Blog active again; news catch-up

23 Aug 2011

I am active again (been away and without net access for months).

Time to catch up on news:

  • 2011-07-13 New release of Putty (yes, this is 2 months old) for the first time in 4 years.
  • 2011-07-28 Gold rush from Kaspersky Labs talks about malware going after BitCoin.
  • 2011-08-04 Microsoft BlueHat prize of $200K to find new technologies to prevent exploiting memory safety vulnerabilities. Basically, figure out something similar to DEP and ASLR. I believe this idea would be worth more, but I guess it would be hard to monetize, and possibly hard to implement, as DEP and ASLR do rely a fair bit on the underlying hardware.
  • 2011-08-11 iKat is a Free web service cracks internet kiosks presented at Defcon.
  • 2011-08-16 So How Good is Pseudo-ASLR? by Didier Stevens shows that ALSR, as accomplished by EMET, does not randomize the base address very well.
  • 2011-08-16 TED Talk from F-Secure legend Mikko Hypponen. Very good history (he meets the authors of the original Brain virus in Pakistan) and shows one cool way an exploit writer in Russia was identified (his license plate).
  • 2011-08-18 Google reports on four years of experience in malware detection.