Skip to content

LEET '10 Call for Papers

The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010 in San Jose, CA.

LEET '10 will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.

Important Dates
  • Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
  • Notification of acceptance: Wednesday, March 24, 2010
  • Final papers due: Monday, April 5, 2010

Workshop Organizers
Program Chair
  • Michael Bailey, University of Michigan
Program Committee
  • Dan Boneh, Stanford University
  • Nick Feamster, Georgia Institute of Technology
  • Jaeyeon Jung, Intel Labs, Seattle
  • Christian Kreibich, International Computer Science Institute
  • Patrick McDaniel, Pennsylvania State University
  • Fabian Monrose, University of North Carolina, Chapel Hill
  • Jose Nazario, Arbor Networks, Inc.
  • Stefan Savage, University of California, San Diego
  • Matt Williamson, AVG Technologies
  • Yinglian Xie, Microsoft Research
  • Vinod Yegneswaran, SRI International

Go submit your work!
Categories: Malware, News, Security, SpyBye, Systrace
Defined tags for this entry: , , ,

WOOT'09 Call For Papers


WOOT is the Workshop on Offensive Technologies. This year, it's being held for the third time and the call for papers just came out. Submissions are solicited for a variety of interesting topics including:

  • Vulnerability research (software auditing, reverse engineering)
  • Exploit techniques and automation
  • Malware design and implementation (rootkits, viruses, bots, worms)

The last two years were a lot of fun and this years organizers are an eclectic bunch of well known folks. If you have anything in the works, go submit it and we will see you at the workshop.
Categories: News, SpyBye, Systrace
Defined tags for this entry: ,

Systrace 1.6g released

This release contains a number of small bug fixes:

- 32-bit compilation has been fixed
- 32-bit policies are no longer created as Linux64 with running on a 64-bit system

The source code can be downloaded here [sig].
Categories: News, Systrace
Defined tags for this entry: ,

Systrace 1.6f with 64-bit Linux ptrace support

A new version of Systrace that supports 64-bit Linux installations can be downloaded from here. The major changes are support of 64-bit Linux with ptrace as well as 32-bit binaries under a 64-bit system. Let me know if you run into any issues with this.
Categories: News, Systrace
Defined tags for this entry: , ,

LEET '09 Call for Papers

The CfP for the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '09): Botnets, Spyware, Worms, and More is up at:

http://www.usenix.org/event/leet09/cfp/.

LEET '09 will be held on April 21, 2009 in Boston, MA immediately before the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI '09), which will take place April 22–24, 2009.

Important Dates
  • Submissions due: January 16, 2009, 11:59 p.m. EST
  • Notification of acceptance: March 2, 2009
  • Electronic files due: March 30, 2009

This will be the second edition of LEET, which had evolved from the combination of two other successful workshops, the ACM Workshop on Recurring Malcode (WORM) and the USENIX Workshop on Hot Topics in Understanding Botnets (HotBots). These two workshops have each dealt with aspects of this problem. However, while papers relating to both worms and botnets are explicitly solicited, LEET has a broader charter than its predecessors. We encourage submissions of papers that focus on any aspect of the underlying mechanisms used to compromise and control hosts, the large-scale "applications" being perpetrated upon this framework, or the social and economic networks driving these threats.
Categories: News, Security, Systrace
Defined tags for this entry: , , ,

Anonymity, Tor and Your Browser

I often use Tor for anonymous web browsing; mostly when investigating malware distribution sites. Most people configure their browser so that it proxies HTTP via Privoxy to the Tor network. At that point, Tor is doing your DNS resolutions and also hides your TCP connections from preying eyes. Or at least, so one would think. There are many ways in which an adversary can trivially circumvent this setup. For example, if we configure the browser to proxy only HTTP, a malicious web page can easily open an HTTPS connection and reveal your IP address. Things get much worse when scripting languages such as Javascript, Flash or Java come into play. Flash can open raw sockets and learn a lot about your local environment.

To prevent information leakage, we ideally would run a virtual machine that tunnels all traffic via Tor, such as the VirtualPrivacyMachine. However, if you do not want to go through all that trouble, Systrace can come to the rescue. For investigations, I run Firefox under Systrace with a systrace policy that allows connections only to Privoxy. All other connections attempts are denied and logged. It is interesting to see how many connections Firefox tries to do all by itself that do not go via the proxy. There are update pings, and all kinds of other connections.

In this case, Systrace is not being used against an adversary but rather against an untrusted application. It works quite nicely at that, too.
Categories: Systrace
Defined tags for this entry: , ,