The Real Deal

condensing fact from the vapor of nuance

NOTE: This is some old stuff from over 10 years ago, kept for posterity.

Research Papers

  • Trust No One - paper I wrote for ISPCon ‘99 which presented a high level view of a multilayered approach to securing a business’ network infrastructure in today’s increasingly hostile networked environment. funny how this stuff is still precisely correct over a decade later.

  • Why Gnutella Can’t Scale. No, really - (2000) A mathematical analysis of Gnutella’s architecture, finally answering once and for all it will never be a viable solution for distributed P2P file-sharing.


  • wu-ftpd/proftpd overflow - aka the palmetto bug, this is a buffer overflow I discovered in wu-ftpd and proftpd, yielding a remote root shell through the anonymous user account. affected over 70% of all servers on the internet at the time.

  • Accelerated-X overflow - a buffer overflow I found in the Accelerated-X Xserver giving a local root shell. I believe Chris Evans discovered this vulnerability around the same time, but his research was separate.

General Research

  • Road Runner protocol - certainly outdated by now, I did this back in 1996 or 1997 and wrote my own linux/bsd login client for the RoadRunner Cablemodem Service offered by Time Warner Cable.

  • CuteMX protocol - CuteMX was a competing product to Napster, that I think is no longer around now. wrote a CLI cutemx client in Perl from it.

  • MediaShare protocol - did this one in collaboration with a fellow cohort in w00w00. incomplete, and only useful for a really basic client. wrote a client, but decided not to give it out or do anything with it because mediashare was so alpha it’s not even worth anyone’s time to finish reveng’ing the protocol.

HOWTOs (outdated)