tech > security > adventures in (in)security
Code Execution in spite of BitLocker
I dug into Windows 8's BitLocker changes, and came up with a POC of code execution upon next boot if you get temporary access to the encrypted disk.
Evernote and Privacy Preserving Applications
I pick apart the Evernote Android App to see how it implements something scary.
De-Anonymizing Alt.Anonymous.Messages
For about four years I downloaded archives of the anonymous usenet group, then I did some analysis, correlated some messages, and presented some findings at Defcon.
I hacked a femtocell. And demoed it, live, on-stage in a casino. Twice.
Remailer Blog Posts
A set of blog posts about how remailers work in both theory and practice.
An Attack on SSL Client Certificates
The common thought is that if you use a Client Certificate, while an attacker could MITM you, they couldn't impersonate you to the server. False.
Fixing Revocation for Web Browsers on the Internet
It's a tad ambitious (hah) but I lay out what I think we should do for the next ten years to fix revocation in the CA system.
Certificate Authorities & Pinning
A look at how Google pins their sites' certificates in Chrome, and what you can learn from it.
Details on CRIME
My summary on the CRIME attack, how it works, and how to defend against it. This was published about a week before Thai & Juliano's presentation.
An Attack on Unauthenticated Block Cipher Modes - Separator Oracle
A new(ish) oracle attack on unauthenticated block cipher modes (CBC, CTR, OFB, CFB) a friend and I developed.
On the Sorry State of Email Security
Your email is insecure, unless you're talking to a bank. Too bad they don't let you email them!
The IETF & Future of Security Protocols - Black Hat EU '12
A very long whitepaper looking at replacements for the CA system, Content Security Policy, and other improvements to Web Browsers.
Cloud & Control - Ekoparty '11, RSA '12
On distributing RSA factoring, password cracking, and more using the software behind SETI.
Non-Persistent PGP Keys
An odd approach to generate PGP keys from a passphrase, instead of a true source of randomness. This lets you create keys that you can delete and recreate later.
Beyond Padding Oracle - Manger's Oracle and RSA OAEP padding
An implementation of at attack on a specific Padding Scheme for RSA, including a timing attack against libgcrypt.
Time-Fade Badges
Putting the Bleed-Through security badges in a freezer gives you infinite access (in theory).
An Explanation of ElGamal Encryption
I had forgotten some of the underlying theroms behind ElGamal, so in an effort to make sure I never forget them again I decided to put the effort into explaining it in unnecessary detail.
Microsoft ClickOnce MITM Vulnerabilities
ClickOnce is a Microsoft technology intended to make deployment of desktop applications extremely simple. When deployed over HTTP, it is vulnerable to several types of Man in the Middle attacks; despite the ability to sign the executables.
Finding SQL Injection in a White-Box Environment
When we have access to the database, we can farm SQL Injection testing to untrained QA Analysts - they don't even need to know what SQL Injection is. This is can catch unusual code paths and is generally less expensive than a full code audit.
why event validation exists in ASP.Net
ASP.Net prevents you from chanting magic incantations to trigger events you can't see. I show you what the incantations look like, and when you may still be able to exploit something despite it's protection.
people who shouldn't do crypto episode 2 - the followup
After I called him out on his security, the author sent me a big encrypted message, and challenged me to break it.
people who shouldn't do crypto episode 2
Some people think that you can encode and rearrange some bits, and it's Military Grade crypto.
people who shouldn't do crypto episode 1
Some people think crypto is like bacon - put it on anything and it becomes better (or secure). These are their tales.
tech > code > adventures in code
An Experimental "RequireCT" Directive for HSTS
First I deploy Certificate Transparency via TLS Extenstions (and OCSP stapling) for my server, then I add a directive to the HSTS header, then I patch Chrome to recognize the directive and abort if it my server omits Certificate Transparency information.
Run Your Own Tor Network
Ever wanted a HOWTO on running your own, independent Tor network? Now you have it.
Universal Email Encryption
A friend and I worked for a bit to try and design a way to deploy universally encrypted email. Then Snowden happened and we learned how far the rabbit hole went.
Decrypting Amazon EC2 Passwords
A quick script to decrypt the password to Amazon EC2 Windows instances, so you don't have to give them your SSH private key.
RFC 6217: Regional Broadcast Using an Atmospheric Link Layer
I authored an RFC that provides recommendations for an efficient broadcast of text or binary data to a region (urban or rural), using existing infrastructure.
Hackers Puzzle Challenge in the CSAW 2010 CTF Final Round
While this was for a security CTF - all I did was write code, so I put this under the 'code' section. Read about the file formats trickery I did, and download the challenge yourself.
comparing loop hoisting in .net
You know how some people say you want to remove the test in a loop into a local variable to make it faster? Don't.
this is why javascript is awesome
String manipulation on functions is horribly dangerous but also so cool - I don't know any other language that can do this.
here's some sql you should never use
Whenever we want to get something done quickly, we write code that should never, ever, see the light of day. And for some reason, I like sharing mine on the internet.
hacking the clr: diffing assemblies
I ended up looking into the binary of the assemblies produced by a simple Hello World program, diffing the assemblies between two runs on the same machine, between two runs on different machines, and between Debug and Release mode.
RFID Experimentation
I got an RFID kit... I wired it up to a candy bowl and set my server up to yell at whoever takes a piece.
Bastardizing a Backup
Watch I turn a relatively simple backup script into a horribly complicated, supremely mis-architected amalgamation that should never have seen the light of day.
Making the Site
Learn about how this site works, and the design choices that went into it.
Add a comment...
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"