EmailSafety.net - SNARE, Gazelle, Vanish, Nemesis and Nozzle: sounds like quite the wild security conference

SNARE, Gazelle, Vanish, Nemesis and Nozzle: sounds like quite the wild security conference

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

I'm a sucker for research projects with catchy names and a slew of them will be discussed at next week's Usenix Security Symposium in Montreal. Here's a sampler:

Gazelle

You might have run across this new Microsoft browser OS that reportedly can enforce strong security during the recent Google Chrome OS frenzy. Gazelle will get a further review at the Usenix event during the presentation of the paper "The Multi Principal OS Construction of the Gazelle Web browser" authored by Microsoft Research, University of Washington and University of Illinois at Urbana-Champaign researchers.

The authors write: "Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance. Our security policies pose some incompatibility, the cost of which requires further investigation."

Related Content

20 kick-ass network research projects you should know about

SNARE

SNARE (Spatio-temporal Network-level Automatic Reputation Engine), the brainchild of George Tech and McAfee researchers, is designed to foil spammers. And we can use all the help we can get on that front if recent numbers from McAfee can be believed: it found that spam now constitutes 92% of all e-mail.

SNARE eschews spam filtering techniques based purely on identifying the content or relying on reputation-based blacklists/whitelists. Instead, SNARE zeroes in on network-level behavior ("how messages are sent") to spot spammers. This includes eyeing how far apart spammers are from their targets and each other and even what time of day they launch their messages.

Technology Review recently profiled the technology, noting that one Georgia Tech researcher is helping Yahoo address spam issues by using knowledge from the SNARE project.

Nozzle

This technology is described as "A Defense Against Heap-spraying Code Injection Attacks," in a paper authored by Microsoft Research and Cornell University researchers. Heap-spraying, if you aren't familiar with it, refers to certain ActiveX or JavaScript routines trying to fill up browser memory until they can get a shell code and take over the computer, according to an expert quoted in an earlier Network World article. Nozzle's creators say they have come up with "a runtime monitoring infrastructure that detects attempts by attackers to spray the heap. Nozzle uses lightweight emulation techniques to detect the presence of objects that contain executable code. To reduce false positives, we developed a notion of global 'heap health'."

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites