Sunday, February 23, 2014
A recent Ars Technica article on ASUSGATE pointed to this blog and named me as a blogger who was caught with his digital pants down. I wanted to capture some of my incident response procedures now that some time has passed and my stress levels are back to normal. As noted in the article the […]
Also filed in
|
|
Wednesday, February 5, 2014
EDIT: NullFluid points out that they aren’t the group that performed the intrusive scan but are only hosting the text file. [0] There was a definite sense of dread when I started reading the txt file [1] disclosing a massive flaw in Asus routers. I’ve had an RT model ASUS for nearly two years now […]
Also filed in
|
Tagged pwned
|
During Source Boston I became fascinated by the idea of using SDR to listen in on wireless mics. It occurred to me that corporate meetings in hotels with lots of sensitive information are probably vulnerable to that type of eavesdropping. I looked into encrypted wireless mics but they are very expensive and I can’t imagine […]
Also filed in
|
Tagged SDR
|
Sunday, September 20, 2009
This month I’m conducting some research into web hosting security issues and ran into the aftermath of the German law passed in 2007 banning security research publication. The policy has had the effect of silencing security researchers from that country. While investigating issues in PHP security I came upon the Month of PHP Bugs website […]
Also filed in
|
|
Wednesday, August 5, 2009
For the last few years I’ve talked quietly of a project to connect artists with the victims of lawsuits in the name of their bands. After the verdict handed down by the latest case of Sony vs. Tenenbaum I think it is time to put this plan to action. I’ve emailed Joel and received a […]
I finally met someone whose privacy settings were as high as mine. If Facebook has a privacy setting I have it pushed to the highest possible value. The end result is that I’m practically a ghost on the popular social media website. You won’t find me using search functionality and I have absolutely no public […]
I’ve decided to step down from the Advisory Board of the SourceBoston conference. I still think that it is a fantastic project but I have been so busy with academic projects and class work that I couldn’t give them enough time. I’m also not going to be a regular columnist at SecurityFocus after this month. […]
Also filed in
|
|
A recent project has me thinking about storing of IP addresses in mysql. The natural tendency is to store it as text. My first attempt stored the address as char(16) with a normal index to help speed searches against it. After some reading about high performance MySQL techniques I was reminded that IP addresses in […]
Also filed in
|
|
Monday, February 16, 2009
EDIT: If you are visiting this post from Encyclopedia Dramatica your PC may be infected by a drive by download. I captured this pic from a vmware image infected from that site Denizens of 4Chan’s /b/ spent the better part of yesterday coordinating a search for the identity of a teenager who was stupid enough […]
Also filed in
|
|
Youtomb has had a blog for quite some time but it was never linked to the front page for technical reasons. Well no more! Expect a lot more posts from the team now that we are linked to the front of our research project.
Also filed in
|
|