6 C
Tuesday, November 21, 2017
Home Tags Polymorphism

Tag: Polymorphism

Oracle is proposing an update to the Java Virtual Machine to allow for direct-value class types, a modernization required by the advent of multicore processors. There is no schedule for when the changes might appear in the JVM.The changes to the JVM specification would support a prototype of value classes—classes for which primitive-like non-reference value instances can be created and acted upon. “The proposals for value types in Java are about giving developers the alternative to give up identity and polymorphism so that the runtime can represent the underlying data in a way which is both far more compact and much better suited for processing in bulk operations,” said Georges Saab, Oracle’s vice president of software development in the Java platform group.To read this article in full or to leave a comment, please click here

Notes from HITCON Pacific 2016

Hacks in Taiwan Conference (HITCON) Pacific 2016 was held in Taipei city, Taiwan from the 27th of November to the 3rd of December this year.

The concept of this event is about “The Fifth Domain: Cyber | Homeland Security”.

This HITCON Pacific 2016 is more formal event than HITCON Community 2016 which we attended last summer.. More than 500 participants from around the world attended the event, which included technical trainings, security conference and capture the flag (CTF) competition. We met many high-skilled malware analysts, incident responders, security researchers and professionals at this event to discuss some of the most recent topics in the field of cybersecurity: Ransomware, ATM hacking, IoT security, machine leaning and targeted attacks.

Based on our experience, this event is one of the brightest international security conferences in Asia-Pacific region. One of the organizers, Mr.
Sung-ting Tsai, opened the conference with the following words: “HITCON is not only running community and technical topics, in HITCON Pacific we are also concerned about the strategic and operational issues. HITCON Pacific is providing an international platform to connect and collaborate with enterprises, governments, vendors and security experts, especially in Asia Pacific region.” The conference has been recognized by the local government. One of the most honorable keynote speakers of this event was the president of Taiwan, Tsai Ing-wen (蔡英文).

To our knowledge it’s the first time ever, a president of a country or region comes to do the opening speech at information security conference.
Such special attention of the president reflects Taiwanese government concerns about improving cybersecurity in Taiwan and the whole Asia Pacific region.
She said during her keynote speech: “The spirit of hacking culture is in stepping out of tradition and fighting against the present situation.

Governmental organizations need such spirit to cultivate innovation”. Two speakers from Global Research and Analysis Team (GReAT) of Kaspersky Lab also presented on the same stage: Vitaly Kamluk and Suguru Ishimaru (that’s me). Vitaly talked about Yara techniques with some of the most remarkable stories, including finding 0-day exploits in Microsoft Silverlight.
Surprisingly for the organizers and the audience Vitaly presented with 0 slides during his 40 minutes talk.

All the contents he showed was Yara tool output in a terminal session, which looked like live demo but with nice ASCII art and dynamic transition effects. His presentation style was very innovative and widely discussed after his speech. I attended Hitcon Community conference earlier this year and liked the conference so much that I decided to come again as a speaker. Needless to say it was challenging for me, because I have never presented on such large stage outside of Japan before.

Also, I had to present in English, which is not my native language and isn’t my strongest skill. I talked about malware discovered in targeted attacks which focused on Taiwan and Japan. My talk was titled “Why corrupted samples in recent APTs?”.

The talk covered some of the new techniques that were used to prevent automated malware analysis, resulting in erroneous marking of the samples as corrupted.
I showed a live demo of such samples, which would cause system exception on any system except the system of the victim. We had a chance to attend many other rgreat talks by security researchers.
Some of the talks we liked included: Ryan Olson from Palo Alto Networks, who talked about “Target Identification through Decoy File Analysis”, Takahiro Haruyama from Symantec who made a presentation about “Winnti Polymorphism”, Kyoung-Ju Kwak from Financial Security Institute, with his talk “Fly me to the BLACKMOON”, and Philippe Lin and Ricky Chou from Trendmicro, who talked about “Experience of Microsoft Malware Classification Challenge”. You can download the slides and agenda from official website of HITCON Pacific 2016. In conclusion, HITCON Pacific 2016 was fantastic event and I definitely recommend it to all the people who would like to explore cybersecurity arena in Asia Pacific.

The organizers kindly offered free simultaneous translation from/to Chinese which built a unique bridge between rather closed Chinese speaking security community and the rest of the world.

For me personally this time was a very meditative thing: my first challenge of presenting at international conference in English, an honor of meeting the president and delivering a talk on the same stage.
EnlargeZach Gibson/Getty Images reader comments 7 Share this story Here's a seemingly sure-fire way to avoid violating US patent laws: just don't make or use your product in the US. Pretty straightforward, right? Maybe not, in the age of modern supply chains and manufacturing.

Today, the US Supreme Court takes up a case that will determine how much help an overseas manufacturer can get from the US without running afoul of US patent laws. The case originates in a dispute between two competitors in the field of genetic testing.

Both Promega Corporation and Life Technologies (selling through its Applied Biosciences brand) make DNA testing kits that can be used in a variety of fields, including forensic identification, paternity testing, medical treatment, and research. Promega licensed several patents to Applied Biosystems that allowed its competitor to sell kits for use in "Forensics and Human Identity Applications." The license forbade sales for clinical or research uses.
In 2010, Promega filed a lawsuit in federal court, saying that Life Technologies had "engaged in a concerted effort to sell its kits into unlicensed fields," thus infringing its patents. A Wisconsin federal jury found that Life Tech had willfully infringed and should pay $52 million in damages.

But the district judge overseeing the case set aside that verdict after trial, ruling that since nearly all of the Life Tech product had been assembled and shipped from outside the US, the product wasn't subject to US patent laws. The Life Tech testing kits had five parts, four of which were made in a manufacturing facility based in the United Kingdom.

The fifth component, called a Taq polymerase, was supplied from the United States. US patent law can apply to products assembled abroad, but only in situations in which "all or a substantial portion" of a product are supplied from the US. In the judge's view, the generic polymerase that Life Tech was shipping from the US to the UK didn't meet that standard. Promega appealed the decision to the nation's top patent court, the US Court of Appeals for the Federal Circuit.

A split panel of judges at that court held that the polymerase shipments were, in fact, enough to get Life Technologies in trouble. The appeals court held that in this context, "substantial" should be seen as meaning "important" or "essential," and thus shipping "a single important or essential component" from the US is enough to show patent infringement. Life Technologies pointed out that Taq polymerase is "only one commodity component out of five in the kit," but the appeals court focused on the fact that "[w]ithout Taq polymerase, the genetic testing kit... would be inoperable." Reaching too far? Life Technologies took its case to the US Supreme Court and argued (PDF) that the Federal Circuit had inappropriately extended US law to reach overseas, violating both the text of the law and the "presumption against extraterritoriality." Promega countered (PDF) that Life Tech was looking for a "rigid, bright-line rule with no foundation in the statutory text." The high court agreed to take the case in June, and Promega will probably have an uphill battle.

First, in recent years, the Supreme Court has been more interested in reeling in patent rights rather than expanding them.
Second, there's the simple argument that if the Supreme Court had been satisfied with the outcome after the Federal Circuit, they could have simply done nothing and let the ruling stand. The opinion of the US Solicitor General, who has been asked to weigh in on the case, may be the most influential.

The Solicitor General's brief (PDF) favors Life Tech, saying that the statute's use of the word "substantial portion" means "a quantitatively substantial percentage of those components." In a five-part invention, one part "cannot constitute a substantial portion of the components." The US government also argues that the "presumption against extraterritoriality" favors Life Tech.

That's the presumption that foreign conduct is, generally, governed by foreign law.
In the government's view, the Federal Circuit's decision that the Life Tech kits infringe US patents could adversely affect "legitimate... sovereign interests." Life Tech also asked the Supreme Court to review another part of the Federal Circuit decision, but the justices declined to do so. The Federal Circuit found that Life Technologies can be liable for "inducing" infringement of a patent, even though no third party was involved.
In other words, the judges held that Life Technologies was inducing itself to infringe. Whether or not it's possible to be "inducing with yourself" is what Patently-O writer Dennis Crouch called the "Billy Idol question" of patent litigation.

But the Solicitor General didn't find that question compelling enough to warrant review, and the Supreme Court justices agreed. The original Promega lawsuit accused Life Tech of infringing five patents that it either owned or licensed.

The Federal Circuit found that four of those patents were invalid, leaving just one remaining patent in the litigation, US Patent No. RE 37,984, which describes a method of "analyzing length polymorphism in DNA regions."
A ransomware attack targeted millions of Office 365 users via a phishing campaign last week, underscoring the growing  threat this kind of malware poses for enterprises. The attack started on June 22 and lasted more than 24 hours, until Microsoft began blocking the malware, according to a report by Avanan, which provides security tools to protect Office 365, Box, Salesforce, Amazon AWS, and other cloud applications. Cerber, the ransomware used in this attack, encrypts user files like photos, videos, and documents, and plays an audio file demanding a ransom to unlock them.
It typically spreads via email attachment of a document booby-trapped with malicious macros. When users are tricked into enabling macros, the embedded code infects the PC. Avanan couldn't say just how many users were actually infected in this attack, but said 57 percent of its customers using Office 365 had at least one user who received an email with the malicious file attachment.

Customers using Check Point's SandBlast Zero-Day Protection were protected from the attack before Microsoft was able to take steps, the company said. Users who received the attachment on June 22 or June 23 and downloaded it to their systems should delete the files right away, since if opened, it could still infect their machines. Users who received the attachment but had not yet opened it, would no longer be able to access the file since Microsoft has removed it. Ransomware started out targeting individual users, but by shifting to enterprise platforms like Office 365, it targets a larger group of users working with even more valuable data. Microsoft's own statistics show that ransomware is still very small in the grand scheme of online threats, but it just takes a single infection via a corporate inbox to cripple an enterprise. Cerber began making its rounds in March, and it has been updated several times since with newer functionality.

Cerber initially spread through malvertising campaigns relying on the Flash zero-day exploits used by Magnituted and Nuclear exploit kits.
In May, Cerber was observed in spam campaigns delivering Dridex.

The latest version appears to be relying on polymorphism to rapidly generate new variants to avoid detection. The latest attack used a version of the Cerber variant from March, but Avanan didn't provide any other details regarding its functionality.
It appears the attackers monetized the March variant, and now that they are done, they'll move on to try again with a new mutation.
Since the malware was first seen in February and March, it seems likely the adversaries are operating on a three month cycle, said Gil Friedrich, CEO of Avanan. This particular Cerber attack began after the perpetrators confirmed the malware could bypass the Office 365 built-in security tools.

Avanan claims the perpetrators tested the malware through a private Office 365 mail account. “The core issue, though, is how easy it could be to create a variation of this attack that bypasses Microsoft again,” said Friedrich. Many users believe that because they are using cloud email services, the security has also been outsourced, whether to Microsoft, Google, or another provider.

The reality is that enterprises can't just rely on built-in security tools, since the attackers test to make sure the malware can bypass those security protections.

A layered defense is critical, whether that's combining multiple security tools in the cloud or beefing up endpoint protections.