«
Expand/Collapse
182 items tagged "research"
Related tags:
office excel [+],
overflow vulnerability [+],
secunia [+],
apple safari [+],
microsoft [+],
adobe flash player [+],
security [+],
vupen [+],
security issue [+],
overflow code [+],
oracle java [+],
adobe [+],
sql injection [+],
realplayer [+],
pulse [+],
internet explorer [+],
integer overflow vulnerability [+],
google [+],
directory traversal [+],
code execution [+],
cms [+],
chaos communication camp [+],
center [+],
autonomy [+],
adobe shockwave player [+],
security research [+],
vulnerabilities [+],
trust relationships [+],
technology organisation [+],
technology [+],
sophos [+],
service organisation [+],
security analysis tool [+],
sara [+],
quicksilver [+],
open shares [+],
nato research [+],
nato [+],
national [+],
name directory [+],
microsoft excel [+],
library version [+],
joomla [+],
insertion [+],
information disclosure [+],
hacks [+],
forum [+],
employee timeclock [+],
employee [+],
education research [+],
chaos communication congress [+],
buffer overflow vulnerabilities [+],
auditor [+],
bugtraq [+],
vmware products [+],
virtualized [+],
virtual [+],
vancouver [+],
taskfreak [+],
system [+],
service [+],
robots [+],
research employee [+],
research component [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
quicktime [+],
postscript interpreters [+],
postscript [+],
numerous security flaws [+],
ntr [+],
novell groupwise internet agent [+],
novell [+],
network node manager [+],
name [+],
money [+],
microsoft powerpoint [+],
malicious users [+],
loss [+],
london [+],
lfi [+],
kat braybrooke [+],
invalid pointer [+],
insight [+],
hp openview network node manager [+],
helix server [+],
hacker communities [+],
general sentiment [+],
gender [+],
forgery [+],
forensic research [+],
file upload [+],
excel formula [+],
europe [+],
disclosure [+],
digital anthropology [+],
development [+],
denial of service [+],
deleting files [+],
dean [+],
data buffer [+],
ccc camp [+],
bournal [+],
black hat [+],
bernard lietaer [+],
andrei costin [+],
alternative monetary systems [+],
adobe reader [+],
activex control buffer overflow [+],
Newbie [+],
Area [+],
vulnerability [+],
xnview [+],
windows movie maker [+],
windows [+],
winamp [+],
visualization [+],
vijay kumar [+],
viewvc [+],
video demonstrations [+],
validity checks [+],
usa [+],
uae [+],
troubling [+],
track dimensions [+],
tomatocms [+],
tinkerer [+],
tiff bitspersample [+],
text nodes [+],
temporary files [+],
ted [+],
technology advancements [+],
talk [+],
table element [+],
t interactive [+],
symantec [+],
swftools [+],
supercaps [+],
stylometry [+],
sterling [+],
state [+],
stack overflow [+],
sql queries [+],
sql [+],
spyware [+],
spectral data [+],
sorenson video 3 [+],
sonicwall [+],
software sql [+],
software backup [+],
shockwave [+],
sexy romances [+],
sexy [+],
sensitive data [+],
security leaders [+],
security issues [+],
scrollbar [+],
scada system [+],
sap [+],
ruby tag [+],
rtf [+],
robot system [+],
research internet [+],
research in motion [+],
research center [+],
regular expression [+],
realnetworks [+],
realmedia [+],
reader [+],
quot [+],
quad delta [+],
quad [+],
protection [+],
privacy event [+],
privacy [+],
print [+],
pop up block [+],
photograph image [+],
parsing [+],
owasp [+],
orbit downloader [+],
orbit [+],
opera [+],
nttp [+],
nss [+],
novell groupwise [+],
new research [+],
new [+],
multiple [+],
mso [+],
mozilla [+],
motion [+],
mono [+],
mobile devices [+],
mobile data [+],
mike brennan [+],
microsoft windows [+],
microsoft office [+],
memory [+],
mantisbt [+],
malware [+],
malicious web [+],
mac computers [+],
logic error [+],
libmikmod [+],
legos [+],
keyview [+],
kde [+],
jpeg data [+],
itf [+],
internet [+],
input validation [+],
indusoft [+],
image file [+],
image dimensions [+],
image [+],
hungarian research [+],
hub [+],
hellcode [+],
heap corruption [+],
headcount [+],
hackers [+],
greece [+],
grasp lab [+],
graphite [+],
government savings [+],
government [+],
glpng [+],
gil [+],
gigabyte [+],
free [+],
forensics [+],
floating point conversion [+],
firm [+],
expression search [+],
execution [+],
eleytt [+],
edg [+],
dr. kumar [+],
download [+],
directory traversal vulnerability [+],
data security [+],
data [+],
dat file [+],
dangling pointer [+],
cyrus imapd [+],
cve [+],
crysys [+],
crystal reports [+],
cross site scripting [+],
credentials [+],
creative software [+],
creative [+],
control array [+],
contract renegotiations [+],
content management [+],
content [+],
consona [+],
compliance problem [+],
colorsync profile [+],
civil servants [+],
cio [+],
chunk [+],
chris [+],
chemistry [+],
centre [+],
capacitors [+],
buffer overflows [+],
blockbuster [+],
block menu [+],
blackberry [+],
avoids [+],
avi parsing [+],
avi file [+],
avi [+],
avatar [+],
athens greece [+],
athens [+],
aria [+],
arbitrary files [+],
appsec [+],
aol [+],
activex control [+],
aac [+],
buffer overflow vulnerability [+],
txt [+],
memory corruption [+],
integer overflow [+],
buffer overflow [+],
adobe acrobat [+]
-
-
![Permalink for '[Video] She-Hackers: Millennials and Gender in European F/LOSS Subcultures'](/themes/lilina/web//media/mark_off.gif)
15:08
»
SecDocs
Authors:
Kat Braybrooke Tags:
hacking Event:
Chaos Communication Camp 2011 Abstract: In 2002, Ghosh et al released a study which found that in F/LOSS coder/hacker communities, only 1.5% of members were female. This participation-heavy session is about the challenges of immersive ethnographic research in a time of gender transformation. First, a bit about my background. My name is Kat Braybrooke, I'm a Canadian from Vancouver, and I am currently finishing my MSc thesis for University College London's Digital Anthropology program regarding the role of gender in FLOSS hacker and coder cultures. For this thesis (abstract at http://shehackers.kaibray.com), I engaged in a combination of phenomenological immersivity and informant relationship-building with over 30 hackers and coders (male and female) in hackspaces and recursive tech/'geek' cultures across Europe. When I started my research, I had specific assumptions about who I wanted to talk to and what I thought I'd find. However, through the process of engaging with the spaces and individuals involved in these communities, I have come to realize how incorrect these assumptions were - and I'm hoping these realizations can be of benefit future social scientists, anthropologist and media theorists studying recursive subcultures in periods of ultramodern transformation. This session is about group participation - discussion, debate, criticism and new ideas. I'm not here to tell you who you are. Instead, I want to learn what you, as Chaos Camp attendees, think of these sorts of academic studies of your own communities, and how you feel my methodology can be improved upon. While I'm a self-defined 'geek', I am the outsider here - so before I publish this research, I'd love to hear how my understandings can be improved.
-
14:13
»
SecDocs
Authors:
Kat Braybrooke Tags:
hacking Event:
Chaos Communication Camp 2011 Abstract: In 2002, Ghosh et al released a study which found that in F/LOSS coder/hacker communities, only 1.5% of members were female. This participation-heavy session is about the challenges of immersive ethnographic research in a time of gender transformation. First, a bit about my background. My name is Kat Braybrooke, I'm a Canadian from Vancouver, and I am currently finishing my MSc thesis for University College London's Digital Anthropology program regarding the role of gender in FLOSS hacker and coder cultures. For this thesis (abstract at http://shehackers.kaibray.com), I engaged in a combination of phenomenological immersivity and informant relationship-building with over 30 hackers and coders (male and female) in hackspaces and recursive tech/'geek' cultures across Europe. When I started my research, I had specific assumptions about who I wanted to talk to and what I thought I'd find. However, through the process of engaging with the spaces and individuals involved in these communities, I have come to realize how incorrect these assumptions were - and I'm hoping these realizations can be of benefit future social scientists, anthropologist and media theorists studying recursive subcultures in periods of ultramodern transformation. This session is about group participation - discussion, debate, criticism and new ideas. I'm not here to tell you who you are. Instead, I want to learn what you, as Chaos Camp attendees, think of these sorts of academic studies of your own communities, and how you feel my methodology can be improved upon. While I'm a self-defined 'geek', I am the outsider here - so before I publish this research, I'd love to hear how my understandings can be improved.
