The Internet is a Dirty, Dirty Mistress

It’s been quite a while since I wrote or updated DFW, the I)ruidic FireWall.  Included with that utility is a default iptables firewall policy which the user can use directly, tweak to their liking, or completely throw away and start over from scratch.  NetFilter (iptables) has come a long way since I was actively working […]

Padding the Numbers: Vulnerability Duplication

Recently the OSVDB Blog had an interesting article regarding vulnerability duplication via the “hazard of 0day” wherein a vulnerability being exploited in the wild was mistaken for a new vulnerability when in fact it was not.  This caused many of the vulnerability database vendors to issue new IDs, send out threat warnings, bring in the […]

Sleep Hacking

While working for TippingPoint’s DVLabs, I was fortunate enough to not be held to any kind of regular work schedule. Working in an almost pure research role, without the requirement of regularly interfacing with customers or even the rest of the DVLabs group, I had the opportunity to explore something that I’ve never really had […]

MS08-033 AVI/MJPG Vulnerability

Since last Tuesday (Microsoft Patch Tuesday), I’ve taken a break from coding Application Protocol Simulators (the hot-button item at BreakingPoint right now) and worked on the Security side of the product. I’ve spent almost exactly one week working on a Strike-set for the ms08-033 AVI/MJPG vulnerability.  The Strike-set includes 8 Strikes all which generate dynamic, […]