Blogroll

I keep thinking about the news reports that Chinese hackers managed to exfiltrate six terabytes of sensitive data from a large number of systems belonging to the Department of Homeland Security in November 2007. It seems like that would be impossible to do without being detected. But, I have to wonder, since the famous Richard Stiennon paper, Intrusion Detection is Dead, organizations have been replacing IDS with IPS, and maybe, just maybe, they think the devices do their job in some kind of "fire and forget" mode. Sourcefire was kind enough to allow me to interview Snort creator and Sourcefire CEO Marty Roesch on this topic.

Dr. Anton Chuvakin from LogLogic is probably the number one authority on system logging in the world, and his employer is probably the leading vendor for logging, so we appreciate this opportunity to share in his insights.

One of the ongoing research projects in the Security Laboratory is to work with the thought leaders in information security to get an understanding of their vision for our industry. We have recently had the honor of working with Kishore Kumar, CEO of Pari Networks, and we certainly thank him for his time.

The Leadership lab came across an interesting company, Itiva. Their CTO, Dr. Robert Arn, was kind enough to share his time and thoughts with our readers, and we certainly thank him for his time.

Charles Edge talks with Stephen Northcutt about security issues in the Mac world; even though the core OS is pretty safe, there are vulnerabilities that every Mac user should be aware of.

Stephen Northcutt interviews Mike Weider, CTO of Watchfire, regarding recent trends in web app vulnerabilities as well as his company's solutions for web application security.

The Leadership Laboratory recently posted a book review of The Art of Software Security Assessment. The book raises a number of issues that we would love to explore further and the authors, Mark Dowd, John McDonald and Justin Schuh have graciously agreed to an interview. One section was titled Code Auditing and the Development Life Cycle and we used that as the basis of the interview.

Ryan Barnett, Director of Application Security Training at Breach Security, Inc. talks with Stephen Northcutt about the current state of web application security.

Dinis Cruz, Director of Advanced Technology for Ounce Labs, talks with Stephen Northcutt about the many facets of OWASP, as well as the important questions that need real answers in order to develop secure web applications.

Brian Chess, Chief Scientist for Fortify Software, talks with Stephen Northcutt about static analysis and other web application security solutions.

Stephen Northcutt interviews Caleb Sima about the development of Caleb's company, SPI Dynamics, and the increasing need for solutions for web application security.

An interview with David Hoelzer describing DAD, an open source Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time.

Ce qui est toujours plaisant lors de montée de version d’un outil, restera toujours la découverte des nouveautés  et ensuite … le recherche délicate des fonctions d’origine … sans parler des fonctions désormais absentes … A chaque migration, l’outil ...

Il est vraiment difficile d’arriver à suivre toutes les nouveautés et autres informations diverses et variés sur SharePoint et Office 2016, On peut passer à coté de certaines …pas d’une nouveauté mais plutôt d’une disparition, d’une feature deprecate...

The lower layers in the modern computing infrastructure are written in languages threatened by exploitation of memory management errors. Recently deployed exploit mitigations such as control-flow integrity (CFI) can prevent traditional return-oriented programming (ROP) exploits but are much less effective against newer techniques such as Counterfeit Object-Oriented Programming (COOP) that execute a chain of C++ virtual methods. Since these methods are valid control-flow targets, COOP attacks are hard to distinguish from benign computations. Code randomization is likewise ineffective against COOP. Until now, however, COOP attacks have been limited to vulnerable C++ applications which makes it unclear whether COOP is as general and portable a threat as ROP. This paper demonstrates the first COOP-style exploit for Objective-C, the predominant programming language on Apple’s OS X and iOS platforms. We also retrofit the Objective-C runtime with the first practical and efficient defense against our novel attack. Our defense is able to protect complex, real-world software such as iTunes without recompilation. Our performance experiments show that the overhead of our defense is low in practice.

Modeling relation paths has offered significant gains in embedding models for knowledge base (KB) completion. However, enumerating paths between two entities is very expensive, and existing approaches typically resort to approximation with a sampled subset. This problem is particularly acute when text is jointly modeled with KB relations and used to provide direct evidence for facts mentioned in it. In this paper, we propose the first exact dynamic programming algorithm which enables efficient incorporation of all relation paths of bounded length, while modeling both relation types and intermediate nodes in the compositional path representations. We conduct a theoretical analysis of the efficiency gain from the approach. Experiments on two datasets show that it addresses representational limitations in prior approaches and improves accuracy in KB completion.

Time-travel debugging (TTD) lets developers step backward as well as forward through a program’s execution. TTD is a powerful mechanism for diagnosing bugs, but previous approaches suffer from poor performance due to checkpoint and logging overhead, or poor fidelity because important information like GUI state is not tracked. In this paper, we describe how to provide highperformance and high-fidelity TTD to programs written in managed languages. Previous high-performance debuggers treat components external to the program like the GUI as black boxes, but that is not sufficient for highfidelity time-travel. Instead, we advocate for a gray-box approach that keeps these components live and in sync with the program during time-travel. The key insight is that managed runtime APIs expose most of the functionality required to do this; where it does not, we extend the runtime with a small number of non-intrusive interrogative interfaces. To demonstrate the power of our gray-box approach, we implement ReJS, a time-traveling debugger for web applications. ReJS imposes imperceptible tracing overhead, and its logs typically grow less than 1 KB/s. As a result, ReJS is performant enough to be deployed in the wild; real client machines can ship buggy execution traces across the wide area to developer-side machines for debugging.

We present fast and compact implementations of FourQ (ASIACRYPT 2015) on field-programmable gate arrays (FPGAs), and demonstrate, for the first time, the high efficiency of this new elliptic curve on reconfigurable hardware. By adapting FourQ's algorithms to hardware, we design FPGA-tailored architectures that are significantly faster than any other ECC alternative over large prime characteristic fields. For example, we show that our single-core and multi-core implementations can compute at a rate of 6389 and 64730 scalar multiplications per second, respectively, on a Xilinx Zynq-7020 FPGA, which represent factor-2.5 and 2 speedups in comparison with the corresponding variants of the fastest Curve25519 implementation on the same device. These results show the potential of deploying FourQ on hardware for high-performance and embedded security applications. All the presented implementations exhibit regular, constant-time execution, protecting against timing and simple side-channel attacks.

We describe VisFlow, a system that efficiently analyzes the feeds from many cameras. Ubiquitous camera deployments are widely used for security, traffic monitoring, and customer analytics. However, existing methods to analyze the video feeds in real-time or post-facto do not scale and are error-prone. Our key contributions are two-fold. Surveillance video is hard to analyze because it has low-resolution, many objects per frame, varying light, etc. By leveraging the fixed perspective of surveillance cameras, we show that typical vision tasks can be performed with high accuracy. Next, to efficiently process many feeds, we use a relational dataflow system. We observe that (i) even vision queries that seem different have common parts (e.g., background subtraction and feature extraction), (ii) often neither camera-level or frame-level parallelism lead to good executions, and (iii) the best execution plans vary with input size. By extending query optimization techniques, VisFlow computes efficient execution plans for vision queries, parallelizing as needed. Evaluation on traffic videos from a large city on complex vision queries shows many fold improvements in accuracy, query completion time and resource usage relative to existing systems.