-
-
21:55
»
SecDocs
Tags:
bank economy Event:
Chaos Communication Camp 2011 Abstract: What comes after capitalism? We will give an overview on the development of complementary and alternative monetary systems: Which ones are there to stay, how they influence social development, how they can be improved and why hackers should really care. DYNDY is an effort to inform and empower communities with concepts and tools to overcome scarcity. Since the beginning of 2010 it unfolds as an academic research conducted in cooperation with experts from various fields: economists, philosophers and hackers. Its outcomes are visible as publications which, still being grounded in scholarly written theory, aim at divulgation of innovative concepts and at interaction with existing and future implementations of monetary systems. Quoting Bernard Lietaer: “We can’t imagine to enter the Information Age without changing the fundamental and most used communication tool: Money”. At the CCC camp 2011 we intend to follow this call and break the foremost taboo of our time which is, indeed, money. With our research we intend to establish a theoretical and practical framework for further development of this ancient media, which is widely used around the world and can finally benefit from the innovative drive that hackers have given so far to networking technologies. After about 2 years of research, in this lecture we intend to present in detail our findings, mostly answering impelling questions as: How financiarization is leading to the dissolution of the capitalist market and which values will naturally arise afterwards, what is the meaning of General Sentiment and how affect converges in the information economy, what peer 2 peer cryptographic currencies mean to the global markets and what we can still develop to benefit and share wealth among all those who are using money around the World. The language used will be both technical and theoretical, still no particular knowledge is needed, but pure interest on the subject and inclination to follow an interdisciplinary discourse between humanities and science.
-
21:55
»
SecDocs
Tags:
bank economy Event:
Chaos Communication Camp 2011 Abstract: What comes after capitalism? We will give an overview on the development of complementary and alternative monetary systems: Which ones are there to stay, how they influence social development, how they can be improved and why hackers should really care. DYNDY is an effort to inform and empower communities with concepts and tools to overcome scarcity. Since the beginning of 2010 it unfolds as an academic research conducted in cooperation with experts from various fields: economists, philosophers and hackers. Its outcomes are visible as publications which, still being grounded in scholarly written theory, aim at divulgation of innovative concepts and at interaction with existing and future implementations of monetary systems. Quoting Bernard Lietaer: “We can’t imagine to enter the Information Age without changing the fundamental and most used communication tool: Money”. At the CCC camp 2011 we intend to follow this call and break the foremost taboo of our time which is, indeed, money. With our research we intend to establish a theoretical and practical framework for further development of this ancient media, which is widely used around the world and can finally benefit from the innovative drive that hackers have given so far to networking technologies. After about 2 years of research, in this lecture we intend to present in detail our findings, mostly answering impelling questions as: How financiarization is leading to the dissolution of the capitalist market and which values will naturally arise afterwards, what is the meaning of General Sentiment and how affect converges in the information economy, what peer 2 peer cryptographic currencies mean to the global markets and what we can still develop to benefit and share wealth among all those who are using money around the World. The language used will be both technical and theoretical, still no particular knowledge is needed, but pure interest on the subject and inclination to follow an interdisciplinary discourse between humanities and science.
-
-
16:56
»
Packet Storm Security Misc. Files
In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.
-
-
13:01
»
Hack a Day
[Gil] recently wrote in to tell us about some awesome research going on at UCLA. Apparently by layering some oxidized graphite onto a DVD and tossing it into a lightscribe burner, it’s possible to print your own super capacitors; some pretty high capacity ones at that. For those that are unaware, supercapcaitors are typically made [...]
-
-
22:56
»
SecDocs
Authors:
Andrei Costin Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We have decided to continue our research onto PostScript realms - an old, very powerful and nicely designed programming language, where (as a coincidence or not, given it's numerous security flaws) Adobe owns most PostScript interpreters instances. This time we demonstrate that PostScript language, given it's power, elegance and Turing-completeness, can be used more than just for drawing dots, lines and circles - and to a certain extent it can be a hacker's sweet delight if fully mastered. We will be presenting a real-life implementation of unusual PostScript APIs (along with it's dissection and reconstructed documentation) that interact with various levels of OS and HW, implementation we have found in a TOP10 printer vendor product line. Also, we will investigate whether a PostScript-based (hence platform-independent) virus (18+ years after first proposals of such theory) can be acomplished, thus giving theoretical hints and few building blocks in this direction. We will also present some very constructive uses of the PostScript language in the creative (i.e. non-destructive) hacking direction. In the end, we will try to summarize our conclusions and possible solution for all parties involved (vendors, users, sysadmins, security experts). With this research we hope we can prove that entire printer industry (devices, printing software/drivers/subsystems, publishing and managed services) have to be rethought security-wise, so that it can withstand in the long run the current security landscape and threats. "Hacking MFPs (part2) - PostScript: Um, you've been hacked" We started our research in early 2010 as a state-of-affairs investigation of the general security related to printers and printing protocols&subsystem. We have concluded and demonstrated that using malicious documents and applets, it is possible using the PJL protocol to control certain printer functionality, including malicious content upload/download on printers' storage. As a side effect of the research, several other directions in printers' industry shown prone to malicious attacks (XSS injection and execution, auth-bypass, unauthorized functionality and content access, etc.) Incidentally, very same period, Stuxnet abused printing subsystems to spread itself and few other printer researches emerged in various directions (PJL password and hard disk abuse, confidential/password data harvesting, Linux-based firmware rev-eng). All these apparently separate events, just come to prove once again that printers are not forgotten, they spark revived hacking interest and their (mis)use can be harmful and have long-standing effects on one's eneterprise security. ============================================ We have decided to continue our research onto PostScript realms - an old, very powerful and nicely designed programming language, where (as a coincidence or not, given it's numerous security flaws) Adobe owns most PostScript interpreters instances. This time we demonstrate that PostScript language, given it's power, elegance and Turing-completeness, can be used more than just for drawing dots, lines and circles - and to a certain extent it can be a hacker's sweet delight if fully mastered. We will be presenting a real-life implementation of unusual PostScript APIs (along with it's dissection and reconstructed documentation) that interact with various levels of OS and HW, implementation we have found in a TOP10 printer vendor product line. Also, we will investigate whether a PostScript-based (hence platform-independent) virus (18+ years after first proposals of such theory) can be acomplished, thus giving theoretical hints and few building blocks in this direction. We will also present some very constructive uses of the PostScript language in the creative (i.e. non-destructive) hacking direction. In the end, we will try to summarize our conclusions and possible solution for all parties involved (vendors, users, sysadmins, security experts). With this research we hope we can prove that entire printer industry (devices, printing software/drivers/subsystems, publishing and managed services) have to be rethought security-wise, so that it can withstand in the long run the current security landscape and threats.
-
22:56
»
SecDocs
Authors:
Andrei Costin Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We have decided to continue our research onto PostScript realms - an old, very powerful and nicely designed programming language, where (as a coincidence or not, given it's numerous security flaws) Adobe owns most PostScript interpreters instances. This time we demonstrate that PostScript language, given it's power, elegance and Turing-completeness, can be used more than just for drawing dots, lines and circles - and to a certain extent it can be a hacker's sweet delight if fully mastered. We will be presenting a real-life implementation of unusual PostScript APIs (along with it's dissection and reconstructed documentation) that interact with various levels of OS and HW, implementation we have found in a TOP10 printer vendor product line. Also, we will investigate whether a PostScript-based (hence platform-independent) virus (18+ years after first proposals of such theory) can be acomplished, thus giving theoretical hints and few building blocks in this direction. We will also present some very constructive uses of the PostScript language in the creative (i.e. non-destructive) hacking direction. In the end, we will try to summarize our conclusions and possible solution for all parties involved (vendors, users, sysadmins, security experts). With this research we hope we can prove that entire printer industry (devices, printing software/drivers/subsystems, publishing