This is the week of USENIX, as they have several security related workshops, and their annual Security Symposium. On Monday, there was the Workshop on Offensive Technologies, and I was lucky enough to get invited to the workshop.
Paul Vixie started the event by talking about the DNS cache poisoning vulnerability. He didn’t talk about the actual vulnerability because Dan Kaminsky will be discussing it at the upcoming Black Hat USA Briefings. But he did talk about the patch, and other solutions that could possibly fix the DNS cache poisoning vulnerability. He did note that the patch isn’t a 100% fix, as it is a statistical patch against a statistical vulnerability.
Many of the other presentations were very interesting as well. Here are a couple Workshop on Offensive Technologies presentations that I enjoyed:
- Insecure Context Switching: Inoculating Regular Expressions for Survivability by Will Drewry and Tavis Ormandy
- There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits by Marco Cova, Christopher Kruegel, and Giovanni Vigna
- Reverse Engineering Python Applications by Aaron Portnoy and Ali-Rizvi Santiago
- Exploitable Redirects on the Web: Identification, Prevalence, and Defense by Craig A. Shue, Andrew J. Kalafut, and Minaxi Gupta
And here are the rest of the Workshop on Offensive Technologies presentations:
- Experiences with Model Inference Assisted Fuzzing by Joachim Viide, Aki Helin, Marko Laakso, Pekka Pietikäinen, Mika Seppänen, Kimmo Halunen, Rauli Puuperä, and Juha Röning
- Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods by Elizabeth Stinson and John C. Mitchell
- Modeling the Trust Boundaries Created by Securable Objects by Matt Miller