The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 25 Issue 95

Sunday 28 February 2010

Contents

Growing Threat to GPS Systems From Jammers
Jerry Leichter
Sat-nav systems under growing threat from 'jammers'
Amos Shapir
More on Risks of EMV Legacy Compatibility
Anthony Thorn
Self-Signed Certificates Strike Again?
Bob Gezelter
Facebook friended, boyfriend offended, tragically ended
John Linwood Griffin
Google: Serious threat to the web in Italy
Monty Solomon
Fault-Tolerance as a Risk
Gene Wirchenko
School District Spying on Students at Home?
Gene Wirchenko
A Message from Ric Edelman about data lost
fjohn reinke
Nationwide Technetium shortage: coinciding reactor failure/maintenance
Richard I. Cook
IEEE Symposium on Security and Privacy: 30th anniversary
David Evans
FOSE 2010
Kalin Tyler
Info on RISKS (comp.risks)

Growing Threat to GPS Systems From Jammers

Jerry Leichter <leichter@lrw.com>
Thu, 25 Feb 2010 20:44:03 -0500

The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/8533157.stm)
on the growing threat of jamming to satellite navigation systems.  The
fundamental vulnerability of all the systems - GPS, the Russian Glonass, and
the European Galileo - is the very low power of the transmissions.  (Nice
analogy: A satellite puts out less power than a car headlight, illuminating
more than a third of the Earth's surface from 20,000 kilometers.)  Jammers -
which simply overwhelm the satellite signal - are increasingly available
on-line.  According to the article, low-powered hand-held versions cost less
than £100, run for hours on a battery, and can confuse receivers tens of
kilometers away.

The newer threat is from spoofers, which can project a false location.  This
still costs "thousands", but the price will inevitably come down.

A test done in 2008 showed that it was easy to badly spoof ships of the
English coast, causing them to read locations anywhere from Ireland to
Scandinavia.

Beyond simple hacking - someone is quoted saying "You can consider GPS a
little like computers before the first virus - if I had stood here before
then and cried about the risks, you would've asked 'why would anyone
bother?'." - among the possible vulnerabilities are to high- value cargo,
armored cars, and rental cars tracked by GPS.  As we build more and more
"location-aware" services, we are inherently building more
"false-location-vulnerable" services at the same time.  -- Jerry


Sat-nav systems under growing threat from 'jammers'

Amos Shapir <amos083@hotmail.com>
Wed, 24 Feb 2010 17:54:47 +0200

"While "jamming" sat-nav equipment with noise signals is on the rise, more
sophisticated methods allow hackers even to program what receivers
display. At risk are not only sat-nav users, but also critical national
infrastructure."

Full story at: http://news.bbc.co.uk/1/hi/sci/tech/8533157.stm

  [This risk noted by several others as well.]


More on Risks of EMV Legacy Compatibility (Magda, RISKS-25.94)

Anthony Thorn <anthony.thorn@atss.ch>
Tue, 23 Feb 2010 09:27:28 +0100

Recently Ross Anderson's group has published a new and very serious
vulnerability in the "Chip & Pin" (EMV) authentication used by many
-probably most- credit and debit card issuers world wide.

Very briefly: "The attack uses an electronic device as a "man-in-the-middle"
...  ... the terminal thinks that the PIN was entered correctly, and the
card assumes that a signature was used to authenticate the transaction."

The paper:
http://www.cl.cam.ac.uk/research/security/projects/banking/nopin/oakland10chipbroken.pdf

The FAQ
http://www.cl.cam.ac.uk/research/security/projects/banking/nopin/

The BBC Video
http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html

The risk: Providing "legacy compatibility", in this case with signature
based authentication, always involves additional risk and requires special
attention.

(Acknowledgment to Bruce Schneier's blog)


Self-Signed Certificates Strike Again?

Bob Gezelter <gezelter@rlgsc.com>
Tue, 23 Feb 2010 07:03:33 -0500

CNN has posted an item: "Elvis Presley passport exposes security flaw"
(Atika Shubert, 2010-02-23) relating an interview with Adam Laurie and
Jeroen Van Beek, two self-described "ethical hackers" who created a forged
passport in the name of Elvis Presley from a non-existent country.

According to the article, the passport was accepted by an automated scanning
machine, even though it was signed by what amounted to a self-signed
certificate. Laurie is quoted as saying that many countries do not share
sufficient information for others to authenticate the digital signatures.

The article can be found at:

http://www.cnn.com/2010/TECH/02/19/passport.security/index.html

The need for commonly accepted higher level certification authority or
authorities is a well-understood part of such digital signature
authentication schemes. It is disturbing that such a registration or
acceptance feature, common to all web browser security implementations, has
not been internationally accepted, despite the fact that the infra-structure
is already in place in a number of international organizations (e.g., IPU,
ITU-T [formerly CCITT], and others).

- Bob Gezelter, http://www.rlgsc.com


Facebook friended, boyfriend offended, tragically ended

John Linwood Griffin <griffin2@ece.cmu.edu>
Thu, 25 Feb 2010 14:49:21 -0500 (EST)

The independent newspaper *City Paper* runs a weekly column, "Murder Ink",
that provides coverage of homicides here in Baltimore City, Maryland.

A computer-related murder on February 17, 2010, caught my eye:

> Two men got into an argument with Couther's aunt over a Facebook page.
> Couther went into the living room to help his aunt and ended up arguing
> and then fighting with one of the men [resulting in Couther's throat being
> slashed] [...] Couther died at a local hospital an hour later.  Montaize
> Alford [was] arrested and charged with Couther's murder.  According to
> [Stephen Janis of investigativevoice.com], the aunt was being beaten by
> her boyfriend because a man "friended" her on Facebook.

http://www.citypaper.com/news/story.asp?id=19818 (Anna Ditkoff writing in
*City Paper* volume 34 number 8, page 8, February 23, 2010)

Peter Hermann of *The Baltimore Sun* corroborates the Facebook angle on his
blog, citing police detective Michael Moran's charging documents:

> [Couther's aunt] Begett had returned from work and was sleeping on her
> sofa when Alford called her on her cell phone at about 2 a.m. and started
> arguing with her about a male friend on her Facebook page [...]  Begett
> hung up on Alford and moments later he showed up at her home and entered
> using a key.  He began assaulting her [then] Couther and Alford began
> fighting [resulting in] a large laceration to [Couther's] neck which was
> bleeding profusely.

http://weblogs.baltimoresun.com/news/crime/blog/2010/02/slew_of_homicide_arrests_inclu.html

Since this is the RISKS Forum, I felt at first compelled to come up with a
piquant observation about the erosion of privacy inherent in social network
computing.  But then I realized I'm missing the broader issue.  It's not our
role as scientists and practitioners to complain about how "the times they
are a-changin'" -- it's to ask questions like "was Begett aware when she
accepted the friending request that the action would be visible to her
boyfriend, and if she was not aware then how could that consequence have
been conveyed better by Facebook or other entities?"  The RISK to me (whom a
student called "tragically uncool" due to my apparent underuse of social
networking media) is missing an opportunity to do something about a problem
simply because I don't like the problem.


Google: Serious threat to the web in Italy

Monty Solomon <monty@roscom.com>
Wed, 24 Feb 2010 09:30:43 -0500

Serious threat to the web in Italy, 24 Feb 2010

In late 2006, students at a school in Turin, Italy filmed and then uploaded
a video to Google Video that showed them bullying an autistic
schoolmate. The video was totally reprehensible and we took it down within
hours of being notified by the Italian police. We also worked with the local
police to help identify the person responsible for uploading it and she was
subsequently sentenced to 10 months community service by a court in Turin,
as were several other classmates who were also involved. In these rare but
unpleasant cases, that's where our involvement would normally end.

But in this instance, a public prosecutor in Milan decided to indict four
Google employees -David Drummond, Arvind Desikan, Peter Fleischer and George
Reyes (who left the company in 2008). The charges brought against them were
criminal defamation and a failure to comply with the Italian privacy
code. To be clear, none of the four Googlers charged had anything to do with
this video. They did not appear in it, film it, upload it or review it. None
of them know the people involved or were even aware of the video's existence
until after it was removed.

Nevertheless, a judge in Milan today convicted 3 of the 4 defendants - David
Drummond, Peter Fleischer and George Reyes - for failure to comply with the
Italian privacy code. All 4 were found not guilty of criminal defamation. In
essence this ruling means that employees of hosting platforms like Google
Video are criminally responsible for content that users upload. We will
appeal this astonishing decision because the Google employees on trial had
nothing to do with the video in question. Throughout this long process, they
have displayed admirable grace and fortitude. It is outrageous that they
have been subjected to a trial at all. ...

http://googleblog.blogspot.com/2010/02/serious-threat-to-web-in-italy.html


Fault-Tolerance as a Risk

Gene Wirchenko <genew@ocis.net>
Mon, 22 Feb 2010 12:44:10 -0800

Tim Greene, *IT Business*, 22 Feb 2010
Kneber botnet -- a multi-headed hydra that's wreaking havoc
The most sinister aspect of the Kneber botnet is its interaction with other
malware networks, suggesting a symbiotic relationship that ultimately makes
each bot more resistant to being dismantled.
http://www.itbusiness.ca/it/client/en/home/news.asp?id=56499

At the bottom of the first page of the article are these two paragraphs:

  'What he found is that more than half the 74,000 compromised computers --
bots -- within Kneber were also found infected with other malware that uses
a different command-and-control structure. If one of the criminal networks
were disabled, the other could be used to build it up again,

  "At the very least, two separate botnet families with different
[command-and-control] infrastructures can provide fault tolerance and
recoverability in the event that one [command-and-control] mechanism is
taken down by security efforts," he says in his written analysis of the
Kneber botnet.'


School District Spying on Students at Home?

Gene Wirchenko <genew@ocis.net>
Mon, 22 Feb 2010 13:37:37 -0800

http://news.cnet.com/8301-30977_3-10457077-10347072.html
Students'-eye view of Webcam spy case

The first two paragraphs:

  'Students at Herriton High School in Lower Merion School District near
Philadelphia are given Apple MacBook laptops to use both at school and at
home. Like all MacBooks, the ones issued to the students have a Webcam. And,
in addition to the students' ability to use the Webcam to take pictures or
video, the school district can also use it to take photographs of whomever
is using the computer.

  In a civil complaint (PDF) filed in federal court, a student at the
school, Blake Robbins, said he received a notice from an assistant principal
informing him that "the school district was of the belief that minor
plaintiff was engaged in improper behavior in his home, and cited as
evidence a photograph from the Webcam."'

It is apparently worse than that:

http://www.infoworld.com/d/adventures-in-it/when-schools-spy-their-students-bad-things-happen-474?source=IFWNLE_nlt_notes_2010-02-22
InfoWorld Home / Adventures in IT / Robert X. Cringely Notes from the Field
February 22, 2010

When schools spy on their students, bad things happen Pennsylvania's Lower
Merion School District thought it was clever to use webcams to track its
students' MacBooks -- boy, were they mistaken

Savanna Williams, a statuesque sophomore at Harriton, appeared on CBS's "The
Early Show" with her mother, talking about how she takes her school-supplied
notebook everywhere -- including the bathroom when she showers. If that
doesn't give you a strong mental image of the potential for abuse, nothing
will.

For a thoroughly creepy demonstration of how another school, the Bronx's IS
339, spies on its students using webcams, check out this video. Assistant
Principal Dan Ackerman cheerfully shows how he watches sixth and seventh
graders in real time without their knowing it while they preen in front of
an app called Photo Booth.

Photo Booth is always fun... a lot of kids are just on it to check their
hair, do their makeup, the girls, you know. They just use it like it's a
mirror...  They don't even realize that we're watching...I always like to
mess with them and take a picture.

At least he's doing it on school grounds and not in their bathrooms."


A Message from Ric Edelman about data lost

fjohn reinke <fjohn@reinke.cc>
Tue, 23 Feb 2010 17:54:09 -0500

Begin forwarded message:

> From: "Edelman Financial" <client@ricedelman.com>
> Date: February 23, 2010 4:58:14 PM EST
> Subject: A Message from Ric Edelman

Dear fjohn and Evlynn:

For the past two years we have been distributing news, reviews and other
important information to you via email. By bypassing the postal service we
are able to contact you more easily, quickly and cheaply --- which improves
speed and helps us control expenses. Email also allows you to respond to us
more easily and quickly, too, resulting in faster and better service.