and managed services) have to be rethought security-wise, so that it can withstand in the long run the current security landscape and threats. "Hacking MFPs (part2) - PostScript: Um, you've been hacked" We started our research in early 2010 as a state-of-affairs investigation of the general security related to printers and printing protocols&subsystem. We have concluded and demonstrated that using malicious documents and applets, it is possible using the PJL protocol to control certain printer functionality, including malicious content upload/download on printers' storage. As a side effect of the research, several other directions in printers' industry shown prone to malicious attacks (XSS injection and execution, auth-bypass, unauthorized functionality and content access, etc.) Incidentally, very same period, Stuxnet abused printing subsystems to spread itself and few other printer researches emerged in various directions (PJL password and hard disk abuse, confidential/password data harvesting, Linux-based firmware rev-eng). All these apparently separate events, just come to prove once again that printers are not forgotten, they spark revived hacking interest and their (mis)use can be harmful and have long-standing effects on one's eneterprise security. ============================================ We have decided to continue our research onto PostScript realms - an old, very powerful and nicely designed programming language, where (as a coincidence or not, given it's numerous security flaws) Adobe owns most PostScript interpreters instances. This time we demonstrate that PostScript language, given it's power, elegance and Turing-completeness, can be used more than just for drawing dots, lines and circles - and to a certain extent it can be a hacker's sweet delight if fully mastered. We will be presenting a real-life implementation of unusual PostScript APIs (along with it's dissection and reconstructed documentation) that interact with various levels of OS and HW, implementation we have found in a TOP10 printer vendor product line. Also, we will investigate whether a PostScript-based (hence platform-independent) virus (18+ years after first proposals of such theory) can be acomplished, thus giving theoretical hints and few building blocks in this direction. We will also present some very constructive uses of the PostScript language in the creative (i.e. non-destructive) hacking direction. In the end, we will try to summarize our conclusions and possible solution for all parties involved (vendors, users, sysadmins, security experts). With this research we hope we can prove that entire printer industry (devices, printing software/drivers/subsystems, publishing and managed services) have to be rethought security-wise, so that it can withstand in the long run the current security landscape and threats.
-
-
15:01
»
Hack a Day
[Vijay Kumar] is a professor at the University of Pennsylvania and the director of the GRASP lab where research centering around autonomous quadcopters is being met with great success. If you were intrigued by the video demonstrations seen over the last few years, you won’t want to miss the TED talk [Dr. Kumar] recently gave [...]
-
-
15:00
»
Sophos security news
Less than a quarter of UK CIOs feel data on mobile devices would be secure if devices are lost or stolen
-
-
15:43
»
Packet Storm Security Exploits
The NATO Research and Technology Organisation (RTO) service (Organisation pour la Recherche et la Technologie OTAN in French) suffers from a local file inclusion vulnerability.
-
15:43
»
Packet Storm Security Recent Files
The NATO Research and Technology Organisation (RTO) service (Organisation pour la Recherche et la Technologie OTAN in French) suffers from a local file inclusion vulnerability.
-
15:43
»
Packet Storm Security Misc. Files
The NATO Research and Technology Organisation (RTO) service (Organisation pour la Recherche et la Technologie OTAN in French) suffers from a local file inclusion vulnerability.
-
-
10:42
»
SecDocs
Authors:
Christiaan Beek Tags:
virtualization virtual machine forensic Event:
Black Hat USA 2010 Abstract: This presentation will be about the problems we are facing when forensic research has to be done on environments which are virtualized. What are the differences between 'tradional' system forensics, what techniques & tools can be used. Which files are important when performing forensic research on Citrix & VMWare environments? What about VHD file format with Windows 7 and what do we need for future research?
-
-
1:30
»
Sophos security news
UK civil servants indicate that headcount reduction is not the answer as they look to shared services and contract renegotiations to reduce IT overheads
-
-
15:15
»
Hack a Day
[Chris] is quite the devoted tinkerer. He recently wrote in to share what can only be described as a labor of love. His Quad Delta Robot system has been in the works for about six years now, split into periods of research, building, more research, and rebuilding until arriving at its current form. The system [...]
-
-
12:42
»
Packet Storm Security Recent Files
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
-
12:42
»
Packet Storm Security Tools
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
-
12:42
»
Packet Storm Security Misc. Files
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
-
-
18:47
»
Packet Storm Security Recent Files
Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.
-
18:47
»
Packet Storm Security Advisories
Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.
-
-
20:00
»
Packet Storm Security Advisories
Secunia Research has discovered two vulnerabilities in glpng, which can be exploited by malicious people to compromise an application using the library. Version 1.45 is affected.
