Outlook: Purple

New Macbook Airs

2011-07-20T10:00:00.002-05:00

The new Macbook Airs are released, along with Mac OS X Lion. If you don't already have one, my recommendation stands--it was and is a brilliant machine. But for upgrades--and I was ready to pull the trigger on a new one--FAIL. The machine needs 8GB of RAM. I burned goats, stared at the night sky, fed the hungry, but the new Air still tops out at 4GB.

Sorry, it's not enough. My road warrior machine needs to run a bunch of OS's under virtualization, sometimes at the same time. The lack of an 8GB option is a fail. Maybe next time. And since I have to wait, I also need a 512GB SSD. Thanks.

Macbook AIr

2010-12-10T08:36:00.005-06:00

I'm not a Mac fanboy, but the Macbook Air is amazing. Because of a few projects I'm working on, I needed a new Mac and wanted something as light as possible, because I'll often have to lug it along with my daily warrior, a loaded and SSD-ed Thinkpad T400s.

First, the Air is an amazing engineering feat. You've seen the pictures, but until you hold it, it's hard to really imagine how thin this laptop is. I don't have any rigorous performance numbers, but those upset by the use of a Core2 chip instead of one of the newer i5/i7 chips can relax--for virtually anything you'll use this laptop for (barring extreme 3D games, I presume, though I haven't checked out the performance and don't intend to use it for that), it's plenty fast. Lightroom rendered images very quickly, applications open instantly, reboot is blazing, it's very responsive in every situation I've encountered.

It's not perfect, of course. Where (Apple) are the home and end keys? How about pgup and pgdn? I know--Fn-arrow. And del? Yeah, Fn-delete. I want keys. I'm not thrilled with gigabit over USB. I would love a builtin VGA port for presentations so I don't have to lug a dongle, but where would it go? There's not a single spot where the laptop is as thick as a VGA plug. I would have liked 8GB of RAM (I make heavy use of virtualization). But overall, this is one sweet laptop and highly recommended if you need a lightweight Mac solution.

Concert photography

2010-09-29T17:32:00.001-05:00

I now have a website dedicated to concert photography. Have a look at http://www.highisomusic.com if you're interested.

John Cage

2010-09-29T17:26:00.004-05:00

Somehow, I never paid attention. Now I'm listening to his "prepared piano" music, which is brilliant...and startling. A must listen if you like the tension created by silence in music (i.e., not to draw too close a comparison, but if you hate Thelonious Monk, you might not like it). The CDs are:

I came across the music while watching Shutter Island and at first thought the pieces had been composed for the movie, because they worked beautifully to create tension in some of the "scary" parts. Have a listen.

RECON 2010

2010-07-14T09:03:00.002-05:00

I'm back in Montreal for a month (after disappearing from Quebec for 8, after my sabbatical ended) and the highlight so far is RECON 2010. I've tried to attend in the past, but timing never worked out. This year I made it and I offer the following comments:

The talks are outstanding. The schedule is exhausting, particularly since the talks are outstanding and it's difficult to walk away from any of the talks to rest. It's a conference for those with 20 year old stamina (I'm 45, but have 25 year old stamina--almost good enough). The beer was good. The hotel almost caught on fire while I was in the shower. Note: If you hear faint beeping sounds while in a Canadian hotel, that might be the fire alarm. I hardly noticed, and it took a call from my wife to send me rushing down the stairs, barefoot. I always wanted to walk down a main street in Montreal barefooted, so my dream was fulfilled.

Sebastian Porst talked about obfuscating malicious payloads in PDF and zynamics has a new tool that's worth checking out called PDF Dissector.

Danny Quist (founder of offensivecomputing.net) talked about some extensions to Ether (which itself is a set of patches to Xen to support malware analysis via hardware virtualization). Danny also showed off some very nice visualisation techniques for understanding execution flow during malware unpacking. His stuff is set for release in 2011(?). Check out the Ether page here. This was a great talk and will hopefully open up some avenues for collaboration, because my research group at UNO is also working on live forensics/malware detection and mitigation via VM introspection.

Ricky Lawshae (from BreakingPoint in Austin) discussed "picking" electronic locks using sequence number prediction. Yes, channelling Mitnick-style attacks into 2010. Now I'll have to stop telling my students that sequence number attacks are "so yesterday"...