The vendor we use for sending you my updates and other non account-related
communications is iContact. We have just been informed that email addresses
have been stolen from iContact's system, possibly by one of their former
employees. iContact is working with law enforcement officials on the matter
and has not yet determined the extent of the theft. At this time, your email
address may or may not have been involved. Because we do not provide
iContact with anything other than email addresses and names, your personal
information remains safe. It was not possible for the thief to obtain
addresses, account numbers or any personal financial data. The worst case is
that you might notice an increase in the amount of spam that you receive. [...]

My best regards, Ric Edelman, Chairman & CEO, 888-752-6742

  [I invite you to read my blog "Reinke Faces Life", visit my sites (all
  listed at http://krunchd.com/reinkefj), and use whatever you need. Join
  me (reinkefj) on LinkedIn, Facebook, Plaxo, and / or follow me on
  Twitter. Remember the adage "first seek to help; then be helped".]


Nationwide Technetium shortage: coinciding reactor failure/maintenance

"Richard I. Cook, MD" <rcook@airway2.bsd.uchicago.edu>
Tue, 23 Feb 2010 15:45:28 -0600

> Subject:  Clinical Update: Nationwide Technetium shortage memo..[]
> Date:     Tue, 23 Feb 2010 ##:##:## -####
> From:     Big University Hospital

On 14 May 2009 the NRU Reactor in Canada was shut down due to a heavy water
leak for repairs. This has impacted approximately 40% of the world's supply
of Mo-99.  Consequently, this has created a nationwide shortage of Tc99
which is used in 80% of nuclear medicine imaging procedures.

On 19 Feb 2010 the High Flux Petten Reactor in the Netherlands will be shut
down for approximately 6 months for repairs further exasperating the already
acute shortage. In the coming weeks it may be necessary to adjust schedules
to cope with the cyclical nature of the remaining supply of Tc99 from our
commercial radiopharmaceutical providers. Typically, our providers will have
a more ample supply in the beginning and end of the week, with seriously
depleted availability Tuesdays and Wednesdays as a result.

Even further complicating the matters, all five major medical isotope
reactors will be off-line for approximately two weeks in mid-March for
routine maintenance. There is a strong possibility there may be no product
available during certain days during those two weeks.

We will be doing everything we can to minimize the impact of this shortage
to our patients including reducing our normal radioactive doses, switching
to protocols that can conserve our supply of Tc99 and possibly using
alternative radioisotopes when clinically applicable. We hope to continue to
serve our faculty and our patients as efficiently as possible during this
crisis.

If you have any questions, please feel free to contact...

We appreciate your understanding during this shortage.

 - - - -

Technetium-99m is a short half-life gamma emitter that is used extensively
in nuclear imaging, especially in nuclear cardiology where is the mainstay
of stress-test imaging. It's short half-life makes it ideal for diagnostic
studies; a small dose of Tc-99m containing tracer can be given to a patient
for a high-quality imaging study with the radioactivity falling to virtually
nothing within a day. The isotope is produced continually as a decay product
of Molybdenum-99 which has a half-life about 10x as long.

The great benefit of the short half-life of the metal imposes a hard
physical limit on its use: it is essential that newly isolated TC-99 be used
within a few hours of its production -- there is no way to store it. The
radiation exposure from a routine TC-99m heart exam is 250 to 500 x that
from a routine chest x-ray. As many as 4 million people undergo such testing
in the U.S. each year.

The present trouble is the result of a long and complex chain of events.
The main Mo-99 production reactor, located in Canada and operated by Atomic
Energy of Canada Limited (AECL), was shut down in early 2009 after a
containment vessel leak was discovered. Repairs are proceeding slowly. Two
replacement reactors were constructed and commissioned but have never used
for production because of technical problems and because AECL determined in
early 2008 that they would have been too expensive to run. Unrelated to the
Canadian outage, a major European source in Holland as shut down in 2008
because of corrosion problems. It was expected to restart this month but
this has been pushed back to "the second half" of August 2010. Several news
sources are reporting that the Maria Polish reactor will be used to produce
medical isotopes, although there are obstacles that may delay availability
further.

