Twitter Cryptoasset Trading Bot (TCTBot)

While pandemic-distancing, I’ve been spending a lot of time at home behind my computer.  Given that I haven’t written any code in probably close to a decade at this point, I decided to spend some of my available time relearning a programming language and coding up some simple projects.  The first of these projects is […]

REcon 2012

I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet.  I saw and enjoyed more of the lectures this […]

ExploitHub

A few years ago, following the failure of WabiSabiLabi’s 0day auction site, I gave some thought to how to create a public marketplace for exploits that actually works.  Obviously given the example of WabiSabiLabi and a little common sense that any vulnerability researcher worth their salt would know, you can’t have a public market for […]

The Folly of a Scheduled Patch Release Cycle

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well […]

The Internet is a Dirty, Dirty Mistress

It’s been quite a while since I wrote or updated DFW, the I)ruidic FireWall.  Included with that utility is a default iptables firewall policy which the user can use directly, tweak to their liking, or completely throw away and start over from scratch.  NetFilter (iptables) has come a long way since I was actively working […]

Vulnerability Disclosure, Cryptography Research, and Open Source

Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two […]