Here’s my slides from Black Hat and Defcon for 2012. Pile of interesting heresies — should make for interesting discussion. Here’s what we’ve got:
1) Generic timing attack defense through network interface jitter
2) Revisiting Random Number Generation through clock drift
3) Suppressing injection attacks by altering variable scope and per-character taint
4) Deployable mechanisms for detecting censorship, content alteration, and certificate replacement
5) Stateless TCP w/ payload retrieval
I hate saying “code to be released shortly”, but I want to post the slides and the code’s pretty hairy. Email me if you want to test anything, particularly if you’d like to try to break this stuff or wrap it up for release. I’ll also be at Toorcamp, if you want to chat there.