The Encryption Magic Bullet

This post is a response to a variety of discussions that I have had lately with a variety of customers, executives, salespeople, and even engineers that are working on security projects for a variety of companies.  Sometimes, it seems, that encryption is positioned as the “Magic Bullet” that will cure… Continue reading

HTTPS: Is it Possible to Forge a Web Server Certificate?

Yes, it is possible in theory to forge the Web Server Certificate that is used in SSL/TLS communication. This is because the certificate is signed by a certificate authority that your browser trusts using a cryptographic hashing algorithm of a specific length. The hashing algorithms that have been used to… Continue reading

Are BitTorrent Pieces 250Kb Long?

I was researching BitTorrent and noticed in the Specification that it said that the typical length of a Piece was 250 kilobytes long.  That made me curious so I decided to perform some quick research to determine the extent of variation. First, I modified the BitTorrent Parser that I had created previously… Continue reading

Capture a spurious outbound connection with NETSTAT

Several years ago, I created a PowerShell script to create a log of outbound connections.  What if you need something quick and dirty and cannot use a script like that or external tools like Process Explorer, etc? Here is a batch script that runs in an infinite loop and catches… Continue reading

Questions to Ask Executive Management when Considering a New Job

It is common wisdom that the interview process is a two-way street.  You should be interviewing the company that you are considering working for to determine if you will be a good fit for the culture and values of the company.  If you get a chance to talk to executive management,… Continue reading

A Python Parser for BitTorrent Metainfo Files

Lately, I have been doing some analysis of BitTorrent Descriptor Files, or “metainfo” files as the BitTorrent Protocol Specification calls them.  One could simply open the *.torrent file in a text editor.  If that is done, you would see something like: d8:announce44:udp://tracker.openbittorrent.com:80/announce13:announce-listll44:udp://tracker.openbittorrent.com:80/announceel38:udp://tracker.publicbt.com:80/announceel32:udp://tracker.ccc.de:80/announceee10:created by14:uTorrent/3.4.213:creation datei1420935116e8:encoding5:UTF-84:infod5:filesld6:lengthi37330e4:pathl52:7 All previous animal species speeds in… Continue reading

Bash Script Tests for OS and Run as Root

In my last post, I discussed using sed, the stream editor to make configuration file changes via a bash script.  There are two important factors to keep in mind: Many configuration file can only be modified as root, and The location of configuration files will vary depending on the Linux… Continue reading