home.social

#usenixsecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #usenixsecurity, aggregated by home.social.

  1. Taking Down Booters: The Cat-and-Mouse Game, blog post for our USENIX Security paper lightbluetouchpaper.org/2025/0 #DDoS #USENIXSecurity #Cybercrime #NetworkSecurity (also this is my first USENIX Security paper after many many rejections for other papers, and it got an Honourable Mention Award! :-)

  2. That tickle of interest in academia is back again because of #usenixsecurity.

  3. Today, Konrad will present the corresponding paper at #usenixsecurity 2025, one of the top international conferences in security research. If you are at the conference, make sure to come by (Track 2, 2.00pm - 3.30pm) and talk to Konrad about his awesome work.
    2/3

  4. Really interesting #usenixsecurity talk from Dr. Ben Adida at VotingWorks voting.works/about on ballot counting resilience.

    Main point was paper ballots that can be hand counted is best, but if you must machine count it should rely on paper ballots, be open source, and include features to minimize or flag human error.

  5. Not cool.

    "We have determined that a bad actor has generated false slides and exploited USENIX’s slide collection process to submit them as though they belong to legitimate authors."

    #usenixsecurity

  6. At USENIX Security? Then check out:

    Studying the Use of CVEs in Academia, won distinguished paper award usenix.org/conference/usenixse

    Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON usenix.org/conference/usenixse

    Big thanks to all co-authors!! #usenixsecurity

  7. In the LLM security lightning talk track. Shocker: most public models are a security nightmare and it's wild to me that we're handing these to regular end users after decades of trying to lock down their risks on the web. #usenixsecurity

  8. Sitting down at #usenixsecurity opening session. If you want to talk Amazon Science I'll be in random sessions or on and off at the Amazon booth.

  9. 🚂 Murder on the JNI Express 🚂

    Hercule Poirot solved murders.
    Droidot solves... memory corruption.

    On the Android Express, every app is a suspect and their outdated native C/C++ libraries are hiding skeletons in the .so closet.

    We investigated 3,967 of the most popular apps, following every JNI call like a trail of footprints in the snow.

    Our case file:
    🕵️‍♂️ 4,282 crashes
    🔓 34 confirmed vulnerabilities
    📜 3 CVEs

    The culprit?
    Buggy libraries traveling incognito between apps.

    Interested? Check out nebelwelt.net/blog/2025/0813-d or meet us this week at #usenixsecurity!

  10. 🚨 Android Hackers, Meet Your New Playground 🚨

    Kernel bugs getting too hard to find?
    Rust eating your memory corruption buffet?
    We went hunting elsewhere... and found that proprietary system services hide juicy attack surfaces.

    Enter NASS 💦💦💦
    🔍 Recovers hidden Binder interfaces
    🤖 Auto-builds on-device fuzzing harnesses
    💥 Already found 12 vulns & 5 CVEs

    📂 Open-source.
    ⚡ Ready for your device.
    💣 Just waiting for you to fuzz it.

    Interested? Check out nebelwelt.net/blog/2025/0813-n or meet us this week at #usenixsecurity!

  11. I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
    SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
    Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
    Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/slubstick

    #SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

  12. I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
    SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
    Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
    Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/slubstick

    #SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

  13. I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
    SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
    Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
    Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/slubstick

    #SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

  14. I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
    SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
    Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
    Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/slubstick

    #SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

  15. I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
    SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
    Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
    Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/slubstick

    #SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

  16. I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
    Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/divide_an

    #divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity

  17. I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
    Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/divide_an

    #divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity

  18. I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
    Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/divide_an

    #divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity

  19. I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
    Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/divide_an

    #divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity

  20. I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
    Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

    You can read the full paper here: stefangast.eu/papers/divide_an

    #divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity

  21. I accidentally ended up watching this video again and it is excellent and only become more relevant: youtube.com/watch?v=ajGX7odA87 James Mickens "USENIX Security '18-Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?" #AI #CyberSecurity #USENIXSecurity

  22. 📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
    2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | arxiv.org/abs/2209.14921 | gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23

  23. 📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
    2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | arxiv.org/abs/2209.14921 | gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23

  24. 📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
    2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | arxiv.org/abs/2209.14921 | gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23

  25. 📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
    2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | arxiv.org/abs/2209.14921 | gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23

  26. 📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
    2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | arxiv.org/abs/2209.14921 | gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23