Back to Table of contents

Primeur weekly 2013-08-05

Special

There is room for two major supercomputer conferences each year ...

Historic Heidelberg setting for new Big Data Conference ...

Exascale supercomputing

Largest neuronal network simulation to date achieved using Japanese supercomputer ...

Designing a new operating system for exascale architectures ...

The Cloud

Over a hundred vulnerabilities were found in browsers in the course of The University of Oulu's effective data security testing programme ...

IBM unveils new PowerLinux system for analytics and Cloud computing ...

ESDS selects IBM PureSystems over HP and Dell for Cloud and Big Data offerings ...

EuroFlash

Walking on Water: projectiondesign powers interactive portable 360-degree Igloo experience at La Biennale di Venezia 2013 ...

SUSE predicts supercomputer capabilities to become part of mainstream IT for enterprise customers ...

GEANT's terabit upgrade gives European science the data network of the future ...

ADVA FSP 150 delivers sub-microsecond timing for high-frequency trading ...

Scientists realize quantum bit with a bent nanotube ...

USFlash

Stanford engineers receive award to improve supercomputing and solar efficiency ...

Fujitsu PRIMERGY computational power at Australian National University takes high capability Australian research to the world stage ...

NOAA's National Weather Service more than doubles computing capacity ...

Cray Inc. reports second quarter 2013 results ...

UCSC acquires powerful new astrophysics supercomputer system ...

20 years of TOP500 data show Linux's role in supercomputing breakthroughs ...

Secretary Moniz dedicates new supercomputer at the National Energy Technology Laboratory ...

Online tools accelerating earthquake-engineering progress ...

CSIR to launch new supercomputer ...

NIH commits $24 million annually for Big Data Centres of Excellence ...

NASA relies on RTI Connext DDS for Human Exploration Telerobotics Project ...

Omni Circuit Boards produces working aluminum trace circuit board for quantum computing applications ...

Computer scientists develop mathematical jigsaw puzzles to encrypt software ...

Over a hundred vulnerabilities were found in browsers in the course of The University of Oulu's effective data security testing programme


2 Aug 2013 Oulu - The Radamsa tool developed by The University of Oulu has already been used to find over a hundred previously unknown vulnerabilities in browsers. All these vulnerabilities have been reported to the manufacturers at once so that they could be fixed as quickly as possible. Vulnerabilities have been found in anti-virus programmes and widely used image and audio formats as well.

Radamsa is a completely automated data security testing tool developed by The University of Oulu, which is the architect of the structure and the creator of testing events. In it, the best properties of previously developed automated data security testing tools have been collated. The Radamsa software has been developed in the course of a four-year Cloud Software programme. Business partners in the project have included Ericsson, Nokia, F-Secure, Google, the Mozilla Foundation and WebKit.org. Radamsa is based on an open source code.

"One effective way to look for vulnerabilities, that attackers also favour for their attacks, is a search programme in practice. A piece of data is sought against each programme that causes an error in the functioning of the programme. Naturally, the programme has to have a defect so that this will work, but in practice all our cases had at least one defect", stated The University of Oulu's Professor of Embedded Systems Juha Röning.

The search for mechanical errors like this is called fuzzing. Often, it makes use of pieces of information that are known to be understood by the programme (such as databases and web traffic) as models by which the fuzzer can construct the same types of attacks with which it can see if there are vulnerabilities in the programme.

Over a hundred browser vulnerabilities have been found in Google Chrome and Mozilla Firefox.

"We defined a vulnerability as a defect that can probably be used in an attack that happens through the browser, based on the manufacturer’s analysis. A successful attack normally needs between one and five errors to get control of the computer's other content through the site", stated Juha Röning.

Firefox is wholly, and Google Chrome for the most part, an open source project that uses a lot of shared files. In this way, vulnerabilities that have been fixed usually help to improve data security. According to Juha Röning, most defects have indirectly improved the security of almost all Apple devices, Android phones and smart TVs.

Referrences:

Google Bounty:

http://www.chromium.org/Home/chromium-security/hall-of-fame

Mozilla security announcements:

http://www.mozilla.org/security/announce/2010/mfsa2010-41.html


http://www.mozilla.org/security/announce/2012/mfsa2012-14.html


http://www.mozilla.org/security/announce/2012/mfsa2012-22.html

http://www.mozilla.org/security/announce/2013/mfsa2013-22.html


http://www.mozilla.org/security/announce/2013/mfsa2013-05.html

The Radamsa software has been developed in the course of a four-year Cloud Software programme. Cloud Software Finland is a four-year programme of Tivit (2010-2014), which focuses on developing various aspects of Cloud services. The programme is funded by Tekes and is available at www.cloudsoftwareprogram.org .

Further information about Radamsa:

https://www.ee.oulu.fi/research/ouspg/Radamsa

Juha Röning: tel. +040 518 1621

The University of Oulu
Ari Turunen - Communications Manager - Cloud Software Program

Back to Table of contents

Primeur weekly 2013-08-05

Special

There is room for two major supercomputer conferences each year ...

Historic Heidelberg setting for new Big Data Conference ...

Exascale supercomputing

Largest neuronal network simulation to date achieved using Japanese supercomputer ...

Designing a new operating system for exascale architectures ...

The Cloud

Over a hundred vulnerabilities were found in browsers in the course of The University of Oulu's effective data security testing programme ...

IBM unveils new PowerLinux system for analytics and Cloud computing ...

ESDS selects IBM PureSystems over HP and Dell for Cloud and Big Data offerings ...

EuroFlash

Walking on Water: projectiondesign powers interactive portable 360-degree Igloo experience at La Biennale di Venezia 2013 ...

SUSE predicts supercomputer capabilities to become part of mainstream IT for enterprise customers ...

GEANT's terabit upgrade gives European science the data network of the future ...

ADVA FSP 150 delivers sub-microsecond timing for high-frequency trading ...

Scientists realize quantum bit with a bent nanotube ...

USFlash

Stanford engineers receive award to improve supercomputing and solar efficiency ...

Fujitsu PRIMERGY computational power at Australian National University takes high capability Australian research to the world stage ...

NOAA's National Weather Service more than doubles computing capacity ...

Cray Inc. reports second quarter 2013 results ...

UCSC acquires powerful new astrophysics supercomputer system ...

20 years of TOP500 data show Linux's role in supercomputing breakthroughs ...

Secretary Moniz dedicates new supercomputer at the National Energy Technology Laboratory ...

Online tools accelerating earthquake-engineering progress ...

CSIR to launch new supercomputer ...

NIH commits $24 million annually for Big Data Centres of Excellence ...

NASA relies on RTI Connext DDS for Human Exploration Telerobotics Project ...

Omni Circuit Boards produces working aluminum trace circuit board for quantum computing applications ...

Computer scientists develop mathematical jigsaw puzzles to encrypt software ...