Niels Provos

Tom Pusateri reported success with using OpenSSL client certificates and libevent's builtin OpenSSL support. Here is what he wrote on the mailing list:

I tried 2.0.3 alpha against the Apple Push notification feedback service which requires a client key/certificate and it works great.

One hint... Make sure you add the key and cert to the SSL context before calling SSL_new(). Otherwise, you'll get an error that looks like:

sslv3 alert handshake failure in SSL routines SSL3_READ_BYTES

Here's the working code:

static void
init_feedback_service(struct event_base *ev_base,
    struct evdns_base *dns)
{
   int rc;
   struct bufferevent *bev;
   SSL_CTX *ssl_ctx;
   SSL *ssl;

   ssl_ctx = SSL_CTX_new(SSLv3_method());

   rc = SSL_CTX_use_certificate_file(ssl_ctx, "my_apple_cert_key.pem",
       SSL_FILETYPE_PEM);
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load certificate file");
   }
   rc = SSL_CTX_use_PrivateKey_file(ssl_ctx, "my_apple_cert_key.pem",
       SSL_FILETYPE_PEM);
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load private key file");
   }

   ssl = SSL_new(ssl_ctx);
   bev = bufferevent_openssl_socket_new(ev_base, -1, ssl,
       BUFFEREVENT_SSL_CONNECTING, BEV_OPT_CLOSE_ON_FREE);
   bufferevent_setcb(bev, feedback_read_cb, NULL,
       feedback_event_cb, NULL);
   rc = bufferevent_socket_connect_hostname(bev, dns, AF_INET,
       "feedback.sandbox.push.apple.com", 2196);
   if (rc < 0) {
       warnx("could not connect to feedback service: %s",
             evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR()));
       bufferevent_free(bev);
       return;
   }
   bufferevent_enable(bev, EV_READ);
}

It has been a while since the last alpha release of libevent-2.0. Yesterday, we released 2.0.3-alpha which can be downloaded from

http://monkey.org/~provos/libevent-2.0.3-alpha.tar.gz

Please, give it a spin and let us know if you run into any problems. There have been a lot of changes since the last release, mostly due to Nick's hard work. Here are just some highlights, the ChangeLog contains the full story:

- SSL/TLS support on bufferevents, using the OpenSSL library
- Improved searching on evbuffer objects
- Improved support for Windows
- More efficient memory allocation for event_bases that use epoll
- Improved thread-safety
- The IOCP bufferevent backend is now exposed on Windows; many thanks to Christopher Davis for his work.

Many thanks to everyone who helped with patches and bug reports including Rocco Carbone, Brodie Thiesfield, Caitlin Mercer, David Reiss, Alexander Pronchenkov, Jacek Masiulaniec, Ka-Hing Cheung, Christopher Davis, Ferenc Szalai, and Ryan Phillips.

Edited to fix the link.

We just released a new stable version of Libevent that fixes the following problems:

• If the kernel tells us that there are a negative number of bytes to read from a socket, do not believe it. Fixes bug 2841177; found by Alexander Pronchenkov.
• Do not allocate the maximum event queue and fd array for the epoll backend at startup. Instead, start out accepting 32 events at a time, and double the queue's size when it seems that the OS is generating events faster than we're requesting them. Saves up to 512K per epoll-based event_base. Resolves bug 2839240.
• Fix compilation on Android, which forgot to define fd_mask in its sys/select.h
• Do not drop data from evbuffer when out of memory; reported by Jacek Masiulaniec
• Rename our replacement compat/sys/_time.h header to avoid build a conflict on HPUX; reported by Kathryn Hogg.
• Build kqueue.c correctly on GNU/kFreeBSD platforms. Patch pulled upstream from Debian.
• Fix a problem with excessive memory allocation when using multiple event priorities.
• When running set[ug]id, don't check the environment. Based on a patch from OpenBSD.

A new alpha release of libevent 2.0 is on its way, too. Thanks to everyone who submitted patches and bug reports.

The source code is available at http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz. Don't forget to verify the signature.

A while ago, I forged a San Mai billet with the hope to turn it into a tanto. Unfortunately, the forge I was using had a very oxygen rich atmosphere and the welds did not take very well. Over the last couple of days, I spent some time grinding and heat treating the remaining steel into a knife for practice purposes. The cable structure of the knife came out very nicely with repeated applications of lemon juice and metal polish to remove the oxides left by the lemon juice etch.

I also figured out how to take decent pictures of the steel. The trick was to use direct light rather than diffused light that shines directly on the blade, and then have black surfaces inside the light box. The angle of the knife needs to be so that the black is reflected do the camera. Although, this is a failed knife due to all the welding flaws, it still was an interesting experiment.

I just finished taking the 5-day basic forging class taught by Michael Bell at Dragonfly Forge. The wakizashi in the picture is the result of it. The blade is about 18in long and was forged from forge-welded cable. The forge welding of the cable conducted by Michael and his son Gabriel took the better half of the first day. Afterward, the steel was forged into a sunobe which has the basic taper for the tang and point of the sword. We then forged in the ji and the shinogi ji. The remainder of the time was spent grinding in preparation for heat treatment. Before the clay was applied, we draw filed the blade so that all file marks were parallel with the edge rather than the perpendicular marks left by the belt grinder. Applying the clay was a three step process; a light coating of the whole blade, applying the ashi lines, and then coating everything that should remain soft. You can see the ashi and where the clay was applied on the middle picture. After heat treating, the blade took on a nice curve and it was back to the grinder. During the last day there was a little bit of time to polish on stones which showed hints of some very wild hamon as well as some mune yaki. The whole class was a great experience.

The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010 in San Jose, CA.

LEET '10 will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.

