Reverse engineering techniques to find security bugs: A case study of the ANI
Google EngEDU
1 hr 1 min – May 22, 2007

Google Tech Talks
May 21, 2007

ABSTRACT

Alex Sotirov is a vulnerability engineer at determina. He will discuss some latest techniques in reverse engineering software to find vulnerabilities. Particularly, he’ll discuss his technique that lead him to find the ANI bug (a critical new bug in WinXP and Vista).

Alex will describe the tools he uses for reverse engineering and show how he reverse engineered ANI Bug. He will continue to discussed Windows security mechanisms (ASLR, /GS) and describe how ANI exploit bypasses them. Read the rest of this entry »

Navigating the World’s Photographs
Google engEDU
1 hr 1 min – Jun 13, 2007

Google Tech Talks
June 13, 2007

ABSTRACT

There’s a big difference between looking at a photograph of a place and being there. But what if you had access to every photo ever captured of that place and could conjure up any view at will? With billions of photographs currently available online, the Internet is beginning to resemble such a database, capturing most of the world’s significant sites from a huge number of vantage points and viewing conditions. For example, a Google image search for "notre dame" or "grand canyon" each returns more than half a million photos, showing the sites from myriad viewpoints, different times of day and night, and changes in season, weather and decade.

This talk explores ways of transforming this massive, unorganized photo collection into visualizations of the world’s sites, cities, and landscapes. After a brief recap of our work on Photo Tourism and Photosynth, I will focus on current efforts and newest results, in the domains of 3D scene reconstruction and new visual interfaces for navigating photo collections. Read the rest of this entry »

What Every Engineer Needs to Know About Security and Where to Learn It
Google engEDU
49 min – Jul 10, 2007

Google Tech Talks
July 10, 2007

ABSTRACT

This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks. Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security. Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, we discuss how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain. Finally, we present some statistics on the current state of software security vulnerabilities, and discuss existing and upcoming challenges in the field of software security.

Speaker: Neil Daswani Read the rest of this entry »

Advanced Topics in Programming Languages Series: C++ Threads
Google engEDU
1 hr 30 min – May 21, 2007

Google Tech Talks
May 16, 2007

Abstract

The next C++ standard will provide direct support for threads, including a model of memory, atomics, variables, launching, scheduling, synchronization, and termination. This talk will present the current threading model and outline the remaining work. Read the rest of this entry »

Privacy Preserving DataMining
Google engEDU
1 hr – Jul 28, 2006

Google TechTalks
July 28, 2006

Matthew Roughan joined the School of Applied Mathematics at the University of Adelaide in February 2004, where he is interested in the area of design, and installation of Internet measurement equipment, and the analysis and modeling of Internet measurement data.

ABSTRACT
The rapid growth of the Internet over the last decade has been startling. However, efforts to track its growth have often fallen afoul of bad data — for instance, how much traffic does the Internet now carry? The problem is not that the data is technically hard to obtain, or that it does not exist, but rather that the data is not shared. Obtaining an overall picture requires data from multiple sources, few of whom are open to sharing such data, either because it violates privacy legislation, or exposes business secrets. The approaches used so far in the Internet, e.g., trusted third parties, or data anonymization, have been only partially successful, and are not widely adopted.

The paper presents a method for performing computations on shared data without any participants revealing their secret data. For example, one can compute the sum of traffic over a set of service providers without any service provider learning the traffic of another. The method is simple, scalable, and flexible enough to perform a wide range of valuable operations on Internet data. Read the rest of this entry »