#usenixsecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #usenixsecurity, aggregated by home.social.
-
Taking Down Booters: The Cat-and-Mouse Game, blog post for our USENIX Security paper https://www.lightbluetouchpaper.org/2025/09/06/taking-down-booters-the-cat-and-mouse-game/ #DDoS #USENIXSecurity #Cybercrime #NetworkSecurity (also this is my first USENIX Security paper after many many rejections for other papers, and it got an Honourable Mention Award! :-)
-
The Internet Last Week
* VNC signals decreasing
https://dataplane.org/statistics/vncrfb.html
* Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+August+2025+Patch+Tuesday/32192/
https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2025-patch-tuesday-fixes-one-zero-day-107-flaws/
https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
* 34th USENIX Security Symposium
https://www.usenix.org/conference/usenixsecurity25
* Colt Telecom ransomware effects
https://www.colt.net/status/
https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/
https://cyberplace.social/@GossiTheDog/115022343170487477 -
That tickle of interest in academia is back again because of #usenixsecurity.
-
Today, Konrad will present the corresponding paper at #usenixsecurity 2025, one of the top international conferences in security research. If you are at the conference, make sure to come by (Track 2, 2.00pm - 3.30pm) and talk to Konrad about his awesome work.
2/3 -
Really interesting #usenixsecurity talk from Dr. Ben Adida at VotingWorks https://www.voting.works/about on ballot counting resilience.
Main point was paper ballots that can be hand counted is best, but if you must machine count it should rely on paper ballots, be open source, and include features to minimize or flag human error.
-
Not cool.
"We have determined that a bad actor has generated false slides and exploited USENIX’s slide collection process to submit them as though they belong to legitimate authors."
-
At USENIX Security? Then check out:
Studying the Use of CVEs in Academia, won distinguished paper award https://www.usenix.org/conference/usenixsecurity25/presentation/schloegel
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON https://www.usenix.org/conference/usenixsecurity25/presentation/beitis
Big thanks to all co-authors!! #usenixsecurity
-
In the LLM security lightning talk track. Shocker: most public models are a security nightmare and it's wild to me that we're handing these to regular end users after decades of trying to lock down their risks on the web. #usenixsecurity
-
Sitting down at #usenixsecurity opening session. If you want to talk Amazon Science I'll be in random sessions or on and off at the Amazon booth.
-
🚂 Murder on the JNI Express 🚂
Hercule Poirot solved murders.
Droidot solves... memory corruption.On the Android Express, every app is a suspect and their outdated native C/C++ libraries are hiding skeletons in the .so closet.
We investigated 3,967 of the most popular apps, following every JNI call like a trail of footprints in the snow.
Our case file:
🕵️♂️ 4,282 crashes
🔓 34 confirmed vulnerabilities
📜 3 CVEsThe culprit?
Buggy libraries traveling incognito between apps.Interested? Check out https://nebelwelt.net/blog/2025/0813-droidot.html or meet us this week at #usenixsecurity!
-
-
🚨 Android Hackers, Meet Your New Playground 🚨
Kernel bugs getting too hard to find?
Rust eating your memory corruption buffet?
We went hunting elsewhere... and found that proprietary system services hide juicy attack surfaces.Enter NASS 💦💦💦
🔍 Recovers hidden Binder interfaces
🤖 Auto-builds on-device fuzzing harnesses
💥 Already found 12 vulns & 5 CVEs📂 Open-source.
⚡ Ready for your device.
💣 Just waiting for you to fuzz it.Interested? Check out https://nebelwelt.net/blog/2025/0813-nass.html or meet us this week at #usenixsecurity!
-
The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d
#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly
-
The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d
#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly
-
The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d
#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly
-
The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d
#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly
-
The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d
#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly
-
I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf
#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
-
I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf
#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
-
I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf
#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
-
I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf
#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
-
I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf
#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
-
Also looking forward to present #SnailLoad at #USENIX2024.
(3/3) -
Also looking forward to present #SnailLoad at #USENIX2024.
(3/3) -
Also looking forward to present #SnailLoad at #USENIX2024.
(3/3) -
Also looking forward to present #SnailLoad at #USENIX2024.
(3/3) -
Also looking forward to present #SnailLoad at #USENIX2024.
(3/3) -
I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf
#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
-
I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf
#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
-
I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf
#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
-
I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf
#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
-
I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf
#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
-
USENIX Security ’23 – Controlled Data Races In Enclaves: Attacks And Detection – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-controlled-data-races-in-enclaves-attacks-and-detection-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – AEX-Notify: Thwarting Precise Single-Stepping Attacks Through Interrupt Awareness For Intel SGX Enclaves – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-aex-notify-thwarting-precise-single-stepping-attacks-through-interrupt-awareness-for-intel-sgx-enclaves-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – Reusable Enclaves For Confidential Serverless Computing – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-reusable-enclaves-for-confidential-serverless-computing-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – It’s All In Your Head(Set): Side-Channel Attacks On AR/VR Systems – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-its-all-in-your-headset-side-channel-attacks-on-ar-vr-systems-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – Don’t be Dense: Efficient Keyword PIR for Sparse Databases – Distinguished Paper Award Winner – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-dont-be-dense-efficient-keyword-pir-for-sparse-databases-distinguished-paper-award-winner-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – Authenticated Private Information Retrieval – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-authenticated-private-information-retrieval-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – SMACK: Semantically Meaningful Adversarial Audio Attack – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-smack-semantically-meaningful-adversarial-audio-attack-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
I accidentally ended up watching this video again and it is excellent and only become more relevant: https://www.youtube.com/watch?v=ajGX7odA87k&ab_channel=USENIX James Mickens "USENIX Security '18-Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?" #AI #CyberSecurity #USENIXSecurity
-
USENIX Security ’23 – GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-gap-differentially-private-graph-neural-networks-with-aggregation-perturbation-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – Inductive Graph Unlearning – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-inductive-graph-unlearning-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – User Awareness and Behaviors Concerning Encrypted DNS Settings in Web Browsers – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-user-awareness-and-behaviors-concerning-encrypted-dns-settings-in-web-browsers-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #OpenAccessResearch #SecurityConference #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
USENIX Security ’23 – An Empirical Study & Evaluation of Modern CAPTCHAs – Source: securityboulevard.com https://ciso2ciso.com/usenix-security-23-an-empirical-study-evaluation-of-modern-captchas-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityConferences #OpenAccessResearch #CyberSecurityNews #SecurityBoulevard #USENIXSecurity’23 #USENIX
-
📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | https://arxiv.org/abs/2209.14921 | https://gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23 -
📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | https://arxiv.org/abs/2209.14921 | https://gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23 -
📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | https://arxiv.org/abs/2209.14921 | https://gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23 -
📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | https://arxiv.org/abs/2209.14921 | https://gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23 -
📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | https://arxiv.org/abs/2209.14921 | https://gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23