The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats
(LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010
in San Jose, CA.
will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.
- Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
- Notification of acceptance: Wednesday, March 24, 2010
- Final papers due: Monday, April 5, 2010
- Michael Bailey, University of Michigan
- Dan Boneh, Stanford University
- Nick Feamster, Georgia Institute of Technology
- Jaeyeon Jung, Intel Labs, Seattle
- Christian Kreibich, International Computer Science Institute
- Patrick McDaniel, Pennsylvania State University
- Fabian Monrose, University of North Carolina, Chapel Hill
- Jose Nazario, Arbor Networks, Inc.
- Stefan Savage, University of California, San Diego
- Matt Williamson, AVG Technologies
- Yinglian Xie, Microsoft Research
- Vinod Yegneswaran, SRI International
Go submit your work!
WOOT is the Workshop on Offensive Technologies
. This year, it's being held for the third time and the call for papers
just came out. Submissions are solicited for a variety of interesting topics including:
- Vulnerability research (software auditing, reverse engineering)
- Exploit techniques and automation
- Malware design and implementation (rootkits, viruses, bots, worms)
The last two years were a lot of fun and this years organizers are an eclectic bunch
of well known folks. If you have anything in the works, go submit it and we will see you at the workshop.
This release contains a number of small bug fixes:
- 32-bit compilation has been fixed
- 32-bit policies are no longer created as Linux64 with running on a 64-bit system
The source code can be downloaded here
A new version of Systrace that supports 64-bit Linux installations can be downloaded from here
. The major changes are support of 64-bit Linux with ptrace as well as 32-bit binaries under a 64-bit system. Let me know if you run into any issues with this.
for the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '09): Botnets, Spyware, Worms, and More is up at:
LEET '09 will be held on April 21, 2009 in Boston, MA immediately before the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI '09), which will take place April 22–24, 2009.
- Submissions due: January 16, 2009, 11:59 p.m. EST
- Notification of acceptance: March 2, 2009
- Electronic files due: March 30, 2009
This will be the second edition of LEET, which had evolved from the combination of two other successful workshops, the ACM Workshop on Recurring Malcode (WORM) and the USENIX Workshop on Hot Topics in Understanding Botnets (HotBots). These two workshops have each dealt with aspects of this problem. However, while papers relating to both worms and botnets are explicitly solicited, LEET has a broader charter than its predecessors. We encourage submissions of papers that focus on any aspect of the underlying mechanisms used to compromise and control hosts, the large-scale "applications" being perpetrated upon this framework, or the social and economic networks driving these threats.
I often use Tor
for anonymous web browsing; mostly when investigating malware distribution sites. Most people configure their browser so that it proxies HTTP via Privoxy
To prevent information leakage, we ideally would run a virtual machine that tunnels all traffic via Tor, such as the VirtualPrivacyMachine
. However, if you do not want to go through all that trouble, Systrace can come to the rescue. For investigations, I run Firefox under Systrace with a systrace policy that allows connections only to Privoxy. All other connections attempts are denied and logged. It is interesting to see how many connections Firefox tries to do all by itself that do not go via the proxy. There are update pings, and all kinds of other connections.
In this case, Systrace is not being used against an adversary but rather against an untrusted application. It works quite nicely at that, too.