Domain Blocking: The Problem of a Googol of Domains
Hi all, this is Jonathan Spring. I've written a bit about some challenges with blacklisting, such as about the dynamics of domain take-down: why e-crime pays (domains are so cheap it almost always...
View ArticleVulnerability Discovery for Emerging Networked Systems
Hi folks, Allen Householder here. I want to introduce some recent work we're undertaking to look at vulnerability discovery for emerging networked systems (including cyberphysical systems like home...
View ArticleDomain Name Parking
Hello, this is Jonathan Spring with my colleague Leigh Metcalf. Today, we're releasing a CERT/CC whitepaper on our investigations into domain name parking. The title summarizes our findings neatly:...
View ArticleVulnerability Coordination and Concurrency Modeling
Hi, it's Allen. In addition to building fuzzers to find vulnerabilities (and thinking about adding some concurrency features to BFF in the process), I've been doing some work in the area of...
View ArticleNew Technical Report Discusses the Regional Use of Social Networking Tools
Hello, this is Kate Meeuf of the SEI's Situational Awareness team. I'm pleased to announce the publication of the new technical report, Regional Use of Social Networking Tools, which explores regional...
View ArticleWhat's Different About Vulnerability Analysis and Discovery in Emerging...
Hi folks, Allen Householder here. In my previous post, I introduced our recent work in surveying vulnerability discovery for emerging networked systems (ENS). In this post, I continue with our findings...
View ArticleThe Risks of SSL Inspection
Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications...
View ArticleBaseline Network Flow Examples
Hi. This is Angela Horneman of the SEI's Situational Awareness team. I've generated service specific network flows to use as baseline examples for network analysis and am sharing them since others may...
View ArticleMaking YAF App Labels from Text-Based Snort Rules
Ever want to use a Snort-like rule with SiLK or Analysis Pipeline to find text within packets? Timur Snoke and I were recently discussing how we could do this and realized that while neither SiLK nor...
View ArticleDomain Blacklist Ecosystem - A Case Study
Hi all, this is Jonathan Spring with my colleagues Leigh Metcalf and Rhiannon Weaver. We've been studying the dynamics of the Internet blacklist ecosystem for a few years now and the 2015 Verizon Data...
View ArticleYAF App Label Signature Context with Analysis Pipeline
In my last post, I presented how to create a YAF application label signature rule that corresponds to a text-based Snort-type rule. In this post, I discuss methods for using Analysis Pipeline to...
View ArticleLike Nailing Jelly to the Wall: Difficulties in Defining "Zero-Day Exploit"
During the Watergate hearings, Senator Howard Baker asked John Dean a now-famous question: "My primary thesis is still: What did the president know, and when did he know it?" If you understand why that...
View ArticleThe Risks of Disabling the Windows UAC
While investigating a few of the exploits associated with the recent HackingTeam compromise, I realized an aspect of the Windows User Account Control (UAC) that might not be widely known. Microsoft has...
View ArticleComments on BIS Wassenaar Proposed Rule
Art Manion and I recently submitted comments to the Department of Commerce Bureau of Industry and Security on their proposed rule regarding Wassenaar Arrangement 2013 Plenary Agreements Implementation:...
View ArticleReach Out and Mail Someone
Every day, we receive reports from various security professionals, researchers, hobbyists, and even software vendors regarding interesting vulnerabilities that they discovered in software....
View ArticleInstant KARMA Might Still Get You
About a year ago, I started looking into Android applications that aren't validating SSL certificates. Users of these applications could be at risk if they fall victim to a man-in-the-middle (MITM)...
View ArticleRecent Conference Presentations by the Vulnerability Analysis Team
A number of us on the Vulnerability Analysis team have been out and about giving talks at various conferences recently. This post provides links to the presentation slides, related blog posts, and the...
View ArticleCVSS and the Internet of Things
There has been a lot of press recently about security in Internet of Things (IoT) devices and other non-traditional computing environments. Many of the most talked about presentations at this year's...
View ArticleDifferences Between ASLR on Windows and Linux
Hi folks, it's Will again. In my last blog entry, I discussed a behavior of NX on the Linux platform. Given that NX (or DEP as it's known on the Windows platform) and Address Space Layout Randomization...
View ArticleTaking Control of Linux Exploit Mitigations
Hey, it's Will. In my last two blog entries, I looked at aspects of two exploit mitigations (NX and ASLR) on the Linux platform. With both cases, Linux left a bit to be desired. In this post, I will...
View Article