There were also talks on picking (and destroying) physical locks, 8-bit/16-bit hardware hacking, reverse engineering embedded systems, deep looks at the obfuscation schemes of some recent malware (Swizzor and Mebroot), porting Syndicate (one of my favorite games in grad school) to modern architectures, building a router from scratch for SDSL service, and others. Check out everything at RECON.

RECON is moving to an annual schedule, so be sure to check it out in 2011. Attendance is limited, so register early once for 2011 that's possible.

Teaching Reverse Engineering

2009-07-31T09:19:00.004-05:00

I'm presenting a paper at the Cyber Experimenation and Test (CSET 2009) workshop, held in conjunction with USENIX Security 2009, on teaching reverse engineering in academia. I'm also presenting a two day tutorial on reverse enegineering for USENIX Security, which is a condensation to bare essentials of the semester-long class on reverse engineering that I teach at the University of New Orleans.

There are a few very important challenges in teaching reverse engineering in an academic setting:

The first is that students will likely show up with poor assembly skills. This is because assembly language courses, if they exist at all as separate courses in a curriculum, are typically full of things that do not help students become better systems people. While High Level Assembler (which drapes assembler in macros that give it a flavor more like a high level language) might be a good idea for development of large scale applications in assembler, it hides details that students *should* be immersed in when learning assembly language. The pain, the attention to myriad minute details, complex interaction with hardware features, et al are essential. For systems research, the devil really is in the details. The punchline is that students will essentially have to be taught deep assembly skills while learning reverse engineering, all in a single semester, which creates important time constraints. More on this below.

Another challenge is not only teaching students about the potential legal ramifications of reverse engineering, but also avoiding these same legal hurdles while teaching the course. In my case, the class is focused exclusively on the analysis of malware, which relieves many of the legal issues, but adds yet another dimension, that of safety for the academic computing environment. My solution is to carefully screen the malware samples that will be analyzed by students in the lab. Since my approach to teaching this course involves detailed walkthroughs of assembler for each malware sample, I have to do exhaustive analysis of the effects of the malware, anyway. As further protection, the laboratory environment consists of an isolate-able gigabit network connecting workstations running Linux and VMWare. Preconfigured Windows XP guests under VMWare are used for most analysis and the guests typically have networking disabled as a safety precaution. The XP VMWare images contain a licensed version of IDA Pro, ollydbg, WinHex, HBGary's Responder, the sysinternals tools, as well as other tools. In the next iteration of the class, we will also use BinDiff and BinNavi.

In the reverse engineering class, I'm not interested in having students learn what reverse engineering is. I want them to be able to *do* reverse engineering. This rules out the traditional academic format of flipping Powerpoint slides and giving exams. The approach I've used for the class, to deal with the fact that students must gain good assembly skills while learning reverse engineering, all in a single semester, is to immerse them immediately in the analysis of real malware samples. The malware that we analyze in the class and in laboratory assignments increases in difficulty as the semester progresses and each sample is chosen to push the students a little harder and to force them to gain more systems knowledge in order to succeed.
An essential component of the class is reliance on a document camera for in-depth walkthroughs of every malware sample, in class. I drive the discussion, but students are expected to participate and what results is a very deep analysis of each sample, which is then distributed to all of the students.

More details on the class and my approach to teaching it can be found in my CSET paper, which is here.

Celeriac

2009-07-20T19:17:00.006-05:00

Imagine my surprise (or don't) when I discovered that celery was once a delicacy, and special dishware was created to display your prized vegetable. While I dutifully chop celery for traditional Creole and Cajun recipes, I've never been a huge fan. Enter celeriac. It's not very popular in the US, but the corner store near my apt in Montreal sells celeriac, so I had to give it a try. I've made it several ways, including diced and quickly sauteed in olive oil with fresh sage leaves as well as in a root vegetable mash, with Yukon gold potatoes, olive oil, thyme, sea salt, freshly ground pepper, some chicken stock, and a slosh of whole milk. It's also good raw. Celeriac is yummy, very healthy, and deserves a higher profile on our tables. Here's to one of my new favorite vegetables.

Here's a photo of the celeriac mash:

Salut.

GNOCIA Approved by the Board of Regents

2009-06-05T12:38:00.003-05:00

The Greater New Orleans Center for Information Assurance (GNOCIA), housed in the Department of Computer Science at the University of New Orleans, was just approved by the Louisiana Board of Regents! I will serve as the first director of GNOCIA. The center will focus on digital forensics, malware, and reverse engineering research and will enhance UNO's ability to partner with industry, academia, and government agencies on important projects in these areas. The University of New Orleans has offered a substantial committment to equip the center with state-of-the-art equipment.