A combination of factors have generated the high degree of dependency on a
few, old reactors. The cost of designing, certifying, building, and
commissioning a new reactor is high and operating them has proven far more
expensive than was expected. Concerns about the security for reactors have
increased greatly in the wake of 9/11. Radiopharmaceutical production is not
a growth industry -- indeed advances in non-radioactive imaging show great
promise and may replace the older methods within a decade. No one wants to
spend the huge amount of money needed to build a new reactor to serve a
declining market share. The use of the Maria reactor, which was constructed
in 1970 and renewed in 1986, for this purpose makes sense on a marginal cost
basis: you have a reactor than can do this and no one else does, why not
take advantage of the brief window of opportunity afforded by fate?

A spin-off of the shortage is that it creates an incentive for the quick use
of available Tc-99m. Rather than allowing substantial amounts of Tc-99m to
simply decay before use, look for nuclear medicine programs to seek rigid
control of exam timing and to book patients "standby" to assure that all of
the available material gets used each day.

What does this have to do with RISKS? Not a thing. For once, the problem is
not related to the computers for these reactors, many of which are ancient
devices that only augment the manual and conventional automation that
controls the reactors!

R.I.Cook, MD


IEEE Symposium on Security and Privacy: 30th anniversary

David Evans <evans@cs.virginia.edu>
Fri, 19 Feb 2010 21:04:19 -0500

31st IEEE Symposium on Security and Privacy, 16-19 May 2010
The Claremont Resort, Berkeley/Oakland, California

Advance Program

Sunday, 16 May 2010

4-7pm         Registration and Welcome Reception

Monday, 17 May 2010

8:30-8:45    Opening Remarks
              Ulf Lindqvist, David Evans, Giovanni Vigna

8:45-10:00   Session 1: Malware Analysis
              Chair: Jon Giffin, Georgia Institute of Technology

    Inspector Gadget: Automated Extraction of Proprietary Gadgets from
    Malware Binaries
       Clemens Kolbitsch (Vienna University of Technology),
       Thorsten Holz (Vienna University of Technology),
       Christopher Kruegel (University of California, Santa Barbara),
       Engin Kirda (Institute Eurecom)

    Synthesizing Near-Optimal Malware Specifications from Suspicious
    Behaviors
       Matt Fredrikson (University of Wisconsin),
       Mihai Christodorescu (IBM Research),
       Somesh Jha (University of Wisconsin),
       Reiner Sailer (IBM Research),
       Xifeng Yan (University of California, Santa Barbara)

    Identifying Dormant Functionality in Malware Programs
       Paolo Milani Comparetti (Technical University Vienna),
       Guido Salvaneschi (Politecnico di Milano),
       Clemens Kolbitsch (Technical University Vienna),
       Engin Kirda (Institut Eurecom),
       Christopher Kruegel (University of California, Santa Barbara),
       Stefano Zanero (Politecnico di Milano)

10:20-noon   Session 2: Information Flow
              Chair: David Molnar, Microsoft Research Redmond

    Reconciling Belief and Vulnerability in Information Flow
       Sardaouna Hamadou (University of Southampton),
       Vladimiro Sassone (University of Southampton),
       Catuscia Palamidessi (École Polytechnique)

    Towards Static Flow-based Declassification for Legacy and Untrusted
    Programs
       Bruno P.S. Rocha (Eindhoven University of Technology),
       Sruthi Bandhakavi (University of Illinois at Urbana Champaign),
       Jerry I. den Hartog (Eindhoven University of Technology),
       William H. Winsborough (University of Texas at San Antonio),
       Sandro Etalle (Eindhoven University of Technology)

    Non-Interference Through Secure Multi-Execution
       Dominique Devriese, Frank Piessens (K. U. Leuven)

    Object Capabilities and Isolation of Untrusted Web Applications
       Sergio Maffeis (Imperial College London),
       John C. Mitchell (Stanford University),
       Ankur Taly (Stanford University)

1:30-2:45    Session 3: Root of Trust
              Chair: Radu Sion, Stony Brook University

    TrustVisor: Efficient TCB Reduction and Attestation
       Jonathan McCune (Carnegie Mellon University),
       Yanlin Li (Carnegie Mellon University), Ning Qu (Nvidia),
       Zongwei Zhou (Carnegie Mellon University),
       Anupam Datta (Carnegie Mellon University),
       Virgil Gligor (Carnegie Mellon University),
       Adrian Perrig (Carnegie Mellon University)

    Overcoming an Untrusted Computing Base: Detecting and Removing
    Malicious Hardware Automatically
       Matthew Hicks (University of Illinois),
       Murph Finnicum (University of Illinois),
       Samuel T. King (University of Illinois),
       Milo M. K. Martin (University of Pennsylvania),
       Jonathan M. Smith (University of Pennsylvania)

    Tamper Evident Microprocessors
       Adam Waksman, Simha Sethumadhavan (Columbia University)

3:15-4:55    Session 4: Information Abuse
              Chair: Patrick Traynor, Georgia Institute of Technology

    Side-Channel Leaks in Web Applications: a Reality Today, a Challenge
    Tomorrow
       Shuo Chen (Microsoft Research),
       Rui Wang (Indiana University Bloomington),
       XiaoFeng Wang (Indiana University Bloomington),
       Kehuan Zhang (Indiana University Bloomington)

    Investigation of Triangular Spamming: a Stealthy and Efficient
    Spamming Technique
       Zhiyun Qian (University of Michigan),
       Z. Morley Mao (University of Michigan),
       Yinglian Xie (Microsoft Research Silicon Valley),
       Fang Yu (Microsoft Research Silicon Valley)

    A Practical Attack to De-Anonymize Social Network Users
       Gilbert Wondracek (Vienna University of Technology),
       Thorsten Holz (Vienna University of Technology),
       Engin Kirda (Institute Eurecom),
       Christopher Kruegel (University of California, Santa Barbara)

    SCiFI - A System for Secure Face Identification
       Margarita Osadchy, Benny Pinkas, Ayman Jarrous,
       Boaz Moskovich (University of Haifa)

6:30pm  Special Gala Event
    Celebrating the 30th Anniversary of Security and Privacy
    Master of Ceremonies: Peter G. Neumann

Tuesday, 18 May 2010

9-10:15am    Session 5: Network Security
              Chair: Cristina Nita-Rotaru, Purdue University

    Round-Efficient Broadcast Authentication Protocols for Fixed Topology
    Classes
       Haowen Chan, Adrian Perrig (Carnegie Mellon University)

    Revocation Systems with Very Small Private Keys
       Allison Lewko (University of Texas at Austin),
       Amit Sahai (University of California, Los Angeles),
       Brent Waters (University of Texas at Austin)

    Authenticating Primary Users' Signals in Cognitive Radio Networks via
    Integrated Cryptographic and Wireless Link Signatures
       Yao Liu, Peng Ning, Huaiyu Dai (North Carolina State University)

10:15-10:45  Session 6: Systematization of Knowledge I
              Chair: Z. Morley Mao, University of Michigan

    Outside the Closed World: On Using Machine Learning For Network
    Intrusion Detection
       Robin Sommer (ICSI/Lawrence Berkeley National Laboratory),
       Vern Paxson (ICSI/University of California, Berkeley)

    All You Ever Wanted to Know about Dynamic Taint Analysis and Forward
    Symbolic Execution (but might have been afraid to ask)
       Thanassis Avgerinos, Edward Schwartz,
       David Brumley (Carnegie Mellon University)

    State of the Art: Automated Black-Box Web Application Vulnerability
    Testing
       Jason Bau, Elie Bursztein, Divij Gupta,
       John Mitchell (Stanford University)

1:45-3:00    Session 7: Secure Systems
              Chair: Jonathan McCune, Carnegie Mellon University

    A Proof-Carrying File System
       Deepak Garg, Frank Pfenning (Carnegie Mellon University)

    Scalable Parametric Verification of Secure Systems: How to Verify
    Reference Monitors without Worrying about Data Structure Size
       Jason Franklin (Carnegie Mellon University),
       Sagar Chaki (Carnegie Mellon University),
       Anupam Datta (Carnegie Mellon University),
       Arvind Seshadri (IBM Research)

    HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor
    Control-Flow Integrity
       Zhi Wang, Xuxian Jiang (North Carolina State University)

3:20-4:10    Session 8: Systematization of Knowledge II
              Chair: Ed Suh, Cornell University

    How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation
       Elie Bursztein, Steven Bethard, John C. Mitchell,
       Dan Jurafsky (Stanford University), Céline Fabry

    Bootstrapping Trust in Commodity Computers
       Bryan Parno, Jonathan M. McCune,
       Adrian Perrig (Carnegie Mellon University)

4:30-5:30    Short Talks
              Short Talks Chair: Angelos Stavrou, George Mason University

5:45-7:30pm  Reception and Poster Session
              Poster Session Chair: Carrie Gates (CA Labs)

Wednesday, 19 May 2010

9-10:15am    Session 9: Analyzing Deployed Systems
              Chair: J. Alex Halderman, University of Michigan

    Chip and PIN is Broken
       Steven J. Murdoch, Saar Drimer, Ross Anderson,
       Mike Bond (University of Cambridge)

    Experimental Security Analysis of a Modern Automobile
       Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel,
       Tadayoshi Kohno (University of Washington), Stephen Checkoway,
       Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham,
       Stefan Savage (University of California, San Diego)

    On the Incoherencies in Web Browser Access Control Policies
       Kapil Singh (Georgia Institute of Technology),
       Alexander Moshchuk (Microsoft Research),
       Helen J. Wang (Microsoft Research),
       Wenke Lee (Georgia Institute of Technology)

10:45-noon   Session 10: Language-Based Security
              Chair: David Brumley,Carnegie Mellon University

    ConScript: Specifying and Enforcing Fine-Grained Security Policies
    for JavaScript in the Browser
       Leo Meyerovich (University of California, Berkeley),
       Benjamin Livshits (Microsoft Research)

    TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic
    Software Vulnerability Detection
       Tielei Wang (Peking University), Tao Wei (Peking University),
       Guofei Gu (Texas A & M University), Wei Zou (Peking University)

    A Symbolic Execution Framework for JavaScript
       Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant,
       Dawn Song, Feng Mao (University of California, Berkeley)

noon-12:15   Closing, Ulf Lindqvist, David Evans, Giovanni Vigna

Thursday, 20 May 2010

Workshops (separate registration required):

* Systematic Approaches to Digital Forensic Engineering
* Workshop on Security and Privacy in Social Networks
* W2SP 2010: Web 2.0 Security & Privacy


FOSE 2010

"Kalin Tyler" <ktyler@1105media.com>
Thu, 18 Feb 2010 23:42:37 -0800

You are well aware of the challenges we as a CyberSecurity community face
from rapid changes in the technology landscape. FOSE 2010 is the place to
discover opportunities and solutions along with changing expectations for
government IT professionals.

Register today for the FOSE 2010 experience http://www.fose.com. If you sign
up now you also get a 10% discount on a conference pass. You can redeem this
discount here http://cli.gs/FOSE10.

You can expect:

- 3 days of IT resources helping you navigate today's shifting tech landscape
- 2 full conference days packed with education on emerging technologies,
  trends, and new improvements to existing solutions
- Thousands of products on the FREE* EXPO floor allowing you to gain
  one-on-one insight into the capabilities of our exhibitors through demos,
  theater presentations and FREE Education.
- Attend the Accenture CyberSecurity Pavilion or Focus on Digital Forensics.

*FOSE is a must-attend free show for government, military, and government
 contractors.

It's time to register and reserve your place at FOSE today! Visit
http://www.fose.com to learn more about what FOSE has to offer, or redeem
your 10% discount by registering here: http://cli.gs/FOSE10.

Kalin Tyler, ktyler@1105media.com, FOSE Team/Tuvel Communications

Connect with FOSE
Twitter: http://twitter.com/FOSE
Facebook: http://cli.gs/85RgD5
LinkedIn: http://cli.gs/Vn8mMQ
GovLoop: http://www.govloop.com/group/fose

Please report problems with the web pages to the maintainer

Top