imchris.org

Sam, Shuo and I have had our paper accepted at the 2008 Symposium on Security and Privacy (Oakland) conference this spring. Here’s the PDF.

It was also written up in the news! “Secure web browsing with the OP web browser”, was featured in an article on eWeek in an article titled “Is There Room for a Security Browser?” By Ryan Naraine and the. The eWeek article was also Slashdotted (slashdot).

I’m going to Microsoft Research for the summer after I present at the IEEE Symposium on Security and Privacy. I’ll be out in Redmond, WA at the end of May through August. I’m going to be doing some pretty interesting research this summer (and some implementation). Once my slides are done for Oakland they will be up here.

Christmas break was fun, I ended up going to New Hampshire’s White Mountains and staying at an AMC lodge. Did a lot of snowshoeing, survived a blizzard, and generally got to be in lots of snow. I’m looking forward to some camping this spring though I’m not sure where or when yet.

Spring semester started too, I’m taking a course called “Design of 4G WWANs and Their Building Blocks: Intelligent Routers”, its an ECE598 taught by Constantine Polychronopoulos. No other courses, just continuing the web browser research and trying to get going on some new ideas.

This fall is a little bit different than most semesters – no class. I decided that I could fill my time easily enough with research that I didn’t need any busy work from courses. I’m currently working on web related security research, including client security, finding web exploits, and figuring out what to do with all of the amazing malware online. Once we have finished some of the work we are doing I’ll have links to source and papers online.

I’ve also been forced to participate in TCIP. I won’t put up here what I think of that project, but lets just say that I’m not all that happy about it.

This semester produced a couple interesting things. First, a project which tries to detect malware (particularly rootkits) and runs outside the OS, in a virtual machine. Second, another paper written by me, this time on botnets and command and control networks which use peer-to-peer protocols (open source and custom). I’m also finally done with all my course work at school.

Summer plans include a little bit of vacation time, DEFCON, and research here at school.

ECE 598 – Secure Hardware taught by David Nicol and CS 598 – Hot topics in virtualization and security taught by Sam King. Both classes are primarily paper reading courses.

Trying to get lots of research done this spring. I really want to graduate and get out of Champaign-Urbana.

Taking: ECE 541 Computer Systems Analysis (Bill Sanders, David Nicol), CS 498 Program Optimization (Maria Garzaran), CS 498 Theoretical Foundations of Cryptography (Manoj Prabhakaran). Apparently intent of the crypto course is to never discuss a real cryptographic algorithm… My recommendation: take Math 595 with Iwan Duursma

Summer 2006 was a good summer, definitely a good time, good job, and fun place. I worked in Berkeley, CA and lived right down the street from ICIR where I worked. Berkeley pretty much had everything I wanted and if its wasn’t downtown Berkeley, then its just a short subway (BART) ride to get there. There was a lot of things going on, and lots of crazy people wandering around (like me) at all times of the day.

As for my job, I worked with Vern Paxson on creating anonymization policy for application layer protocols. In my first couple weeks, I ported anonymizers for DNS and HTTP. After I did that I was familiar with the Bro IDS code and BINPAC, and was able to implement a parser for the SMB/CIFS protocol (as well as Netbios, MS Browse, and some RPC/named pipe functionality). The end result is a detailed parser for CIFS that can also rewrite packets in an anonymized form. This is the protocol that does most of the things in Network Neighborhood and allows users to mount network drives and do network file system operations. Its a complicated protocol, with many things going on that make it hard to parse (an anonymize).

The spring semester is over, and I’ve learned some new things. What I learned in privacy class was that privacy enhancing technologies are complicated, and often can’t offer any official assurance. In advanced coding theory class I learned a whole new set of analysis techniques, and understand better what makes up the modern coding schemes.

• Aimstalker (privacy project) – data-mining the aim network
• Coding Theory and Sudoku (coding theory project) – modifying the Sudoku puzzle problem to create LDPC codes, and constructing Sudoku puzzles with random checks.

Finally, I’ll be in Berkeley, CA all summer working at ICIR.

CRHC uses some functionality from spamhaus.org, which in turn pulls from CBL or the Composite Blocking List (http://cbl.abuseat.org/). Blocking spam is great and all, but I really think that:

1. I am not a spammer, and my IP has never been used for spam while I owned it.
2. You need more than HELO strings to determine if someone is a spammer
3. If you claim I’m a spammer, you should be at least able provide areason.
4. If I tell you to remove me from your list, REMOVE ME and don’t just add me back in a couple hours.

IP blacklisting for spam might work, but at the cost of blacklisting tons of people who aren’t spammers. Seems to me like another broken attempt to solve the “spam problem”.

UPDATE: Spamhaus was successfully sued in the U.S. for incorrectly blocking an email from an entire company. Quote: “A federal judge on Wednesday ordered the Spamhaus Project, an international anti-spam organization, to pay $11.7 million in damages to Wheeling-based e360 Insight LLC for blacklisting the company.” Spamhaus wont pay up either. Google for spamhaus litigation for the rest of the story.