USENIX Association Proceedings of the 12 th USENIX Security Symposium
نویسنده
چکیده
We report on an observational study of user response following the OpenSSL remote buffer overflows of July 2002 and the worm that exploited it in September 2002. Immediately after the publication of the bug and its subsequent fix we identified a set of vulnerable servers. In the weeks that followed we regularly probed each server to determine whether its administrator had applied one of the relevant fixes. We report two primary results. First, we find that administrators are generally very slow to apply the fixes. Two weeks after the bug announcement, more than two thirds of the servers were still vulnerable. Second, we identify several weak predictors of user response and find that the pattern differs in the period following the release of the bug and that following the release of the worm.
منابع مشابه
USENIX Association Proceedings of the 12 th USENIX Security Symposium
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...
متن کاملUSENIX Association Proceedings of the 9 th USENIX Security Symposium Denver
We describe Shibboleth, a program to manage private Internet mailing lists. Differing from other mailing list managers, Shibboleth manages lists or groups of lists that are closed, or have membership by invitation only. So instead of focusing on automating the processes of subscribing and unsubscribing readers, we include features like SMTP forgery detection, prevention of outsiders’ ability to...
متن کاملUSENIX Association Proceedings of the 10 th USENIX Security Symposium
We present a new approach to fast certi cate revocation centered around the concept of an on-line semi-trusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) o ers a number of practical advantages over current revocation techniques. Our approach simpli es validation of digital signatures and enables certi cate revocation wi...
متن کاملUSENIX Association Proceedings of the 9 th USENIX Security Symposium
We describe a system that we have designed and implemented for publishing content on the web. Our publishing scheme has the property that it is very difficult for any adversary to censor or modify the content. In addition, the identity of the publisher is protected once the content is posted. Our system differs from others in that we provide tools for updating or deleting the published content,...
متن کاملErsatzPasswords - Ending Password Cracking
This work was supported, in part, by a grant from the Northrop Grumman Corporation, National Science Foundation Grants CPS-1329979, Science and Technology Center CCF-0939370, and EAGER-1548114. [1] Everspaugh, A., Chatterjee, R. , Scott, S., Juels, A., and Ristenpart, T. 2015. The pythia PRF service. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC’15). USENIX Association...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003