Yeah, I remember when Dell first started offering machines with Ubuntu pre-installed. Trying to find them on the Dell website reminded me of something I read in the Hitchhiker's Guide to the Galaxy:

5 May 2009 fades ever farther into my distance. This just pushed it a whole lot more, all at once.

And here I was about to post a link to a well-done presentation by Microsoft security engineers at BlackHat, a technical exploration of improvements to the resilency of Windows 8. But now, it hardly seems worth the effort.

I've love to read (watch?) that presentation. Post the link anyway!

Session abstract: https://www.blackhat.com/html/bh-us-...s.html#Miller2
PDF of slides: https://media.blackhat.com/bh-us-12/...ion_Slides.pdf

Awesome, Steve! Thank you!

An aside: the presentation on "Advanced Arm Exploitation" gave me a chuckle because it brought back an ancient memory. The presentation was by two folks from "Dontstuffbeansupyournose.com". When I was 6 or 7 I was looking up my nose in a mirror and wondering how big that cavity I saw was. So, I decided to stuff peas up my nose until I couldn't get any more in. My plan then was to blow them out of my nose and count them. The part of my plan that involved stuffing peas up my nose worked perfectly. And, I was able to count them in the process! 23, IIRC. The second part of my plan didn't work so well. I couldn't blow them out and I couldn't sniff them to the back of my pharyngeal cavity and swallow them. The doctor had to use a special tool to reach up in there and pull them out, one at a time. Any sacrifice for the cause of science!

Back to the topic: It's interesting that DARPA is fast-tracking the "File Disinfection Framework" for polymorphic viruses. This approach seems to allow the development of a tool that can neutralize a wide variety of viruses running on Windows and minimize the number of Windows based applications that would have to be re-written to run on another, more secure, OS.


The presentation on jemalloc.c was also interesting:
One can only guess at how many jemalloc exploits are out there, as yet undetected, since it has been seven years since Jason Evans introduced jemalloc in FreeBSD.

The presentation on Websocket hacking can apply to all the browsers, regardless of platform:
But, ESPECIALLY interesting is the presentation on hardware backdoors, especially after the Cisco fiasco:
Besides Cisco, the first thought that leaped into my head was the fact that nearly ALL of today's motherboards are manufactured in a totalitarian state bent on world domination. One of the reasons that Gulf War I was so successful is that at the request of the US government several manufacturers of American made computer equipment put secret kill switch and other coded instructions into their hardware. When the first attack struck many computers, printers and hard drives suddenly shut down without reason or warning.

Such backdoors at the international level may be unnecessary, except for military computers, since a nuclear EMP weapon detonated 300 miles above Nebraska would damage or destroy electronics an area that ranged from the West coast to the East coast and from Northern Canada to Southern Mexico. Any military that uses hardware made in China and has contingency plans for a war should China attack is using a brick for a brain.


The next presentation was about industrial back doors:
All of these presentations brought to mind the most devastating "back door" of all. The C compiler that, when compiled from examined open source code, can still plant back doors and viruses into compiled apps, including the compiler itself. A compromised compiler is only one step above the infected microcode that could be placed into CPUs made in ....

http://en.wikipedia.org/wiki/Backdoor_(computing)
All in all, lots of pdf's, and very nice reads. Thanks for the links, Steve.
(Now I know why I don't trust anything...)