Two recent papers whose relevance Slammer reinforced

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Jeff.Hodges () KingsMountain com
Reply-To: Jeff.Hodges () KingsMountain com
Date: Sun, 26 Jan 2003 14:00:36 -0800
To: Dave Farber <farber () cis upenn edu>
Cc: Jeff.Hodges () KingsMountain com
Subject: Two recent papers whose relevance Slammer reinforced

I don't think the first has appeared on IP. the second did, just last May.

JeffH
------
Subject: TODAY: Security seminar (Jan 21st): Eric Rescorla
From: Philippe Golle <pgolle () theory stanford edu>
Date: Tue, 21 Jan 2003 08:05:37 -0800 (PST)
To: security-seminar () lists Stanford EDU



*************************
Stanford Security Seminar

Eric Rescorla
TODAY: Tuesday January 21st at 4:30pm
Gates 4B
(opposite office 490)

*************************


Title: Security holes... Who cares?
Speaker: Eric Rescorla

We report on an observational study of user response following the
OpenSSL remote buffer overflows of July 2002 and the worm that exploited
it in September 2002.  Immediately after the publication of the bug and
its subsequent fix we identified a set of vulnerable servers. In the
weeks that followed we regularly probed each server to determine whether
it had applied one of the relevant fixes. We report two primary
results. First, we find that users are generally very slow to apply the
fixes. Two weeks after the bug announcement, more than two thirds of
servers were still vulnerable. Second, we identify several weak
predictors (and a number of non-predictors) of user response. We find
that the predictors for post-bug release updating and post-worm updating
differ substantially.

Paper: Security holes... Who cares?
http://www.rtfm.com/upgrade.html

------
Subject: IP: Mind-blowing-- How to own the Internet in your
    spare time  
From: Dave Farber <dave () farber net>
Date: Fri, 24 May 2002 18:18:59 -0400 (15:18 PDT)
To: ip <ip-sub-1 () majordomo pobox com>

Abstract:

The ability of attackers to rapidly gain control of vast numbers of Internet
hosts poses an immense risk to the overall security of the Internet. Once
subverted, these hosts can not only be used to launch massive denial of
service floods, but also to steal or corrupt great quantities of sensitive
information, and confuse and disrupt use of the network in more subtle ways.

We present an analysis of the magnitude of the threat. We begin with a
mathematical model derived from empirical data of the spread of Code Red I
in July, 2001. We discuss techniques subsequently employed for achieving
greater virulence by Code Red II and Nimda. In this context, we develop and
evaluate several new, highly virulent possible techniques: hit-list scanning
(which creates a Warhol worm), permutation scanning (which enables
self-coordinating scanning), and use of Internet-sized hit-lists (which
creates a flash worm).

We then turn to the to the threat of surreptitious worms that spread more
slowly but in a much harder to detect "contagion" fashion. We demonstrate
that such a worm today could arguably subvert upwards of 10,000,000 Internet
hosts. We also consider robust mechanisms by which attackers can control and
update deployed worms.

In conclusion, we argue for the pressing need to develop a "Center for
Disease Control" analog for virus- and worm-based threats to national
cybersecurity, and sketch some of the components that would go into such a
Center. 

------ Forwarded Message
From: Rodney Joffe <rjoffe () centergate com>

Hi Dave,


I assume you know Vern Paxson...

He just released this paper which is rather dramatic. And scary.

http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html

-- 
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(SM)


------ End of Forwarded Message




------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/