Slashdot Mirror
English Shell Code Could Make Security Harder
An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."
Did I miss something or did you just totally change topics twice in your post? Haircut? Vacation?
Go outside, you need some fresh air!
you can't just see something for what it is,
Kinda tough with all the hype.
This is my sig.
it's a very useful skill to have if you're interested in reality
See, I'm not really all that interested in it. Our obsession with reality is overrated because it is culturally acidic. Reality is all about looking down and sometimes humanity needs to be looking up.
This is my sig.
In your non-reality world that may be true, but in reality it's not.In your non-reality world that may be true, but in reality it's not.
No, in the objective world, I'm right, and I can prove it by pointing at any number of reduced human aspirations in recent generations. Ever since the 1960s, humanity has gone south.
This is my sig.