The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats
(LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010
in San Jose, CA.
will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.
- Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
- Notification of acceptance: Wednesday, March 24, 2010
- Final papers due: Monday, April 5, 2010
- Michael Bailey, University of Michigan
- Dan Boneh, Stanford University
- Nick Feamster, Georgia Institute of Technology
- Jaeyeon Jung, Intel Labs, Seattle
- Christian Kreibich, International Computer Science Institute
- Patrick McDaniel, Pennsylvania State University
- Fabian Monrose, University of North Carolina, Chapel Hill
- Jose Nazario, Arbor Networks, Inc.
- Stefan Savage, University of California, San Diego
- Matt Williamson, AVG Technologies
- Yinglian Xie, Microsoft Research
- Vinod Yegneswaran, SRI International
Go submit your work!
Google's Anti-Malware team has prepared a moderator page where web masters and users can ask questions
and vote which questions they would like to see answered. The voting period ends on Friday, August 28th at which point the Anti-Malware team will prepare answers for some of the top-rated questions.
Nick just announced two new libevent releases. Here is his summary.
You can find the source in the usual place:
This is a bugfix-only release, and some of the bugs were kind of nasty. I'd recommend that you upgrade, especially if you are writing code that uses epoll or evdns.
Changes in 1.4.12-stable:
- Try to contain degree of failure when running on a win32 version so heavily firewalled that we can't fake a socketpair.
- Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
- Use _VA_ARGS_ syntax for varargs macros in event_rpcgen when compiler is not GCC.
- Activate fd events in a pseudorandom order with O(N) backends, so that we don't systematically favor low fds (select) or earlier-added fds (poll, win32).
- Fix another pair of fencepost bugs in epoll.c. [Patch from Adam Langley.]
- Do not break evdns connections to nameservers when our IP changes.
- Set truncated flag correctly in evdns server replies.
- Disable strict aliasing with GCC: our code is not compliant with it.
The first alpha release in the long-promised Libevent 2.0 series is finally out. You can download Libevent 2.0.2-alpha from:
This is an alpha release. Libevent 2.0 is not finished. There will be bugs, and we make no promises about the stability of any APIs introduced in the 2.0.x-alpha releases. When you find bugs, please let us know.
Libevent 2.0 is intended to be backward compatible with the Libevent 1.4 APIs[*]. Any program that worked with Libevent 1.4 should still work with Libevent 2.0, unless we screwed up. Please test your programs when you have a chance, so that if we did
screw up, we can notice soon.
[*] Unless you were messing around with the internals of internal structures.
This release adds many new features to the previous alpha release, and fixes many bugs. See the ChangeLog for full details. Highlights include:
- evdns is now threadsafe, with locking support
- There's an evconnlistener type that you can use to abstract cross-platform differences in accepting connections.
- The evbuffer interface (and therefore bufferevents) now supports zero-copy much better.
- About a zillion fixes for tricky bugs in the new Libevent 2.0.1-alpha code.
Special thanks to everybody who helped find bugs and improve the code, especially James Mansion, Zack Weinberg, and Joachim Bauch.
Yesterday, I managed to practice Aikido in Hamburg
for the first time in almost twelve years. The dojo at Charlottenstraße was beautiful with windows to the outside and plenty of light. The training was interesting and very enjoyable. I even managed to practice with a few folks from university times. Next week, it's back to the US and Aikido practice in Mountain View
The DirectShow vulnerabilities
are being exploited all over the place now. Unfortunately, the second vulnerability
in DirectShow is still unpatched and exploit sites seem to be jumping on this. There is even some evidence that it's possible to successfully exploit
are popping after every day
. DirectShow now seems to be what Flash and PDF were earlier in the year.