The Real Deal

condensing fact from the vapor of nuance

NOTE: This is some old stuff from over 10 years ago, kept for posterity.

Research Papers

  • Trust No One - paper I wrote for ISPCon ‘99 which presented a high level view of a multilayered approach to securing a business’ network infrastructure in today’s increasingly hostile networked environment. funny how this stuff is still precisely correct over a decade later.

  • Why Gnutella Can’t Scale. No, really - (2000) A mathematical analysis of Gnutella’s architecture, finally answering once and for all it will never be a viable solution for distributed P2P file-sharing.

Advisories

  • wu-ftpd/proftpd overflow - aka the palmetto bug, this is a buffer overflow I discovered in wu-ftpd and proftpd, yielding a remote root shell through the anonymous user account. affected over 70% of all servers on the internet at the time.

  • Accelerated-X overflow - a buffer overflow I found in the Accelerated-X Xserver giving a local root shell. I believe Chris Evans discovered this vulnerability around the same time, but his research was separate.

General Research

  • Road Runner protocol - certainly outdated by now, I did this back in 1996 or 1997 and wrote my own linux/bsd login client for the RoadRunner Cablemodem Service offered by Time Warner Cable.

  • CuteMX protocol - CuteMX was a competing product to Napster, that I think is no longer around now. wrote a CLI cutemx client in Perl from it.

  • MediaShare protocol - did this one in collaboration with a fellow cohort in w00w00. incomplete, and only useful for a really basic client. wrote a client, but decided not to give it out or do anything with it because mediashare was so alpha it’s not even worth anyone’s time to finish reveng’ing the protocol.

HOWTOs (outdated)

Comments