The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24-55% of popular HTTPS sites. In this work, we perform a comprehensive, measurementbased analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.
After treating the notification of vulnerable parties as mere side-notes in research, the security community has recently put more focus on how to conduct vulnerability disclosure at scale. The first works in this area have shown that while notifications are helpful to a significant fraction of operators, the vast majority of systems remain unpatched. In this paper, we build on these previous works, aiming to understand why the effects are not more significant. To that end, we report on a notification experiment targeting more than 24,000 domains, which allowed us to analyze what technical and human aspects are roadblocks to a successful campaign. As part of this experiment, we explored potential alternative notification channels beyond email, including social media and phone. In addition, we conducted an anonymous survey with the notified operators, investigating their perspectives on our notifications. We show the pitfalls of email-based communications, such as the impact of anti-spam filters, the lack of trust by recipients, and the hesitation in fixing vulnerabilities despite awareness. However, our exploration of alternative communication channels did not suggest a more promising medium. Seeing these results, we pinpoint future directions in improving security notifications.
We describe the implementation of precision laser transmission spectroscopy for sizing and counting nanoparticles in suspension. Our apparatus incorporates a tunable laser and balanced optical system that measures light transmission over a wide (210-2300 nm) wavelength range with high precision and sensitivity. Spectral inversion is employed to determine both the particle size distribution and absolute particle density. In this paper we discuss results for particles with sizes (diameters) in the range from 5 to 3000 nm. For polystyrene particles 404 to 1025 nm in size, uncertainties of ±0.5% in size and ±4% in density were obtained. For polystyrene particles from 46 to 3000 nm in size, the dynamic range of the system spans densities from ~10(3)/ml to ~10(10)/ml (5 × 10(-8) to 0.5 vol. %), implying a sensitivity 5 orders of magnitude higher than dynamic light scattering.
Laser transmission spectroscopy (LTS) is a quantitative and rapid in vitro technique for measuring the size, shape, and number of nanoparticles in suspension. Here we report on the application of LTS as a novel detection method for species-specific DNA where the presence of one invasive species was differentiated from a closely related invasive sister species. The method employs carboxylated polystyrene nanoparticles functionalized with short DNA fragments that are complimentary to a specific target DNA sequence. In solution, the DNA strands containing targets bind to the tags resulting in a sizable increase in the nanoparticle diameter, which is rapidly and quantitatively measured using LTS. DNA strands that do not contain the target sequence do not bind and produce no size change of the carboxylated beads. The results show that LTS has the potential to become a quantitative and rapid DNA detection method suitable for many real-world applications.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.