research page 2 - Dave's Blog


Protecting Browsers from Extension Vulnerabilities

2010 Feb 27, 10:06A web browser add-on security research paper that describes the Google Chrome security model. "We propose a new browser extension system that improves security by using least privilege, privilege separation,
and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability.
Our design has been adopted as the Google Chrome extension system."PermalinkCommentssecurity design google chrome firefox addon plugin web browser technical research adam-barth system:filetype:pdf system:media:document

Adam Barth -

2010 Feb 26, 2:42Adam Barth has tons of papers on web browser security.PermalinkCommentsadam-barth security web browser privacy javascript google chrome research technical

Researchers identify command servers behind Google attack

2010 Jan 14, 2:54Wow: "If the report's findings are correct, it suggests that the government of China has been engaged for months in a massive campaign of industrial espionage against US companies."PermalinkCommentsinternet google china security politics privacy

[1001.0361] Self-Selected or Mandated, Open Access Increases Citation Impact for Higher Quality Research

2010 Jan 6, 2:17Not shocking that papers freely available on the Internet are cited more than those not freely available... "Articles whose authors make them Open Access (OA) by self-archiving them online are cited significantly more than articles accessible only to subscribers. ... not because of a quality bias from authors self-selecting what to make OA, but because of a quality advantage, from users self-selecting what to use and cite, freed by OA from the constraints of selective accessibility to subscribers only."PermalinkCommentsvia:bengoldacre science paper citation internet

English Shellcode

2009 Nov 27, 6:10"What follows is a brief description of the method we have developed for encoding arbitrary shellcode as English text. This English shellcode is completely self-contained, i.e., it does not require an external loader, and executes as valid IA32 code."PermalinkCommentssecurity polyglot intel paper research programming hack obfuscation english language technical system:filetype:pdf system:media:document


2009 Oct 29, 10:43"Augmented Reality for Maintenance and Repair (ARMAR) explores the use of augmented reality to aid in the execution of procedural tasks in the maintenance and repair domain." Giant goggles hooked up to a G1 give 3D overlays over the mechanics view to point them to and help with the current task.PermalinkCommentsvideo augmented-reality 3d research

Google Research Publication: MapReduce

2009 Oct 6, 3:18PermalinkCommentstodo mapreduce algorithm google paper distributed database technical


2009 Aug 25, 7:10Research paper modelling zombie infection. "The key difference between the models presented here and other models of infectious disease is that the dead can come back to life." Also, love the references section with "Snyder, Zack (director), 2004 Dawn of the Dead" next to things like "Bainov, D.D. & Simeonov, P.S. Impulsive Differential Equations: Asymptotic Properties of the Solutions. World Scientific, Singapore (1995)."PermalinkCommentshumor zombie research via:schneier math science health apocalypse system:filetype:pdf system:media:document

Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries

2009 Aug 24, 9:52Notes on how bin diff'ing tools work and thoughts on defeating them. "We call the threat "1-day exploits". Just few minutes after the release of patches, binary diffing technique can be used to identify the vulnerabilities that the security patches are remedying."PermalinkCommentsexploit security binary diff tool research technical system:filetype:pdf system:media:document

Schneier on Security: Non-Randomness in Coin Flipping

2009 Aug 24, 3:11"It turns out that flipping a coin has all sorts of non-randomness", includes link to research paper and blog post with gems like: "If the coin is tossed and caught, it has about a 51% chance of landing on the same face it was launched"PermalinkCommentssecurity random coin coin-toss

Dynamic CSRF White Paper Posted — Portal

2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.PermalinkCommentssecurity csrf research browser web technical

Compact E-Cash

2009 Aug 14, 6:20"This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing coins each of which she can spend unlinkably."PermalinkCommentsmoney future reference research economics cryptography technical system:filetype:pdf system:media:document

Recap Firefox Extension | "turning PACER around"

2009 Aug 14, 3:55The government program PACER is an online archive of court records and even though the documents are public domain, PACER charges access to them ostensibly to pay for PACER. This plugin uses the Internet Archive as a kind of free intermediate cache, rewriting the PACER HTML to reference the free Internet Archive versions of the documents when available and uploading PACER documents to the IA cache when you download one it doesn't yet have.PermalinkCommentsvia:waxy firefox government politics research reference legal law plugin technical

How myths are made – Bad Science

2009 Aug 12, 8:08"In a formal academic paper, every claim is referenced to another academic paper... This convention gives us an opportunity to study how ideas spread, and myths grow, because in theory you could trace who references what, and how, to see an entire belief system evolve from the original data."PermalinkCommentsscience meme research health medicine ben-goldacre network graph

Augmented Businesscard (English) | TOXIN LABS - weblog of a german design student from wuerzburg

2009 Jul 20, 11:40"My interactive media project this semester is about the augmentation of the classic communication medium business card... what came to my mind pretty quickly was Augmented Reality." Ever since I saw those AR things you print out I've wished they were based completely off of QR codes that would tell the client app where to download the 3D scene to project.PermalinkComments3d business-card qrcode qr augmented-reality research technical video

Scribblenauts director: believe in the idea, move slowly - Ars Technica

2009 Jul 20, 5:04"We had five people, over about six months, research and come up with the tens of thousands of words present on the Scribblenauts dictionary."PermalinkCommentsgame scribblenauts videogame nintendo dictionary

The Messenger Series - Microsoft Research

2009 Jul 15, 10:48"With a little help from Bill Gates (who secured the rights using personal funds), Microsoft is presenting a series of lectures on physics by Richard Feynman." The videos have subtitles, annotations and links.PermalinkCommentsrichard-feynman video bill-gates microsoft research physics education via:kottke


2009 Jul 6, 2:06"Considering the similarity of its ingredients, canned dog food could be a suitable and inexpensive substitute for pate or processed blended meat products such as Spam or liverwurst... Although 72% of subjects ranked the dog food as the worst of the five samples in terms of taste... subjects were not better than random at correctly identifying the dog food."PermalinkCommentshumor science statistics food culture research study paper

New Home

2009 May 23, 4:28

New House ExteriorNew House Looking Out At DrivewaySarah and I have a new place in Redmond and we'll be moving there in a few weeks. Exciting! Incidentally, when researching the place on the Internet I found that the nearby park used to be a radar site for the Project Nike missile system in the fifties. Fun!

PermalinkCommentspersonal2 personal house home

s i x t h s e n s e - a wearable gestural interface (MIT Media Lab)

2009 Apr 3, 11:40"'SixthSense' is a wearable gestural interface that augments the physical world around us with digital information and lets us use natural hand gestures to interact with that information." The page is a lot easier to read with styling turned off. Actually, skip the text just watch the TED video.PermalinkCommentsvisualization design research mit hci mobile interactive ted
Older EntriesNewer Entries Creative Commons License Some rights reserved.