Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 17 2014

20:25
19:24
17:13
15:29

January 07 2014

23:09

Firmware Fat Camp

We present a collection of techniques which aim to automagically remove significant (and unnecessary) portions of firmware binaries from common embedded devices to drastically reduce the attack surface of these devices. We present a brief theoretical explanation of Firmware Fat Camp, a collection of "before" and "after" photos of graduates of FFC, along with a set of live demonstrations of FFC in action on common embedded devices. Modern embedded systems such as VoIP phones, network printers and routers typically ship with all available features compiled into its firmware image. A small subset of these features is activated at any given time on individual devices based on its specific configuration. An even smaller subset of features is actually used, as some unused and insecure features cannot are typically enabled by default and cannot be disabled. However, all embedded devices still contain a large amount of code and data that should never be executed or read according to its current configuration. This unnecessary binary is not simply a waste of memory; it contains vulnerable code and data that can be used by an attacker to exploit the system. This “dead code” provides an ideal attack surface. Automated minimization of this attack surface will significantly improve the security of the device without any impact to the device’s functionality. We propose a set of methods of hardening existing embedded systems against attack by employing Binary Autotomy or the automated removal of unnecessary binaries from each embedded device according to its current configuration. The configuration of the embedded device to be protected is analyzed. The firmware binary corresponding to the features enabled in the configuration is kept. The firmware corresponding to features not enabled in the configuration is removed from the firmware image. The firmware to be removed is determined by applying static and dynamic binary code analysis on the original firmware image. This analysis maps each configurable feature with a set of binary executable code within the firmware image. When a particular configuration is analyzed, a list of enabled features is built from this file. Using the feature to code mapping created from the original dynamic and static analysis, autotomic binary reduction simply removes all code that belongs to features that are not enabled, or should not be used, in the particular configuration file in question. We present quantitative analysis of the effectiveness of Binary Autotomy algorithms on a collection of common embedded devices along with several live demonstrations of embedded devices running post FFC firmware images. How much unnecessary binary can be ripped out of XYZ*? Come and find out! * XYZ = {Home routers | Enterprise routers | VoIP phones | Printers | Web Cams} http://events.ccc.de/congress/2013/Fahrplan/events/5356.html Day: 2013-12-27 Start time: 23:00 Duration: 01:00 Room: Saal 6 Track: Security & Safety Language: en

January 01 2014

22:12

Kathy Sierra at Business of Software 2012. Creating the minimum badass user. | Business of Software

January 21 2012

17:08

A Conversation with Errol Morris on the Nature of Truth, Photography, and Documentary | /Film

Director Errol Morris has made a career out of solving mysteries, which comes as no surprise since the man used to be a private detective. Whether he was http://www.slashfilm.com/conversation-errol-morris-nature-truth-photography-documentary/

June 29 2011

19:25

A Chat with Alan Ball | True-Blood.net - True Blood season 4 news, spoilers, & photos!

May 07 2011

03:52

Special video edition of Think Vitamin Radio

In this special edition of Think Vitamin Radio, I sit down with Alan, Jim and Nick to discuss interesting topics like Spine, CloudFoundry, CoffeeScript and Sass http://thinkvitamin.com/web-industry/special-video-edition-of-think-vitamin-radio/

April 02 2011

06:33

The Book Show

Increasingly, public libraries lend digital books as part of their expanding range of services, but the future of e-lending is far from clear. In this report, we look at how the digital shift will change the way libraries work.

January 21 2011

00:59

ABC Radio National - The Boyer Lectures Lecture 1 The Global Moment Glyn Davis

The Boyer Lectures are a series of talks by prominent Australians, chosen by the Board of the Australian Broadcasting Corporation to present their ideas on major social, scientific or cultural issues. The lectures showcase great minds examining key issues and values. http://www.abc.net.au/rn/boyerlectures/default.htm
00:57

ABC Radio National - The Boyer Lectures Lecture 2 A Lectern in a Dusty Room Glyn Davis

The Boyer Lectures are a series of talks by prominent Australians, chosen by the Board of the Australian Broadcasting Corporation to present their ideas on major social, scientific or cultural issues. The lectures showcase great minds examining key issues and values. http://www.abc.net.au/rn/boyerlectures/default.htm
00:54

ABC Radio National - The Boyer Lectures Lecture 5 Fired with Enthusiasm Glyn Davis

The Boyer Lectures are a series of talks by prominent Australians, chosen by the Board of the Australian Broadcasting Corporation to present their ideas on major social, scientific or cultural issues. The lectures showcase great minds examining key issues and values. http://www.abc.net.au/rn/boyerlectures/default.htm
00:54

ABC Radio National - The Boyer Lectures Lecture 6 The Republic of Learning Glyn Davis

The Boyer Lectures are a series of talks by prominent Australians, chosen by the Board of the Australian Broadcasting Corporation to present their ideas on major social, scientific or cultural issues. The lectures showcase great minds examining key issues and values. http://www.abc.net.au/rn/boyerlectures/default.htm
00:54

ABC Radio National - The Boyer Lectures Lecture 3 Research: a mere excuse for idleness Glyn Davis

The Boyer Lectures are a series of talks by prominent Australians, chosen by the Board of the Australian Broadcasting Corporation to present their ideas on major social, scientific or cultural issues. The lectures showcase great minds examining key issues and values. http://www.abc.net.au/rn/boyerlectures/default.htm
00:52

ABC Radio National - The Boyer Lectures Lecture 4 Becoming a Citizen Glynn Davis

The Boyer Lectures are a series of talks by prominent Australians, chosen by the Board of the Australian Broadcasting Corporation to present their ideas on major social, scientific or cultural issues. The lectures showcase great minds examining key issues and values. http://www.abc.net.au/rn/boyerlectures/default.htm

December 24 2010

03:58

Experience Points

Experience Points is a podcast dedicated to "the serious but not humorless discussion of gaming, " hosted by Scott Juster and Jorge Albor. This show typically takes one standout gaming article or blog post from the week and uses it as the basis for more detailed discussion. Brief, but intelligent discourse. (And the theme song eventually settles into a killer Stones-esque groove.) http://experiencepoints.blogspot.com/
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl