Guus Bosman

software engineering director

You are here


At the Jersey City office

Friday I was in our Jersey City office. It was the first time I visited there and a day was too short to meet everybody I wanted to meet.

The office is located on the river front and has a great view of Manhattan.


USENIX Security Symposium 2013

USENIX Security 2013 was a very interesting conference. It was a great way to catch up with the latest developments in the security world, on a wide range of topics. Over the course of 5 days I attended more than 40 presentations. The organization of the conference was top-notch. The venue was a hotel a few minutes from Judiciary Square in downtown Washington, D.C.


LEET and WOOT '13

I attended two big workshops in DC this week: the ironically named "LEET" and "WOOT" workshops, organized by USENIX.

LEET: Large-Scale Exploits and Emergent Threats
LEET stands for Large-Scale Exploits and Emergent Threats and included 13 presentations on a broad range of talks, from DDoS to spam to phishing. I particularly enjoyed these three talks:

- Funny analysis of what low-end DDoS services ("booters") are typically used for (50% of the customers are gamers who want to bring down their enemies, typically in residential addresses). --
- These guys tried to find out which Botnet sinks are out there (and who is creating them). Sort of "hack the counter-hackers". --
- Insight from a security researcher who specializes in DDoS tools on recent developments. --

WOOT: Workshop on Offensive Technologies
The WOOT workshops on Tuesday were focused on offensive technologies. The emphasis at USENIX is more academic than at conferences like BlackHat or DEFCON and less on getting publicity which is nice. Still, there were some pretty scary results.

Here are my favorites:

- Very cool demo of a new DNS bind flaw against Chrome (overflowing the browser's 100-entry cache used for the defensive DNS pinning) -
- Solid presentation on how the researchers looked for (and found) "sign out" flaws by truncating TLS sessions. Affects GMail and Hotmail, among other things, and a distributed voting tool. Shows you that even if the theoretical framework is secure, the implementation might have flaws. --
- How to hack the ELF loader into doing calculations. Totally useless but very cool. --

These workshops were very interesting, and I'm currently attending the main part of the event: 3 more days of presentations. This conference has a relative large amount of downtime which is nice since it allows you to meet people.

Recent comments

Recently read

Books I've recently read: