| New User, Welcome! Login |
Stanford University
PROGRAM COMMITTEE:
Michael Backes (Saarland University and MPI-SWS, Germany)
Bruno Blanchet (INRIA, Ecole Normale Superieure, and CNRS, France)
Dan Boneh (Stanford University, USA)
Nikita Borisov (University of Illinois at Urbana-Champaign, USA)
Herbert Bos (VU, Netherlands)
Srdjan Capkun (ETHZ, Switzerland)
Avik Chaudhuri (Adobe Advanced Technology Labs, USA)
Shuo Chen (Microsoft Research, USA)
Technical Program Committee:
Martin Abadi (UC Santa Cruz & Microsoft, USA)
Kostas Anagnostakis (I2R/A-STAR, Singapore)
Kosta Beznosov (U British Columbia, Canada)
Dan Boneh (Stanford University, USA)
Steve Borbash (Department of Defense, USA)
Jean Camp (Indiana University, USA)
Iliano Cervesato (Carnegie Mellon Univ., USA)
Mihai Christodorescu (IBM Research, USA)
Debra Cook (IDA-CCS, USA)
Anil Somayaji, Carleton University, Canada
Benjamin Morin, Central Directorate for Information System Security (DCSSI),
France
Christopher Kruegel, University of California, Santa Barbara, USA
Collin Jackson, Stanford University, USA
Corrado Leita, Symantec Research Europe, France
David Brumley, Carnegie Mellon University, USA
Davide Balzarotti, Eurecom, France
Dongyan Xu, Purdue University, USA
Engin Kirda, Eurecom, France
The submission deadline for papers is 11:59 p.m. PDT on
Tuesday, May 26, 2009.
We look forward to your submissions.
Dan Boneh, Stanford University
Alexander Sotirov, independent security researcher
WOOT'09 Program Chairs
woot09chairs@usenix.org
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Johns Hopkins University and more (http://elgg.org/powering.php)
3. VULNERABILITY DESCRIPTION
* Matthew Dempsky reported a null-pointer dereference flaw when
loading two SWF files compiled with different Flash versions from the
same URI (CVE-2008-4546).
* Adan Barth (UC Berkely) and Collin Jackson (Stanford University)
discovered a flaw occurring when interpreting HTTP response headers
(CVE-2008-4818).
* Nathan McFeters and Rob Carter of Ernst and Young's Advanced
Security Center are credited for finding an unspecified vulnerability
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Johns Hopkins University and more (http://elgg.org/powering.php)
3. VULNERABILITY DESCRIPTION
Elgg is an award-winning social networking engine, delivering
the building blocks that enable businesses, schools, universities
and associations to create their own fully-featured social networks
and applications. Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Johns Hopkins University and more (http://elgg.org/powering.php)
######################
Vulnerability Description
Anil Somayaji, Carleton University, Canada
Benjamin Morin, Central Directorate for Information System Security (DCSSI),
France
Christopher Kruegel, University of California, Santa Barbara, USA
Collin Jackson, Stanford University, USA
Corrado Leita, Symantec Research Europe, France
David Brumley, Carnegie Mellon University, USA
Davide Balzarotti, Eurecom, France
Dongyan Xu, Purdue University, USA
Engin Kirda, Eurecom, France
...or, to see what's pending (this will be useful tomorrow):
remctl memory-new ood query pending libpam-krb5 --verbose
- Tim Skirvin (tskirvin@stanford.edu)
--
Information Technology Services http://www.stanford.edu/~tskirvin/
System Software Developer, Unix Team Stanford University
***
Steering Board
Tansu Alpcan (TU-Berlin)
Nick Bambos (Stanford Univ.)
Tamer Baþar (Univ. of Illinois)
Anthony Ephremides (Univ. of Maryland)
Jean-Pierre Hubaux (EPFL)
***
***
Steering Board
Tansu Alpcan (TU-Berlin, T-Labs)
Nick Bambos (Stanford Univ.)
Tamer Basar (Univ. of Illinois)
Anthony Ephremides (Univ. of Maryland)
Jean-Pierre Hubaux (EPFL)
***
***
Steering Board
Tansu Alpcan (TU-Berlin)
Nick Bambos (Stanford Univ.)
Tamer Basar (Univ. of Illinois)
Anthony Ephremides (Univ. of Maryland)
Jean-Pierre Hubaux (EPFL)
***
files are not checked before sending HTTP headers to another domain
(CVE-2008-1654) and that it does not sufficiently restrict the
interpretation and usage of cross-domain policy files
(CVE-2007-6243).
* The Stanford University and Ernst and Young's Advanced Security
Center reported that Flash does not pin DNS hostnames to a single IP
addresses, allowing for DNS rebinding attacks (CVE-2007-5275,
CVE-2008-1655).
* The Google Security Team and Minded Security Multiple reported
***
Steering Board
Tansu Alpcan (TU-Berlin, T-Labs)
Nick Bambos (Stanford Univ.)
Tamer Basar (Univ. of Illinois)
Anthony Ephremides (Univ. of Maryland)
Jean-Pierre Hubaux (EPFL)
***
www.gamesec-conf.org
***
Keynote Speakers:
Prof. Nick Bambos (Stanford Univ.) and Prof. Silvio Micali (MIT).
A list of accepted papers and conference program are
available on the conference website at
http://gamesec-conf.org/program.php
http://gamesec-conf.org/papers.php
This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.
upcoming version 6.7 release.
Also of interest to those in the forensics community may be this
analysis of the impact security flaws can have on the use of computer
forensic evidence in civil and criminal proceedings prepared by Chris
Ridder of the Stanford Law School Center for Internet and Society.
Although we are happy to host his paper, this work is the output of Mr.
Ridder and is not officially a publication of iSEC Partners:
http://www.isecpartners.com/files/Ridder-Evidentiary_Implications_of_Sec
urity_Weaknesses_in_Forensic_Software.pdf
This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.
This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.
|
|
|