Every Kitchen Needs...

2009-05-20T19:23:00.003-05:00

o Top quality ventilation. My exhaust fan is the size of a small volkswagen.

o A long-handled whisk. OK, several of them.

o Lots of seasoned cast iron.

o A freezer full of homemade stock. Nothing else goes in the freezer except ice cubes and ice cream. Ban the nasty bouillon cubes, man.

o A terrifyingly sharp chef's knife.

o Orange extract.

o Olive oil. Lots of olive oil.

o An open bottle of Gigondas. Or, if you're buying, Chateauneuf du Pape. And a wedge of delice de bourgogne.

There are a few other requirements, but we can mostly make do if these 'ingredients' are available.

Straight, No Chaser

2009-04-27T17:44:00.003-05:00

It's possible I'll change my mind, but at least for now, Straight, No Chaser is the ultimate. Current edition: on 5 by Monk by 5, SACD.

Thelonious Monk rewired me long ago.

I'm alive

2009-04-21T23:59:00.002-05:00

The news:

The University of New Orleans is now designated as a Center of Academic Excellence in Information Assurance Research (CAE-R). We got the news today (April 21).

We have the Scalpel file carving application carving 30 file types at line speed w/ in-place file carving... New release of Scalpel on the way, really. Truly.

I'll be in Montreal at Ecole Polytechnique de Montreal for sabbatical this summer and fall (2009).

The reverse engineering class I've been teaching during Spring 2009 at the University of New Orleans has silenced me. Huge amounts of class prep, but a very nice experience. DOS boot sector virus disassemblies, anyone?

French Quarter Festival was super. The Renard Poche band blew my mind. And Bonerama hardly sucks.

Jazz Fest time. Brass pass in hand.

DFRWS / USENIX Security in Montreal during my sabbatical. I'll be teaching at two day tutorial on (teaching) reverse engineering at USENIX Security.

Wear purple.

Peace,

--Golden

Flickr

2008-12-04T17:47:00.002-06:00

I've been spending a lot of time improving (or try to improve) my photography skills lately, concentrating mainly on macro shots. I use a Nikon D300 and various Nikkor lenses, supplemented with a Sigma 150mm macro for extreme closeups. I'm using Flickr to publish photos and solicit feedback--my page is http://flickr.com/photos/2gsandad/.

Digital Forenics Research Workshop (DFRWS)

2008-12-04T17:42:00.003-06:00

So it's really a conference now, but DFRWS makes a good acronym and is well established.

The DFRWS will be in Montreal for 2009, held one week after USENIX Security (also in Montreal), from August 17 to 19, 2009. The conference hotel is the Delta Centre-ville Hotel, a perfect venue and at a beautiful time to visit Montreal.

Now is the time to get working on a good paper: the due date for paper submissions is March 19, 2009. The CFP is available at http://www.dfrws.org/2009/cfp.shtml.

Look for details of the 2009 DFRWS forensics challenge soon, which will be based on PS3 forensics.

It's looking like Portland for 2010, but that's still under consideration.

DC3 Challenge Results

2008-12-04T17:39:00.003-06:00

The results of the 2008 DC3 digital forensics challenge are now available at http://dc3.mil/challenge/results.php.

This year, the University of New Orleans team, consisting of Andrew Case (CS undergraduate), Brian Roux (CS M.S. student), Lodovico Marziale (CS Ph.D. students) and I took fourth place overall and second place among academic teams. The DC3 provided challenge materials to 199 teams. Of these 199, only 20 submitted solutions to what turned out to be a very difficult challenge.

A plug for a great book...

2008-10-29T01:03:00.005-05:00

OK, so I'm biased. But I think Elsa Hahn's new book on cooking in New Orleans is super. And it's not because she chose some of my recipes, but instead, it's the whole package. Great stories, great photography, and a lot of hard work on her part.

Check it out.

Welcome to the new blog...

2008-10-29T00:59:00.001-05:00

My blog at the University of New Orleans, based on Movable Type, was continually down because of problems with equipment upgrades breaking databases or some other issue. I've migrated away. Archives of that blog are still available, but from now on, it's here.