Archive for category Uncategorized

A Comparison of HTTPS Reforms

An old adage in cryptology is that encrypting data is always easy, but key distribution is always hard. Just a few days ago, Google reported that yet another wrongfully-issued certificate had been found for Google’s domains. As a result of many incidents and problems with CA-issued certificates, many different proposals have been made to improve the system. Google’s Certificate Transparency page compares some of the proposals; but it did not include my favorite idea, I thought it did not do justice to some of the other competing proposals, and it glossed over some of CT’s big issues. I evaluated all the proposals according to these criteria and put together the below spreadsheet to compare their strengths and weaknesses.

, , , , , , , , , , , , ,

3 Comments

Windows API Function Definitions

All of them. Or at least a good chunk of ’em. Why? Because sometimes you just need to know what the parameters are for some obscure function. Download here: winapi.txt and enjoy.

No Comments

Network Nightmare (Intel)

You can see the slides I put together for my talk Network Nightmare – Intel PXE at http://www.scriptjunkie.us/wp-content/uploads/2011/10/Network-Nightmare-Intel.pdf. It is a modification of the Defcon talk, and adds some lessons learned/suggestions for developers. I also added a few slides evaluating the PXE attack according to the most common vulnerability severity criteria, as if it was […]

2 Comments

Important Stuff

I am adding a page Important Stuff with some thoughts on non-information-security stuff. As fun and interesting as hacking is, there are more important sides of life. So I summarized just four of the reasons why I believe what I believe, and a bit of what that means. As you may know, I am a […]

No Comments

Cryptology, Academics, and Chaos

I saw an article the other day critical of the ACM (here also see this linked to in comments) and I have to say, I completely agree. As far as I can tell, the ACM, like the IEEE and other publishing houses, exists to leech off of the academic world, charging large amounts of money […]

, , , , ,

2 Comments

Black Hat & Shmoocon

Just got accepted to both Black Hat DC 2011 and Shmoocon 2011! Unfortunately, I will not be able to attend Shmoocon. I wish I could come; I have never spoken there before, and it’s a great conference. Instead you will have to see me at Black Hat. Link: http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Weeks

No Comments

Sessionthief linux

In response to a number of questions about how to get sessionthief running on linux, here are the steps to get it working on Ubuntu: First, I apologize, because if anyone tried, the compilation failed due to a case-mismatch on a filename. I had not noticed because I had stored the files on a FAT-formatted […]

14 Comments