ritter.vg

You're browsing without Javascript! If you have no idea what that means, you should ask your technical friend about it.
Otherwise - kudos. The website should work - with the exception of comments. You can learn what they are; however, by visiting /comments.py?postid=security_adventures
If it doesn't, please contact me and let me know.

tech > security > adventures in (in)security

Warning! This page used to be kept up to date but hadn't been for a number of years. Expect a lot of broken links ahead!

Code Execution in spite of BitLocker: I dug into Windows 8's BitLocker changes, and came up with a POC of code execution upon next boot if you get temporary access to the encrypted disk.
Evernote and Privacy Preserving Applications: I pick apart the Evernote Android App to see how it implements something scary.
De-Anonymizing Alt.Anonymous.Messages: For about four years I downloaded archives of the anonymous usenet group, then I did some analysis, correlated some messages, and presented some findings at Defcon.
Femtocell: I hacked a femtocell. And demoed it, live, on-stage in a casino. Twice.
Remailer Blog Posts: A set of blog posts about how remailers work in both theory and practice.
An Attack on SSL Client Certificates: The common thought is that if you use a Client Certificate, while an attacker could MITM you, they couldn't impersonate you to the server. False.
Fixing Revocation for Web Browsers on the Internet: It's a tad ambitious (hah) but I lay out what I think we should do for the next ten years to fix revocation in the CA system.
Certificate Authorities & Pinning: A look at how Google pins their sites' certificates in Chrome, and what you can learn from it.
Details on CRIME: My summary on the CRIME attack, how it works, and how to defend against it. This was published about a week before Thai & Juliano's presentation.
An Attack on Unauthenticated Block Cipher Modes - Separator Oracle: A new(ish) oracle attack on unauthenticated block cipher modes (CBC, CTR, OFB, CFB) a friend and I developed.
On the Sorry State of Email Security: Your email is insecure, unless you're talking to a bank. Too bad they don't let you email them!
The IETF & Future of Security Protocols - Black Hat EU '12: A very long whitepaper looking at replacements for the CA system, Content Security Policy, and other improvements to Web Browsers.
Cloud & Control - Ekoparty '11, RSA '12: On distributing RSA factoring, password cracking, and more using the software behind SETI.
Non-Persistent PGP Keys: An odd approach to generate PGP keys from a passphrase, instead of a true source of randomness. This lets you create keys that you can delete and recreate later.
Beyond Padding Oracle - Manger's Oracle and RSA OAEP padding: An implementation of at attack on a specific Padding Scheme for RSA, including a timing attack against libgcrypt.
Time-Fade Badges: Putting the Bleed-Through security badges in a freezer gives you infinite access (in theory).
An Explanation of ElGamal Encryption: I had forgotten some of the underlying theroms behind ElGamal, so in an effort to make sure I never forget them again I decided to put the effort into explaining it in unnecessary detail.
Microsoft ClickOnce MITM Vulnerabilities: ClickOnce is a Microsoft technology intended to make deployment of desktop applications extremely simple. When deployed over HTTP, it is vulnerable to several types of Man in the Middle attacks; despite the ability to sign the executables.
Finding SQL Injection in a White-Box Environment: When we have access to the database, we can farm SQL Injection testing to untrained QA Analysts - they don't even need to know what SQL Injection is. This is can catch unusual code paths and is generally less expensive than a full code audit.
why event validation exists in ASP.Net: ASP.Net prevents you from chanting magic incantations to trigger events you can't see. I show you what the incantations look like, and when you may still be able to exploit something despite it's protection.
people who shouldn't do crypto episode 2 - the followup: After I called him out on his security, the author sent me a big encrypted message, and challenged me to break it.
people who shouldn't do crypto episode 2: Some people think that you can encode and rearrange some bits, and it's Military Grade crypto.
people who shouldn't do crypto episode 1: Some people think crypto is like bacon - put it on anything and it becomes better (or secure). These are their tales.

tech > code > adventures in code

An Experimental "RequireCT" Directive for HSTS: First I deploy Certificate Transparency via TLS Extenstions (and OCSP stapling) for my server, then I add a directive to the HSTS header, then I patch Chrome to recognize the directive and abort if it my server omits Certificate Transparency information.
Run Your Own Tor Network: Ever wanted a HOWTO on running your own, independent Tor network? Now you have it.
Universal Email Encryption: A friend and I worked for a bit to try and design a way to deploy universally encrypted email. Then Snowden happened and we learned how far the rabbit hole went.
Decrypting Amazon EC2 Passwords: A quick script to decrypt the password to Amazon EC2 Windows instances, so you don't have to give them your SSH private key.
RFC 6217: Regional Broadcast Using an Atmospheric Link Layer: I authored an RFC that provides recommendations for an efficient broadcast of text or binary data to a region (urban or rural), using existing infrastructure.
Hackers Puzzle Challenge in the CSAW 2010 CTF Final Round: While this was for a security CTF - all I did was write code, so I put this under the 'code' section. Read about the file formats trickery I did, and download the challenge yourself.
comparing loop hoisting in .net: You know how some people say you want to remove the test in a loop into a local variable to make it faster? Don't.
this is why javascript is awesome: String manipulation on functions is horribly dangerous but also so cool - I don't know any other language that can do this.
here's some sql you should never use: Whenever we want to get something done quickly, we write code that should never, ever, see the light of day. And for some reason, I like sharing mine on the internet.
hacking the clr: diffing assemblies: I ended up looking into the binary of the assemblies produced by a simple Hello World program, diffing the assemblies between two runs on the same machine, between two runs on different machines, and between Debug and Release mode.
RFID Experimentation: I got an RFID kit... I wired it up to a candy bowl and set my server up to yell at whoever takes a piece.
Bastardizing a Backup: Watch I turn a relatively simple backup script into a horribly complicated, supremely mis-architected amalgamation that should never have seen the light of day.
Making the Site: Learn about how this site works, and the design choices that went into it.

Comments

/comments.py?postid=security_adventures

Add a comment...

Name: required
E-Mail: required, hidden, gravatared
Website:
Comment: required, markdown enabled (help)

you type:	you see:
italics	italics
bold	bold
[stolen from reddit!](http://reddit.com)	stolen from reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"