I’m currently in Chicago, having just attended the 18th ACM Conference on Computer and Communications Security, where Adam Doupé presented our paper, Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities. As always, when I’m traveling, the problem of how to connect to the Internet arises. Fortunately …

Yesterday, October 7, 2011, the graduate students of UCSB’s Computer Science department, including myself, hosted the 6th annual Graduate Student Workshop on Computing (GSWC). The workshop is a great opportunity for other students, faculty, and industry professionals to get an overview of the work performed by our department. Part …

For the third year, I competed with team Shellphish in the Defcon quals. We pulled through with some amazing points at the end to finish in 8th place. My successful contributions, however, were really only with respect to Forensics 100 and 300. My write up for the following are below …

Last night Adam Doupé wrote up his description on our Execution After Redirect Vulnerability which I wanted to link my followers to. Adam’s primary focus on this project has been adapting a static ruby analyzer to find instances of the EAR vulnerability in thousands of Ruby-On-Rails projects from github …

Update 2011/02/23 11:02 PST
Added the lift tag and updated the list.

Update 2011/02/22 13:19 PST
Added the jsf tag (java server faces) and updated the total question count for each item on the list.

Update 2011/02/22 11:14 PST
Adding spring-mvc …

The Usenix security deadline is quickly approaching, and that means finalizing everything on my research project. Therefore, today I wanted to quickly parallelize some of my analysis code to take advantage of the eight virtual processors on my machine. I previously wrote about python multiprocessing and keyboard interrupts, so the …

Each year the Security Lab at UCSB hosts the International Capture the Flag competition, an approximately eight-hour security competition pitting security groups at various universities around the world against each other. Last year I had the privilege of contributing significantly to the setup on the iCTF, and later publishing and …

Recently I’ve done a lot of work requiring heavy computation on large datasets. While python is not a great choice for speed, it can be extended by modules written in C for those speed critical moments. For such moments I always try to find solutions written as C modules …

VirusTotal is a web service that essentially performs a virus scan of an uploaded file, or url against many of the top virus scanners (see full list). I recently needed to submit over 100 binaries to VirusTotal, and being a computer scientist I knew this task, like many other things …

Update 2012/02/14: Added post: Python Multiprocessing Pool and KeyboardInterrupt Revisited

Update 2011/02/03: Added commentary regarding Georges’s comment about this stackoverflow thread.

Update 2011/01/28: There is an issue with this code when passing large objects through the queue. While the code listed below will …