-
0:47
»
SecDocs
Authors:
Christiaan Beek Tags:
forensic cloud computing Event:
Black Hat EU 2010 Abstract: This presentation will be about the problems we are facing when forensic research has to be done on environments which are virtualized. What are the differences between 'traditional' system forensics, what techniques & tools can be used? Which files are important when performing forensic research on Citrix and VMWare environments? What about the VMDK file system and what do we need for future research?
-
-
22:00
»
Packet Storm Security Advisories
Secunia Research has discovered two vulnerabilities in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by two integer truncation errors in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause heap-based buffer overflows. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.
-
-
18:00
»
Sophos security news
Sophos appeals to community for help in writing blockbuster fiction, all in the name of protecting sensitive data.
-
-
11:51
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to manipulate certain data. Input passed via the f parameter to delete.php is not properly sanitized before deleting files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal attacks. Successful exploitation requires authentication.
-
11:51
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to manipulate certain data. Input passed via the f parameter to delete.php is not properly sanitized before deleting files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal attacks. Successful exploitation requires authentication.
-
-
17:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Quicksilver Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute arbitrary SQL queries by tricking a logged in administrator into visiting a malicious web site.
-
18:00
»
Packet Storm Security Advisories
Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The script uses temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks when running the update check via the --hack_the_gibson parameter. Version 1.4 is affected.
-
-
21:11
»
SecDocs
Authors:
Mike Brennan Tags:
authorship privacy Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Authorship recognition based on linguistics (known as Stylometry) has contributed to literary and historical breakthroughs. These successes have led to the use of these techniques in criminal investigations and prosecutions. Stylometry, however, can also be used to infringe upon the privacy of individuals who wish to publish documents anonymously. Our research demonstrates how various types of attacks can reduce the effectiveness of stylometric techniques down to the level of random guessing and worse. These results are made more significant by the fact that the experimental subjects were unfamiliar with stylometric techniques, without specialized knowledge in linguistics, and spent little time on the attacks. This talk will also examine the ways in which authorship recognition can be used to thwart privacy and anonymity and how these attacks can be used to mitigate this threat. It will also cover our current progress in establishing a large corpus of writing samples and attack data and the creation of a tool which can aid authors in preserving their privacy when publishing anonymously. This research was originally motivated by the idea of using stylometry, which is the study of authorship recognition based on linguistic style, to increase security. Could stylometry be used as an aid for verifying the identity of a user? The first step was to see how stylometry held up against adversarial attacks. We developed two attacks and found that they were devastatingly effective against various methods of stylometry. This turned our goal for the research from looking at how stylometry could increase security by verifying an identity to how attacking stylometry can increase security by helping anonymous authors maintain their privacy and protect their identity. This research presents a framework for adversarial attacks including obfuscation attacks, where a subject attempts to hide their identity and imitation attacks, where a subject attempts to frame another subject by imitating their writing style. The major contribution of this research is that it demonstrates that both attacks work very well. The obfuscation attack reduces the effectiveness of the techniques to the level of random guessing and the imitation attack succeeds with 68-91% probability depending on the stylometric technique used. This research also provides another significant contribution to the field in using human subjects to empirically validate the claim of high accuracy for current techniques (without attacks) by reproducing results for three representative stylometric methods. The talk examines the threat that stylometry can pose to anonymity, and what can be done about it. Advice is offered on how to obfuscate your writing style based on what was learned from the subjects in this study. The talk will also discuss current work to create a tool that helps authors hide their writing style. This tool will use a large corpus of existing writing and attack passages in multiple languages along with a variety of stylometric techniques based on different features and machine learning methods. A call for help is also put out to the listeners and readers of this research to participate in the creation of this corpus in multiple languages so the tool can be helpful to as many authors as possible.
-
-
6:31
»
remote-exploit & backtrack
Hi! My name is Dean. I'm 29 years old. I came across this forum while doing some research and decided to join. I hope to share and gain insight with/from you all. I'm trying to be the best me I can be, so I'm trying to stay informed, open-minded, and optimistic.
Thanks, Dean
-
6:31
»
remote-exploit & backtrack
Hi! My name is Dean. I'm 29 years old. I came across this forum while doing some research and decided to join. I hope to share and gain insight with/from you all. I'm trying to be the best me I can be, so I'm trying to stay informed, open-minded, and optimistic.
Thanks, Dean
