Create an Account
username: password:
 
  MemeStreams Logo

Post Haste

search

possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
  War on Terrorism
Recreation
Local Information
  Food
Science
Society
  International Relations
  Politics and Law
   Intellectual Property
  Military
Sports
Technology
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Being "always on" is being always off, to something.

Selected Papers from USENIX 2007
Topic: Technology 10:06 pm EDT, Jun 18, 2007

Yesterday I mentioned a paper from the upcoming USENIX 2007 conference. Here are a few more, selected more or less based on title and abstract. It would seem that XSS is top of mind right now.

Discoverer: Automatic Protocol Reverse Engineering from Network Traces

Application-level protocol specifications are useful for many security applications, including intrusion prevention and detection that performs deep packet inspection and traffic normalization, and penetration testing that generates network inputs to an application to uncover potential vulnerabilities. However, current practice in deriving protocol specifications is mostly manual.

In this paper, we present Discoverer, a tool for automatically reverse engineering the protocol message formats of an application from its network trace. A key property of Discoverer is that it operates in a protocol-independent fashion by inferring protocol idioms commonly seen in message formats of many application-level protocols.

We evaluated the efficacy of Discoverer over one text protocol (HTTP) and two binary protocols (RPC and CIFS/SMB) by comparing our inferred formats with true formats obtained from Ethereal [5]. For all three protocols, more than 90% of our inferred formats correspond to exactly one true format; one true format is reflected in five inferred formats on average; our inferred formats cover over 95% of messages, which belong to 30-40% of true formats observed in the trace.

SpyProxy: Execution-based Detection of Malicious Web Content

This paper explores the use of execution-based Web content analysis to protect users from Internet-borne malware. Many anti-malware tools use signatures to identify malware infections on a user’s PC. In contrast, our approach is to render and observe active Web content in a disposable virtual machine before it reaches the user’s browser, identifying and blocking pages whose behavior is suspicious. Execution-based analysis can defend against undiscovered threats and zero-day attacks. However, our approach faces challenges, such as achieving good interactive performance, and limitations, such as defending against malicious Web content that contains non-determinism. To evaluate the potential for our execution-based technique, we designed, implemented, and measured a new proxy-based anti-malware tool called SpyProxy.

SpyProxy intercepts and evaluates Web content in transit from Web servers to the browser. We present the architecture and design of our SpyProxy prototype, focusing in particular on the optimizations we developed to make on-the-fly execution-based analysis practical.

We demonstrate that with careful attention to... [ Read More (0.4k in body) ]


Stoner, by John Williams
Topic: Arts 9:07 pm EDT, Jun 18, 2007

Apparently this book is good ...

“A masterly portrait of a truly virtuous and dedicated man”—The New Yorker

“Why isn’t this book famous…Very few novels in English, or literary productions of any kind, have come anywhere near its level for human wisdom or as a work of art.”—C.P. Snow

“Serious, beautiful and affecting, what makes Stoner so impressive is the contained intensity the author and character share.”—Irving Howe, New Republic

“a quiet but resonant achievement”—The Times Literary Supplement

“Stoner by John Williams, contains what is no doubt my favorite literary romance of all time. William Stoner is well into his 40s, and mired in an unhappy marriage, when he meets Katherine, another shy professor of literature. The affair that ensues is described with a beauty so fierce that it takes my breath away each time I read it. The chapters devoted to this romance are both terribly sexy and profoundly wise.”—The Christian Science Monitor

Stoner, by John Williams


Steve Jobs in a Box
Topic: Technology 7:39 pm EDT, Jun 18, 2007

Has he peaked?

New York magazine offers a profile. Note that the VC quoted in the article believes that subscription is the future of music. Also:

"We passed the high-water mark for iPod profitability about six months ago. I don’t see it going anywhere but down. All of which is why the iPhone is so important for Apple.”

A competitor quips that the iPhone suffers from "the houseboat problem."

For a good recent story about a houseboat, check out Aboard the Sarabande; If Wanderlust Strikes, Their House Goes, Too, from the June 3 edition of the New York Times.

Steve Jobs in a Box


The General’s Report | Annals of National Security
Topic: War on Terrorism 6:24 am EDT, Jun 18, 2007

“Here I am,” Taguba recalled Rumsfeld saying, “just a Secretary of Defense, and we have not seen a copy of your report. I have not seen the photographs, and I have to testify to Congress tomorrow and talk about this.” As Rumsfeld spoke, Taguba said, “He’s looking at me. It was a statement.”

At best, Taguba said, “Rumsfeld was in denial.” Taguba had submitted more than a dozen copies of his report through several channels at the Pentagon and to the Central Command headquarters, in Tampa, Florida, which ran the war in Iraq. By the time he walked into Rumsfeld’s conference room, he had spent weeks briefing senior military leaders on the report, but he received no indication that any of them, with the exception of General Schoomaker, had actually read it. (Schoomaker later sent Taguba a note praising his honesty and leadership.) When Taguba urged one lieutenant general to look at the photographs, he rebuffed him, saying, “I don’t want to get involved by looking, because what do you do with that information, once you know what they show?”

Head, meet sand.

The General’s Report | Annals of National Security


Devices That Tell On You
Topic: High Tech Developments 6:24 am EDT, Jun 18, 2007

We analyze three new consumer electronic gadgets in order to gauge the privacy and security trends in mass-market UbiComp devices.

Our study of the Slingbox Pro uncovers a new information leakage vector for encrypted streaming multimedia. By exploiting properties of variable bitrate encoding schemes, we show that a passive adversary can determine with high probability the movie that a user is watching via her Slingbox, even when the Slingbox uses encryption. We experimentally evaluated our method against a database of over 100 hours of network traces for 26 distinct movies.

Despite an opportunity to provide significantly more location privacy than existing devices, like RFIDs, we find that an attacker can trivially exploit the Nike iPod Sport Kit's design to track users; we demonstrate this with a GoogleMaps-based distributed surveillance system. We also uncover security issues with the way Microsoft Zunes manage their social relationships.

We show how these products' designers could have significantly raised the bar against some of our attacks. We also use some of our attacks to motivate fundamental security and privacy challenges for future UbiComp devices.

Devices That Tell On You


In Sudan, an Animal Migration to Rival Serengeti
Topic: Science 6:21 am EDT, Jun 18, 2007

“It’s so far beyond anything you’ve ever seen, you can’t believe it,” Dr. Fay said. “You think you’re hallucinating.”

In Sudan, an Animal Migration to Rival Serengeti


McSweeney's Internet Tendency
Topic: Technology 6:18 am EDT, Jun 18, 2007

The title of this article is "In the Year 2030, the Young Hotshot at My Office Tries to Walk Me Through "Centaur," Apple's New Mind-Orb-based Operating System."

It's sort of like a Shouts & Murmurs ...

ME: For some reason, I can't get this report orb to beam.

HOTSHOT: Well, go ahead and materialize the topaz orb first. That should launch your facefield preferences.

ME: OK, here goes ... Wait, remind me, how do I get to the topaz orb? Sorry, I knew how to do this just a second ago—I imagine a shape, right?

HOTSHOT: Kind of. Defocus your eyes and visualize a beam of light illuminating a rhombus. That will materialize the topaz orb.

ME: Hmm ... It's still not working.

HOTSHOT: OK, let's back up a step. Which wormhole did you do your push-up in?

McSweeney's Internet Tendency


Joint failure
Topic: War on Terrorism 6:18 am EDT, Jun 18, 2007

Responsibility for the disaster of Iraq lies not only with the President of the United States, but also with the Joint Chiefs of Staff.

The president needs expert and candid military counsel.

Not yes-men in uniform.

Joint failure


Automated reverse engineering of nonlinear dynamical systems
Topic: Science 6:55 pm EDT, Jun 16, 2007

Complex nonlinear dynamics arise in many fields of science and engineering, but uncovering the underlying differential equations directly from observations poses a challenging task.

The ability to symbolically model complex networked systems is key to understanding them, an open problem in many disciplines. Here we introduce for the first time a method that can automatically generate symbolic equations for a nonlinear coupled dynamical system directly from time series data. This method is applicable to any system that can be described using sets of ordinary nonlinear differential equations, and assumes that the (possibly noisy) time series of all variables are observable.

Previous automated symbolic modeling approaches of coupled physical systems produced linear models or required a nonlinear model to be provided manually. The advance presented here is made possible by allowing the method to model each (possibly coupled) variable separately, intelligently perturbing and destabilizing the system to extract its less observable characteristics, and automatically simplifying the equations during modeling.

We demonstrate this method on four simulated and two real systems spanning mechanics, ecology, and systems biology. Unlike numerical models, symbolic models have explanatory value, suggesting that automated "reverse engineering" approaches for model-free symbolic nonlinear system identification may play an increasing role in our ability to understand progressively more complex systems in the future.

On the cover of the current issue of PNAS.

Automated reverse engineering of nonlinear dynamical systems


Going Balloon: An Interview with Forro in the Dark
Topic: Arts 5:37 pm EDT, Jun 16, 2007

Forro in the Dark is a band that brings not just the heat of Brazil to crowded, pulsing nightclubs — it brings the heart.

A group of five Brazilians and one American put their rhythmic spin on forró, a style of music and dance from the northeast of Brazil that is full of passion, joy, heartache, and love.

Forro in the Dark have been sneaking up the radar, as their latest album, Bonfires of São João, has been making waves from coast to coast.

Featuring such impressive guest vocalists as David Byrne, Bebel Gilberto, and Miho Hatori, FIT Dark have become an underground sensation with people in the know.

The hippest Manhattanites know that Nublu is where it’s at, and every Wednesday, FIT Dark can be heard making people sweat, sway, and groove until the sun rises.

Going Balloon: An Interview with Forro in the Dark


(Last) Newer << 321 ++ 331 - 332 - 333 - 334 - 335 - 336 - 337 - 338 - 339 ++ 349 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0