[cs-talks] Upcoming CS Seminars: NRG (Tues) + Guest Speaker (Tues) + BUSec (Wed) + BUILDS (Wed)

Greenwald, Faith fgreen1 at bu.edu
Tue Feb 16 10:49:44 EST 2016


NRG Seminar
Shields Up! Defense for evading reconnaissance and JavaScript driven L7 attacks
William Koch, Azer Bestavros
Tuesday, February 16, 2016 at 11am in MCS 148

Abstract: Cyber attacks can be categorized as opportunistic or targeted. In an opportunistic attack, the target is initially unknown. As a first step in identifying a potential target, the adversary will scan a network as part of their reconnaissance to find a candidate machine. While a targeted attack requires research and planning. As an example, JavaScript has been observed to perform application layer (L7) attacks such distributed denial of service (DDoS). Reverse proxies and web application firewalls (WAF) are the standard defense for the aforementioned threats, however deploying these defenses can be costly and cause additional overhead. In response, we develop Shields, a minimalist defense for evading reconnaissance and JavaScript driven L7 attacks. Shields are static HTML files used to block malicious JavaScript requests attempting to accesses unauthorized web resources. If a request is legitimate, the Shield uses port knocking to white list the client on the origin server thus keeping the origin server stealth to all other IPs. Shields provide an alternative defense to reduce a web servers attack surface, while keeping operating cost at a minimum.

Guest Speaker Event
Phil Libin, Evernote
Tuesday, February 16, 2016 at 4:30pm in Questrom School of Business, Rm 105

The BU Entrepreneurship Club would like to extend an invitation to Computer Science students here at Boston University to hear Phil Libin, founder, and former CEO of Evernote, speak on entrepreneurship and innovation.

The Boston University Questrom School of Business in partnership with BUzz Lab will be hosting Phil Libin, the founder of Evernote on Tuesday, February 16th at 4:30 in Questrom 105. Come here him speak on entrepreneurship and innovation with Curt Nickisch, the business ad technology reporter for WBUR.


BUSec Seminar
Attacking the Network Time Protocol
Aanchal Malhotra, BU
Wednesday, February 17, 2016 at 9:45am in MCS 148

Abstract: We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic to alter the time on client systems. We first discuss how an on- path attacker, that hijacks traffic to an NTP server, can quickly shift time on the server’s clients. Then, we present a extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to shift time on a client. We discuss the implications on these attacks on other core Internet protocols, quantify their attack surface using Internet measurements, and suggest a few simple countermeasures that can improve the security of NTP.

BUILDS Video Game Workshop
Wednesday, February 17, 2016 at 7pm in MCS B26

Hi CS Students, Do you like video games? Do you like making things? Become a game designer Feb.17 @ 7:00pm in BUILDS (MCS B26). Make the next Flappy Bird, the next Call of Duty. Learn the Unity game engine, the Number 1 industry development tool used to make top games for Xbox, PlayStation, iOS, and more! By the end of the workshop, you'll have your own PC game - guaranteed! What are you waiting for? Sign up now! Make a game. Make it BIG. About the instructor: Chris McGlade has 5 years experience in Unity and currently runs his own game development studio, Lightning Man Media LLC. He released a PC/Mac horror game on Steam last year and has licensed his source code to other game companies. His iPhone game, Bar Crasher, is currently pending release on the App Store and he has recently entered into a contract with Sony to produce games for PlayStation. Please RSVP on the Facebook event here: https://www.facebook.com/events/183654342001650/ Best, Sean & Chris


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/cs-talks/attachments/20160216/507304a0/attachment.html>


More information about the cs-talks mailing list