Monday, August 24, 2009

Security of Automatic Software Updates

Several years ago, students at UMass Amherst discovered how to co-opt an automated software update mechanism to gain root access on a computer. The most significant security flaw involved a McAfee anti-virus product whereby an automatic, nightly update allowed the students to get root access on a Mac. Back then, the students wrote code manually.

Fast forward from 2006 to 2009. Now security researchers have reportedly created an automated tool to discover insecure software updates. There are likely a lot of vulnerable products out there, and it's not surprising that many small software houses forget to test whether the backdoor is kept locked: the software update.

Our original paper and video demonstration shows how to co-opt a software update mechanism built into an anti-virus product to gain root on a Mac. Fortunately, that particular bug has been reportedly patched. But what else remains unpatched?
Posted by at No comments:

Thursday, August 20, 2009

The Real Reasons to Support Language Study

Refreshing comments about the importance of studying languages appeared in the Chronicle of Higher Education.

http://chronicle.com/article/The-Real-Reasons-to-Support/47450/
Posted by at No comments:

Thursday, July 16, 2009

Homeopathic Encryption

A few cryptographers who work on homomorphic encryption chuckled at my description of wireless systems nearly absent of proper encryption yet supposedly secure as "homeopathic encryption." Alas, I appear to be just a few days shy of coining the faux term.
Posted by at No comments:

Unit-fied Theory of Numbers


I'm not sure why United numbers its calendar in this unusual order.
Posted by at No comments:

Saturday, July 11, 2009

Go To Statement Considered Beneficial


Flattening by Yang, Cooprider, and Regehr is a clever C-to-C program transformation to reduce the amount of RAM used by the call stack. This technique may allow for embedded systems with extremely constrained energy to more effectively perform computation because of the relatively high energy cost for maintaining RAM. I wonder if Mementos could use flattening to improve energy-aware checkpoints of RAM in CRFIDs.
Posted by at No comments:

Sunday, February 01, 2009

Microsoft


Ok, thanks. Submitting a letter of recommendation is harder than I thought.
Posted by at No comments:

Saturday, January 31, 2009

Is That Device Safe?




The NYTimes has an editorial on charges that the F.D.A has failed to adequately regulate medical devices. A harder task will be ensuring that medical devices maintain security and privacy.
Posted by at No comments:

Thursday, January 29, 2009

Error art thou?


Thank you, that explains it.
Posted by at No comments:

Wednesday, January 14, 2009

Flight '); DROP TABLE FLIGHTS;-- ready for boarding


Hmm, why is there a flight that looks more like an SQL query?
Posted by at 1 comment:
Subscribe to: Posts (Atom)