🏆 Cryspen co-founders win Usenix Security prizes

At the 32nd USENIX Association Security Symposium in Anaheim CA, a paper on the Messaging Layer Security Protocol, co-authored by our founders Jonathan Protzenko and Karthikeyan Bhargavan, was awarded both the Distinguished Paper Award and the prestigious Internet Defense Prize.

#bestpaperaward #usenix #InternetDefensePrize

https://cryspen.com/post/internet-defense-prize-2023/

i’m on board WN 749 from SNA to DEN, then on to DTW.

#USENIX #SECURITY was awesome. the best part was hanging out with old friends like matt blaze, steve bellovin (and seeing them, along with susan landau, receiving the flame — i nominated them #dontchaknow), patrick mcdaniel, zach peterson, and rik farrow, but i also really enjoyed some of the password cracking and side-channel papers.

About the #tunnelcrack attack, I saw many reactions whose content was, in essence, "this attack has been known for a long time". At the same time, I see a number of #VPN vendors confirming that they are vulnerable, at least in part ( https://www.theregister.com/2023/08/10/tunnelcrack_vpn/ ), and the paper was accepted at #usenix ...

Could someone point me to a resource proving that this security "attack" had been known for a long time ?

Thanks !

#infosec #cybersecurity

(cc @vanhoefm )

there are a lot of people here

#USENIX #SECURITY

i’m at a talk on password cracking and — without going into details — this algorithm totally wrecks me

#USENIX #SECURITY

The Tenth #DCG201 #HacketSummerCamp 2023 Guide is now LIVE covering the #infosec academic trifecta of #USENIX @soups & #GREPSEC that takes place during @defcon!

Deetz: https://defcon201.medium.com/hacker-summer-camp-2023-guides-part-ten-usenix-soups-f64448b43708

@usenixassociation@infosec.exchange @usenixassociation@discuss.systems #soups2023

Do I know anyone who could make use of a free registration to #USENIX #ATC/#OSDI?

@fullyabstract @ACM @ieee_bot

Also @usenixassociation #USENIX

#USENIX #USENIXSecurity

New #censorship analysis publication from #GFWReport: https://gfw.report/publications/usenixsecurity23/en/

TL;DR,
1. The mechanism is passive, and is only run on TCP.
2, When censorship is active, packets are dropped if from the client.
3. Traffic would be exempt if...
* Randomness doesn't exceed 85%.
* At least the first 6 bytes, or over half of the bytes are printable.
* There are at least 20 successive printable bytes.
* The fingerprint matches a TLS or HTTP connection.
4. Iranian censorship closely resembles Chinese censorship.

New on ;login: Online: "Codon: Python Compiler" written by Rik Farrow.
Read it now ➡️ https://www.usenix.org/publications/loginonline/codon-python-compiler

#usenix #openaccess

HEL-MUC-BOS for #USENIX #NSDI. There until early Thursday morning, anyone want to meet up for food?

Ever since the #usenix #lisa conference folded, I’ve been wondering about other conferences. Anyone out there have experience with #educause? I’m curious about how that con stands up in comparison to others.

It’s great to see @mimsical write in WSJ @wsj “Forcing users to change their passwords, mandating special characters are outdated but persistent rules. ‘Some bits of old password wisdom have turned into a bit of a religion.’”

(I’ve called it a “cargo cult”, but it turns out that that was an insult to cargo cults.)

https://www.wsj.com/articles/annoying-password-rules-actually-make-us-less-secure-a05edb70

The paper the article draws from by Kevin Lee, Sten Sjöberg, and @randomwalker freely available from #Usenix #SOUPS. https://www.usenix.org/conference/soups2022/presentation/lee

Renewed my #usenix membership and wondered why I hadn't received issues of the journal ";login:" in a long time- it went entirely digital in 2020. There are good reasons but not having a regular print or even a pdf edition curated is a lost benefit. The last thing I need is to have to seek out more online articles and, based on my immediate interests and their title, decide if I want to read them. I get a lot from journals putting in front of me topics I don't know of, let alone anything about.

Extremely sad: https://www.usenix.org/blog/update-enigma-conference-enigma-steering-committee #usenix

A few thoughts on this year's USENIX Enigma conference in Santa Clara - about the usability of privacy applications, privacy camps, and tech over-regulation.

https://www.tabeawilke.com/latest/enigma-2023

#privacy #privacybydesign #enigma #usenix #tech #usercentereddesign #security #safetysecurity

TIL My favourite System Admin conference, #USENIX #LISA (Large Installation System Administration), will no longer happen [1]

It lasted 35 years, it began at another time when:

- System administration and automation wasn't seen as important and/or to be actively managed
- The culture of System administration and its human process
- Open systems like TCP/IP and POSIX (Unix) are the future

Those statements were seen as radical. We're past that today.

1: https://www.usenix.org/publications/loginonline/lisa-made-lisa-obsolete-thats-compliment

HEL-LAX-SJC for #USENIX #FAST23

Overview #usenix #enigma2023:

usenix.org/conference/enigma2023

Must-Follow Accounts:

@eob@social.coop #GOOG
@leak@hachyderm.io ex-#TWTR CISO

#PKI #WebPKI #IAM #ML #EFF

Have you ever wondered Why Healthchecks are Like Sidewalks? @lauralifts has wondered too

https://www.usenix.org/publications/loginonline/why-health-check-sidewalk

#systems #sre #usenix