|
Allen Householder
@
__adh__
pittsburgh, pa
|
|
infosec as a complex system: vul disc[overy|losure], p[ro[bability|tocols]|ython|hysics], math, eco[nomics|logy], trust, & better models ∀ of it.
@certcc
|
|
|
385
Tweetovi
|
799
Pratim
|
513
Osobe koje vas prate
|
| Tweetovi |
|
Allen Householder
@__adh__
|
3. velj |
|
Cc @brettbalogh 🙂
|
||
|
|
||
| Allen Householder proslijedio/la je tweet | ||
|
Carla Riseman
@ShesAllWrite
|
1. velj |
|
Phil, I got you, boo. ~ Punxsutawney Phil Drunk Dials His High School Crush - McSweeney’s Internet Tendency mcsweeneys.net/articles/punxs…
|
||
|
|
||
|
Allen Householder
@__adh__
|
1. velj |
|
Someone else mentioned physical locks: note that like a Turing Test, physical keys authenticate you as a member of a class (keyholders) but not as a specific person. The association from authenticator to identity is basically metadata. Social example: en.wikipedia.org/wiki/Shibboleth
|
||
|
|
||
|
Allen Householder
@__adh__
|
1. velj |
|
Days like today make me wonder: 100 years from now, who will the history books say really won the Cold War.
|
||
|
|
||
|
Allen Householder
@__adh__
|
1. velj |
|
The weirdest part is not that I have no idea which side of said pond you find yourself, but that the distinction doesn’t matter one bit.
|
||
|
|
||
|
Allen Householder
@__adh__
|
1. velj |
|
That seems like it confuses the instance for the class.
|
||
|
|
||
|
Allen Householder
@__adh__
|
31. sij |
|
Gut reaction: authentication is the input you provide to an authorization system, access granted / denied is the output. So a Turing Test itself seems squarely in authentication land whereas any system making a decision thereupon is likely doing authorization.
|
||
|
|
||
|
Allen Householder
@__adh__
|
31. sij |
|
Bookmarking this in case I ever need to update insights.sei.cmu.edu/cert/2015/07/l… I think the malware evasion part is rather novel.
|
||
|
|
||
|
Allen Householder
@__adh__
|
29. sij |
|
I'm finding it hard to be petty I guess. 🙂
|
||
|
|
||
|
Allen Householder
@__adh__
|
29. sij |
|
I'll admit that. Here's a softer one: I loathe passive voice because it hides the fact of actors doing things. "The vul was exploited...", nope. These aren't just natural phenomenon that happen. "An unknown adversary exploited the vul..." reminds you of what you don't know.
|
||
|
|
||
|
Allen Householder
@__adh__
|
29. sij |
|
Detailed technical reports that don't answer the "so what?" question. Basically a problem of jumping right into the deep end without convincing me that I should care enough to follow along. Why was *this* thing you analyzed interesting? How would I know if it matters to me?
|
||
|
|
||
|
Allen Householder
@__adh__
|
27. sij |
|
Different Y dimension of course (Unique IPs vs Unique samples), and the timescales are way different for worm propagation. But similar math at play, by the looks of it.
|
||
|
|
||
|
Allen Householder
@__adh__
|
27. sij |
|
This is neat. It reminds me of some analysis I did¹ with Code Red in July 2001 that wound up in Scientific American²
¹resources.sei.cmu.edu/asset_files/Wh…
²scientificamerican.com/index.cfm/_api… pic.twitter.com/vPxPmJa0Uo
|
||
|
|
||
| Allen Householder proslijedio/la je tweet | ||
|
Will Dormann
@wdormann
|
24. sij |
|
Based on suggestions from @RonnyTNL and @__adh__ I've updated gist.github.com/wdormann/0a6ee…
No longer requires dumpbin.exe or listdlls.exe (if Python pefile and psutil are available). Also exports the findings as a CSV.
Any reported app is a good candidate for EMET or WDEG force ASLR! pic.twitter.com/oTSzeElm2d
|
||
|
|
||
|
Allen Householder
@__adh__
|
24. sij |
|
This just in: Ancient humans sound like Minecraft villagers. twitter.com/NewsfromScienc… pic.twitter.com/zXY5u9B9dj
|
||
|
|
||
|
Allen Householder
@__adh__
|
24. sij |
|
Caveats: BFF does some ML-based steering of fuzzing parameters and seedfile selection, but doesn't make decisions based on coverage. Also, we were going for empirical improvements not modeling. "Poisson-like" in the above does not imply that we did statistical fit tests.
|
||
|
|
||
|
Allen Householder
@__adh__
|
24. sij |
|
Second piece of evidence that something else was going on: We expected the interarrival time of new unique crashes within a single process to get longer, but in really long campaigns (weeks) it seemed to just settle into a relatively steady poisson-like process.
|
||
|
|
||
|
Allen Householder
@__adh__
|
24. sij |
|
We were trying to do a capture-recapture thing, but the results led us to start questioning our backtrace hashing technique for crash uniqueness. (Counting "unique" bugs turns out to be hard.)
|
||
|
|
||
|
Allen Householder
@__adh__
|
24. sij |
|
I don't have data on this at the moment. But a few years ago we ran a few dozen instances of BFF (one fuzzer process per VM, slightly oversubscribed VMs to cores), and beyond some core common set, we were getting really disjoint sets of crashers from different machines.
|
||
|
|
||
| Allen Householder proslijedio/la je tweet | ||
|
XKCD Comic
@xkcdComic
|
24. sij |
|
|
||
|
|
||