are even more business opportunities: crash warnings,
bug submission windows, etc...
February 18, 2005:
Serving your Tivoli Access Manager nice and fresh,
with whipped cream and caramel on top:
For best results,
the user's login shell should be the Korn shell (/usr/bin/ksh)
(TAM configuration guide)
October 20, 2004:
S.J. Palmisano, CEO
Steve Mills, Senior VP of software
Bill Zeitler, Senior VP of systems
August 30, 2004:
A few for 2005: Conferences
July 22, 2004:
This is amazing. This guy lived within a mile from me.
"charged with hacking government computers...prison time of up to 10 years"
July 3, 2004:
Winmedia player is worthless. Sometimes, however, one is forced to use it.
June 16, 2004:
This ... is cool. It is obvious that such initiatives (possibly tons of them)
exist, but the more googlecentric this universe becomes, the more itch you get to start contributing to these guys.
April 15, 2004:
Just out of curiosity, has anyone ever actually complied with the
original ACM paper template? What a truly powerful and elegant way
to humiliate and downgrade your annoying co-authors! The only improvement
I can suggest is banning their full names from the appendix
-- they take way too much space! Initials will do just as well.
April 3, 2004:
What the !^.*$! is a "regular expression"?
April 1, 2004:
and another one: Workshop on Advanced Developments in Software and Systems Security
March 18, 2004:
Frustration. Configuring sendmail, qpopper, uw imapd and squirrel mail at the same time.
It is assumed that acronyms AFS, DCE and PAM are self-explanatory.
March 7, 2004:
Oh, forgot to mention: Information Assurance Workshop
March 5, 2004:
Here is my little map of this crazy world: conferences and workshops
January 25, 2004:
You browse through a bunch of patents and you get depressed, since just about anything one can
think of these days is patented already. For example:
6,269,456 Method and system for providing automated updating and upgrading of antivirus applications using a computer network
So do all these other guys, Bullguard, Norton and others, license signature update mechanism
from NAI or what's the deal? Since it is apparently an original invention that belongs to NAI...
Actually, never mind, there are 6,651,249 and 5,790,796...
A couple of other interesting ones:
6,550,012 Active firewall system and methodology
6,275,942 System, method and computer program product for automatic response to computer system misuse using active response modules
other stuff to check out...
October 11, 2003:
Homestar Runner sits down and writes: "Hey Strong Bad, I built a time machine by putting a Gameboy in a blender. I used your blender and also your Gameboy. I will go into the future and buy you new ones."
August 1, 2003:
Watch out! An incredible new IDS is coming your way that will prove all the evil
Gartne
non-believers' lies wrong!!!
July 14, 2003:
billg's house in Medina, WA is niiice.
June 8, 2003:
That's it! No more IDS or automated response reasearch. All the problems just got solved, and we can finally go home. "The IntruShield system just bought by NAI has an unmatched capability to provide real-time detection and prevention of known, unknown and Denial of Service attacks..." ... "... patented ... Denial of Service (DoS) detection techniques ... " How curious...
You know, we sit here in the lab and try to change the world and stuff, and these guys already have everything in place, "at gigabit speeds"!
On the other hand, it is interesting to note that NAI is becoming more active in the IDS area, because they do have some great technology and talent, so I thought it was just the matter of time before they start offering their own IDS solution.
Intruvert merger FAQ
March 21, 2003:
That seems relevant: Cost-Benefit Analysis for Network Intrusion Detection Systems.
That also:
Toward Cost-Sensitive Modeling for Intrusion Detection and
Response.
February 25, 2003: Thanks go to Thomas Toth:
An interesting paper on cost-based response model.
January 27, 2003:
SHIM documentation
November 13, 2002:
Again, what makes a 36-year-old unemployed sysadmin from London go on to an extraordinarily time-consuming suicidal year-long hacking spree? I just don't get it.
(British version)
(US version)
October 29, 2002: Thanks go to Marcus:
Curious yellow coordinated worm design an extension of the Warhol worm.
October 28, 2002: Thanks go to Tye:
A nice little motivational article: $900M for five years for security research.
October 22, 2002:
Here we go again: "Attack On Internet Called Largest Ever ". What drives these people?
October 3, 2002:
Flew down to Irvine for the MURI workshop. Met some interesting people, including Prof. Mary Baker from Stanford. Learned a few things. Had a good time. Slides for our presentations.
August 21, 2002: A funny article about Yale-Princeton deal:
http://www.vnunet.com/New
s/1134007
August 12, 2002:
I went down to NAI to learn how to run SHIM from Calvin. He explained the whole process of starting SHIM,
which is kind of involved, and told me many other interesting things I didn't know about SHIM. Also, Patrick Leblanc helped me with wrappers.
August 7, 2002:
Marcus Tylutki is interested in response and he will contribute to the project. I'm becoming obsessed with this idea
of keeping track of number of incidents and raising the level of awareness of the system as that number goes up, or implementing
a similar framework that would look at the big historical picture. Marcus suggested actually combining the power of SHIM with
Jigsaw/CAML. Since SHIM is focused on programs and their behavior (regardless of the attack), and Jigsaw, on the other hand, focuses on specific attacks and
their combinations, if they both record incident data, we can combine it and use it to decide on the "level of system awareness", and potentially
prevent multistage attacks, maybe even unknown ones.
July 24, 2002: Fred
Cohen from Sandia (http://www.all.net) and his students were here
and gave an interesting talk on deception. From what I understood,
their earlier work was concentrated on network-level deception,
which is relatively easy to implement. Now they are moving on to the
host-based deception and the insider problem. Main ideas:
-
Attacks that are the hardest to decet occur when a user behaves in a
way that is close to legitimate. Therefore, as the users perform
some tasks that are legitimate, but suspicious, they eventually
become "suspects"
- Suspects can be fed fudged data or lead
down paths which a legitimate user will never use. Eventually, a
suspect will reveal himself that way.
- A suspicious process
can be "tunneled to a sandbox", which contains a replica of the real
system. Then the suspect has a chance to do all kinds of things to
provide evidence against himself without disrupting the real system.
If the process is actually proven to be innocent, it can go back to
the real system. Although this idea sounds attractive, it can be
very hard to implement.
Vicentiu, Fred's student, talked
about his system where when some process is marked suspicious, every
action it takes can be either successful or not, and return true or
fake result. That is decided by assigning a probability to every
action. How they decide on the probability values I did not catch.
He also said that he is trying to modify the kernel for his system
and the kernel is "very messy", which was something that Fred very
strongly agreed with. He even said something about re-writing the
Linux kernel in a structured way.
They also claim that their
approach to deception greatly reduces the number of false positives.
Deanna described her work, where every system call upon
returning executes a program's wrapper, which can then decide
whether it is safe torun this program.
July 15, 2002: Interesting trip to Network Associates, Inc., and SRI, a
portion of which was dedicated to discussing automated response with
Calvin Ko and Steven Cheung. Most of it was dedicated to other
projects: worms and SHIM-based intrusion detection. Calvin sent me
the SHIM and Generic Software Wrappers programs. Steven sent me
powerpoint slides on CAML -- Correlated Attack Modeling Language
analogous to Jigsaw.
July 1-10, 2002: A
series of meetings with Professor Levitt and Jeff trying to put
together some initial ideas.
|
I am a Ph.D. candidate at the UCD Security Lab. My thesis advisor is
Prof. Karl Levitt, I also work with Prof. Zhendong Su.
|
