Bypassing Browser Memory Protections. Setting back browser security by 10 years. Alexander Sotirov, Mark Dowd.
The experience of the Lawrence Berkeley Laboratory in tracking an intruder suggests that any operating system is insecure when obvious security rules are ignored. How a site should respond to an intrusion, whether it is possible to trace an intruder trying to evade detection, what can be learned from tracking an intruder, what methods the intruder used, and the responsiveness of the law-enforcement community are also discussed.
session papers of the first usenix workshop on large-scale exploits and emergent threats.
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng.
Fingerprinting Passports. Henning Richter, Wojciech Mostowski, and Erik Poll.
0-Day Patch Exposing Vendors (In)security Performance. Stefan Frei, Bernhard Tellenbach, and Bernhard Plattner.
Cryptanalytic Attacks on Pseudorandom Number Generators. J. Kelsey, B. Schneier, D. Wagner, and C. Hall.
Analysis of the Linux Random Number Generator. Zvi Gutterman, Benny Pinkas, Tzachy Reinman.
Thirty Years Later: Lessons from the Multics Security Evaluation. Paul A. Karger, Roger R. Schell.
Dorrendorf, Gutterman and Pinkas have reverse engineered the random number generator code from Windows. According to their paper, it is easy (O(1)) to compute a previous random number and possible (O(2^23) to predict the next one. (via The Inquirer)
