Brett Stone-Gross Ryan Abman Richard A. Kemmerer Christopher Kruegel Douglas G Steigerwald Presentation [PDF] Twitter transcript #weis2011 presenting analysis of *actual* data from 21 servers from 3 multi-million $ fake a/v ops!!! < #spiffy #weis2011 showing example of fake a/v exploit that was embedded in HTML. good walkthrough. useful slides for an orgs tech ed/brown... Continue reading
Post Category → Information Security
WEIS 2011 :: Session 1 :: Attacks :: Sex, Lies & Cyber-crime Survey
Presentation [PDF]
WEIS 2011 :: Session 1 :: Attacks :: Where Do All The Attacks Go?
Dinei Florncio Cormac Herley Presentation [PDF] Twitter transcript #weis2011 New threat model (that may scale). Rather than use individual users & attackers, use population of users, pop of attackers #weis2011 assumption/proposition: attacker attacks when Expected{gain} > Expected{loss} #weis2011 (me) more good math on the slides. using the populations, they made a probability model to predict… Continue reading
WEIS 2011 :: Session 1 :: Attacks :: The Impact of Immediate Disclosure on Attack Diffusion & Volume
Sam Ransbotham Sabayasachi Mitra Presentation [PDF] Twitter transcript #weis2011 Does immediate disclosure of vulns affect exploitation attempts? Looking at impact on risk/diffusion/volume #weis2011 speaker is presenting standard attack process & security processes timelines (slides will be in the blog post) #weis2011 the fundamental question is when from the vulnerability discovery to patch development is disclosure… Continue reading
WEIS 2011 :: Keynote :: Dr Christopher Greer
Dr Greer [cgreer at ostp.eop.gov] is Assistant Director, Information Technology R&D, Office of Science & Technology Policy, The White House Opening: “The expertise of the attendees is greatly needed.” He provided a broad overview of the goals & initiatives of the federal government as they relate to domestic & international cybersecurity. Greer went through the… Continue reading
Dropbox 1.2.0 Experimental Build “Fixes” Security Issue
If you are concerned about the Dropbox design flaw exposed by the dbClone attack, then have we got a link for you! The intrepid DB devs have tossed up a forum release which purports to fix all the thorny security issues. You can no longer just copy a config file to a separate machine to… Continue reading
A Fully Operational OS X dbClone
Spent some time today updating the missing bits of the OS X version of the Dropbox cloner I uploaded last night. You can just grab the executable or grab the whole project from the github repository. The app can now backup/restore of local config, clone dropbox configs to a URL/file and also impersonate a captured… Continue reading
dbClone “hack” for OS X
UPDATE: Check out the newer post on additional features. There has been much ado of late about Dropbox security with one of the most egregious issues being how easy it is to surreptitiously “clone” someone else’s Dropbox by obtaining just one piece of data – the host id – from the Dropbox SQLite config.db. Moloch… Continue reading