News Bits

November 28, 2005, NDSS 2006 program, contributed by Doug Szajda
The program for NDSS 06 is:

Deploying a New Hash Algorithm
Steven Bellovin, Eric Rescorla

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities
Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, Sam King

Inoculating SSH Against Address Harvesting
Stuart Schechter, Jaeyeon Jung, Will Stockwell, Cynthia McLain

Enterprise Security: A Community of Interest Based Approach
Patrick McDaniel, Shubho Sen, Oliver Spatscheck, Jacobus Van der Merwe, Bill Aiello, Charles Kalmanek

Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles
Keith Frikken, Jiangtao Li, Mikhail Atallah

A Crawler-based Study of Spyware in the Web
Alex Moshchuk, Steven D. Gribble, Henry Levy

Protocol-Independent Adaptive Replay of Application Dialog
Weidong Cui, Vern Paxson, Nicholas Weaver, Randy Katz

Isolating Intrusions by Automatic Experiments
Stephan Neuhaus, Andreas Zeller

Churn as Shelter
Tyson Condie, Varun Kacholia, Sriram Sank, Joseph M. Hellerstein, Petros Maniatis

Software Self-Healing Using Collaborative Application
Stelios Sidiroglou, Michael Locasto, Angelos Keromytis

Toward a Practical Data Privacy Scheme for a Distributed Implementation of the Smith-Waterman Genome Sequence Comparison
Algorithm Doug Szajda, Michael Pohl, Jason Owen, Barry Lawson

Toward Automated Information-Flow Integrity Verification for Security- Critical Applications
Umesh Shankar, Trent Jaeger, Reiner Sailer

Using Generalization and Characterization Techniques in the Anomaly- based Detection of Web Attacks
William Robertson, Giovanni Vigna, Christopher Kruegel, Richard A. Kemmerer

Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage
Kevin Fu, Seny Kamara, Yoshi Kohno

Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach
Ryan Gerdes, Thomas Daniels, Mani Mina, Steve Russell

Modeling Botnet Propagation Using Time Zones
David Dagon, Cliff Zou, Wenke Lee

Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software
James Newsome, David Brumley, Dawn Song, Jad Cha

December 2, 2006, Gene Spafford contributed this annoucement from Pascal Meunier about the Cassandra Vulnerability Notification System  

I am pleased to announce the availability of an open source, command-line version of the Cassandra system. For 5 years the Cassandra system ( has been delivering free vulnerability notifications based on NIST's ICAT database of CVE entries, and later, Secunia advisories were added. These notifications were based on a profile of interest you entered, saving you time in doing searches for you every day and remembering which entries you had already seen (Meunier and Spafford, FIRST 2002).

However, using Cassandra meant that I (and CERIAS) had a list of possible vulnerabilities in your organization's systems, and this list was sent to you in plain text emails. Even though Cassandra was never compromised, it (and the emails) made a tempting target; risk- averse people and organizations were therefore unable to benefit from the service. The new command-line tool, my_cassandra.php, solves these issues and can be downloaded from my home page:

Because you get the source code and the custody of your profiles, this version of Cassandra should not generate the privacy concerns that the online version did. As it is under your control you can also run it at the intervals you choose. It is made available under an open source license so you can modify it. It runs under PHP so it should run on almost any platform (tested on Windows XP SP2 and PHP 5.1.1, and MacOS 10.4.3 and PHP 4.3.11 -- Windows users need to download also "cassandra.bat").

It works by downloading an XML export of recent entries in NIST's National Vulnerability Database, and comparing them to vendors, products and keywords specified in the file "profile.txt". The tool will then open a browser window for each new and relevant entry, and save the list of seen entries in a file named "seen_CVE.txt" on your workstation.

WARNING: The first time you run it, it will open a large number of windows. It is then up to you to run it when you have time to read the new entries.

Pascal Meunier
Purdue University CERIAS

P.S.: Thanks to the NVD team at NIST, and the people at MITRE doing the tedious and cautious work without which Cassandra would have no data, and special thanks for doing it swiftly.

January 13, 2006, Sondra Walker sent this announcement of fellowships at I3P:

The Institute for Information Infrastructure Protection (I3P) has issued a Call for Proposals from post-doctoral researchers, junior faculty and research scientists.

Applicants must submit proposals to the host institutions by February 27, 2006. Host Institutions must submit completed application packets to the I3P by March 10, 2006. For more information about application requirements see:

I3P Research Areas of Interest:

The I3P - a national research consortium of universities, federally-funded labs, and non-profit organizations - is chaired by Dartmouth College The program is funded by the U.S. Department of Homeland Security.