Never, never, never try to outdrink the Polish. Don't even try to "catch up". You'll just be entering a world of pain.

Christopher and I have published a short article on alert verification over at HHWorld. We give a short description of our implementation as well as an overview of the categories of alert verification techniques which can be employed by an IDS.

Not particularly religious? Too busy to drop by your designated place of worship? Now, there is an answer: virtual confessions.



Guess which one is mine, if you like. It's, uh, not the one about the 6' Domokun, in case you're wondering. ;-)

Given the rise of furries and plushies, I guess it was only a matter of time before the robotsex community got its own catchy moniker. I imagine clunkies might run into some, uh, interface issues, given that robots aren't usually as soft as a 6' Domokun, for instance. Still, I guess pure metal isn't the clunky's only option. :-)



Of course, there are those who would claim that this is merely another manifestation of the robots' plot to take over the world, that by seducing humans, robots can better influence the course of world events as well as induce a downward trend in population growth. And of course, if there is hope, it lies with the...bears.



Confused? Luckily, this guy has all the answers.

An initial release of itrace, a dynamic application execution tracer, has been made. I find it useful in reverse engineering stripped binaries, perhaps you might as well. I have quite a list of improvements I would like to make to this tool, though, including bringing its featureset closer to strace, improving its support for reverse engineering, as well as porting its functionality to more platforms and architectures.



Source can be downloaded here.

Verily, at last there is objective, unbiased proof that Apple Computer, Inc. is allied with Satan. Whatever thy true name, be it Beelzebub, Lord of the Flies, or Lucifer, the Prince of Darkness, or even Steve Jobs, CEO, I defy thee, Fount of Evil!



I knew that thine sleek Powerbook G4 and seductive iPod arose within my earthly soul devilish, forbidden urges. Never did I dare to explore these unpure thoughts, for surely I would have discovered the Truth, that I am ruled by Satan!



Please excuse my while I repent by executing find / -perm 0666 | xargs chmod 111.

So December has rolled around once again, and that means only one thing: it's time for another ACSAC! My presentation on WebSTAT is over and done with, so now it's time to relax and enjoy the rest of the conference.



The lineup looks quite interesting, especially with Lance Spitzner's talk on honeynets scheduled for tomorrow. Chris already finished his talk on the Bayesian event classification paper, but Darren still has his presentation on Mucus Friday. Here's hoping the talks this week don't disappoint!

So if you've ever been to a DEFCON, you've heard of CTF. For those who haven't, it's essentially a multi-team hacking contest, with several teams each tasked with defending a server while simultaneously attacking the other teams' servers. Yesterday, Giovanni and the rest of the lab orchestrated the first distributed CTF tournament we are aware of, with participants from Giovanni's F03 network security class, some of Wenke Lee's security students from Georgia Tech, teams from UT Austin, teams from the US Military Academy, and a team from the Naval Postgraduate School which also participated in DEFCON 0xb's CTF tournament, among others.



In all, we had thirteen teams from across the United States participating in real time across a specially-created VPN which worked well once some initial setup woes were dealt with. More details are available at the CTF project site, but the short story is that each team was given a VMWare image which was deployed on a subnet, each of which was routed through a central box which performed address anonymization intended to prevent filtering of the scorebot or the scans and attacks of other teams. There were a number of services that each team was tasked with keeping available, each containing one or more vulnerabilities which had to be discovered and patched to keep the other teams out.



This setup seemed to work well, aside from the fact that only two of the six known vulnerable services were cracked, and of those two, only one team was known to get both. It may be that they were simply too hard to discover, given the amount of time allotted for the exercise (4 hours). Of course, I don't want to imply that any of the participating teams were deficient skill-wise; the level of knowledge and preparation required just to remain competitive is formidable. I mean, when you're studying topics like, oh, say, space warfare, you're not a lightweight. ;-)



So here is the final ranking. Really, the most surprising thing to me is that the military teams did not dominate the competition, given the focus of at least the NPS team's studies. However, I think one reason explains why they didn't do as well as UCSB's teams: experience. UCSB's teams went through a very similar exercise a few weeks prior as a kind of midterm and also to test the scoring system, and in that light the fact that two UCSB teams sit at the top of the scoreboard isn't too surprising. Of course, now quite a few people are experienced at this incarnation of CTF, so I expect it to be even more competitive next time around. :-)

A new release of our glibc heap protection patch is now available. This update incorporates fixes for several issues, including a potentially exploitable weak seeding of __heap_magic discovered by Eugene Tsyrklevich, and a vmalloc chunk magic bug reported by Kyle Sallee.