Important Dates

• Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
• Notification of acceptance: Wednesday, March 24, 2010
• Final papers due: Monday, April 5, 2010

Workshop Organizers
Program Chair

• Michael Bailey, University of Michigan

Program Committee

• Dan Boneh, Stanford University
• Nick Feamster, Georgia Institute of Technology
• Jaeyeon Jung, Intel Labs, Seattle
• Christian Kreibich, International Computer Science Institute
• Patrick McDaniel, Pennsylvania State University
• Fabian Monrose, University of North Carolina, Chapel Hill
• Jose Nazario, Arbor Networks, Inc.
• Stefan Savage, University of California, San Diego
• Matt Williamson, AVG Technologies
• Yinglian Xie, Microsoft Research
• Vinod Yegneswaran, SRI International

Go submit your work!

Google's Anti-Malware team has prepared a moderator page where web masters and users can ask questions and vote which questions they would like to see answered. The voting period ends on Friday, August 28th at which point the Anti-Malware team will prepare answers for some of the top-rated questions.

Nick just announced two new libevent releases. Here is his summary.

Libevent 1.4.12-stable:
You can find the source in the usual place:

http://monkey.org/~provos/libevent-1.4.12-stable.tar.gz

This is a bugfix-only release, and some of the bugs were kind of nasty. I'd recommend that you upgrade, especially if you are writing code that uses epoll or evdns.

Changes in 1.4.12-stable:

• Try to contain degree of failure when running on a win32 version so heavily firewalled that we can't fake a socketpair.
• Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
• Use _VA_ARGS_ syntax for varargs macros in event_rpcgen when compiler is not GCC.
• Activate fd events in a pseudorandom order with O(N) backends, so that we don't systematically favor low fds (select) or earlier-added fds (poll, win32).
• Fix another pair of fencepost bugs in epoll.c. [Patch from Adam Langley.]
• Do not break evdns connections to nameservers when our IP changes.
• Set truncated flag correctly in evdns server replies.
• Disable strict aliasing with GCC: our code is not compliant with it.

Libevent-2.0.2-alpha:
The first alpha release in the long-promised Libevent 2.0 series is finally out. You can download Libevent 2.0.2-alpha from:

http://monkey.org/~provos/libevent-2.0.2-alpha.tar.gz

This is an alpha release. Libevent 2.0 is not finished. There will be bugs, and we make no promises about the stability of any APIs introduced in the 2.0.x-alpha releases. When you find bugs, please let us know.

Libevent 2.0 is intended to be backward compatible with the Libevent 1.4 APIs[*]. Any program that worked with Libevent 1.4 should still work with Libevent 2.0, unless we screwed up. Please test your programs when you have a chance, so that if we did screw up, we can notice soon.
[*] Unless you were messing around with the internals of internal structures.

This release adds many new features to the previous alpha release, and fixes many bugs. See the ChangeLog for full details. Highlights include:

• evdns is now threadsafe, with locking support
• There's an evconnlistener type that you can use to abstract cross-platform differences in accepting connections.
• The evbuffer interface (and therefore bufferevents) now supports zero-copy much better.
• About a zillion fixes for tricky bugs in the new Libevent 2.0.1-alpha code.

Special thanks to everybody who helped find bugs and improve the code, especially James Mansion, Zack Weinberg, and Joachim Bauch.

Yesterday, I managed to practice Aikido in Hamburg for the first time in almost twelve years. The dojo at Charlottenstraße was beautiful with windows to the outside and plenty of light. The training was interesting and very enjoyable. I even managed to practice with a few folks from university times. Next week, it's back to the US and Aikido practice in Mountain View.

The DirectShow vulnerabilities are being exploited all over the place now. Unfortunately, the second vulnerability in DirectShow is still unpatched and exploit sites seem to be jumping on this. There is even some evidence that it's possible to successfully exploit the vulnerability without even using JavaScript. New exploit domains are popping after every day. DirectShow now seems to be what Flash and PDF were earlier in the year.

I had time to forge down the 2in pipe for the nozzle today which completed everything needed for the burner. Here is a video of the first test run. Propane and air can be mixed separately via the gate valves which should allow precise control over the atmosphere in the forge.

The landlord visited today while I was working on some bolt jaw tongs. When he saw me blacksmithing, he told me that he used to turn the crank blower for a blacksmith when he was a boy and recited the following poem:

Under a spreading chestnut tree
The village smithy stands;
The smith, a mighty man is he,
With large and sinewy hands;
And the muscles of his brawny arms
Are strong as iron bands.

His hair is crisp, and black, and long,
His face is like the tan;
His brow is wet with honest sweat,
He earns whate'er he can,
And looks the whole world in the face,
For he owes not any man.

We recently published an article on web-based malware in ACM's Queue Magazine. It provides a short overview of some of the challenges with detecting malicious web sites such as social engineering and examples of techniques for compromising web sites, e.g. htaccess redirection on Apache, etc. This is the article on which my recent ISSNet talk was based.

I learned how to make a monkey tool today. Monkey tools can be used for dressing tenons. The basic procedure is as follows.
Take 1in square stock and chamfer the edges. Take a slot punch and move it about an 1in from the corner - this is the hammer end. Line the slot punch up very carefully, so that its straight and divides the stock in the middle. Hit it a couple times to get a registration. Now, get the stock nice and hot, align the slot punch with the registration, hit it hard three times, cool the slot punch in water, rotate it by 180 degrees and repeat. At some point, the slot punch is almost through, flip the stock over and use the slot punch to punch out the remaining piece of metal. Now, use a drift to open up the hole to the desired size. Start the drift from the other side of the slot. Doing this over the hardy hole is a good idea. With the slot still inserted, dress up the faces. Then chamfer the corners. Cut off the other side for the length of the tenon and drill a hole of the right size.
That's it. Out of the four holes I drifted only two came out sort of in the middle