MacRaven - Dave Haxton's Weblog

Mon, 23 Nov 2009

English Shell Code Could Make Security Harder

Ah, the resemblance of script to prose! Remember the Unix command line for sex?

gawk; grep; unzip; touch; strip; init,
 uncompress, gasp; finger; find,
 route, whereis, which, mount; fsck; nice,
 more; yes; gasp; umount; head, halt,
 renice, restore, touch, whereis, which,
 route, mount,
 more, yes, gasp, umount, expand, ping,
 make clean; sleep

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."

(link) [Slashdot]

/Humor | 0 writebacks | permanent link

:: Categories ::

agriculture
asatru
copywrongs
humor
musings
politics
technology
index
haxton.org

:: Search ::

:: Blogroll ::

A Mindful Life
The Accidental Smallholder
Austro-Athenian Empire
Cauldron Born
Center for a Stateless Society
Dances with Ewes
Dispatches
egregores
Hardscrabble Creek
Honk & Helen
In Siberia
Laudator Temporis Acti
Lorrie's Livejournal
Masson's Blog
MyAppleMenu
NoNAIS
Notes on Religion
Numenous Thoughts
OrangeGuru
Overlawyered
Prophet or Madman
rogueclassicism
Sugar Mountain Farm
Thud Factor
Universe of Discourse
Wildhunt Blog
within the crainium

:: Archives ::

←January→
Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

:: Site ::

Contact Me

MacRaven
Dave Haxton's Weblog
Musings, Reflections, Rants and Comments from a Hoosier Heathen husband, father, grandfather, farmer and software engineer. There's really only one of me ...

lunar phases

Unless otherwise noted, all original
work on this site is licensed under a

comment...


Notes: If you put a <mailto:> link in the URL field your address will not be mangled: this could be a bad idea as your email address could be easily harvested by bots designed for SPAM. The comments field should now format correctly for line feeds and carriage returns: when you hit the 'Enter' or 'Return' keys in your comment it should break to a new line. The text should wrap cleanly. Please let me know if it doesn't. No HTML tags will pass through - entering links seems to be the main cause of comment SPAM. Also, please be sure that Javascript is enabled in your browser before attempting to post a writeback. Sorry for any inconvenience, but this really helps cut down on the amount of comment SPAM I have to deal with.

Name:
URL:	(optional)
Title:	(optional)
Comments:
Save my Name and URL/Email for next time