Cosign SSO Vulnerability
April 12th, 2007During an independent audit, I discovered a critical vulnerability in Cosign, a web-based single sign-on (SSO) platform which is currently in use at numerous large universities.
Blog Entries
T-Mobile WiFi Hotspots
February 12th, 2007Some random technical notes on the T-Mobile WiFi Hotspots offered at locations such as Starbucks. Since I spend a fair amount of time at the 24-hour Starbucks on Washtenaw, I often end up playing around with the Cisco WAP instead of actually doing work.
RFID on Campus
January 17th, 2007Given my previous experience with the Mcard identification system at the University of Michigan, I was interested when I heard that RFID technology was being integrated into the Mcards. I will explore the Mcard RFID and other current uses of RFID on campus.
Happy New Year 2007
January 3rd, 2007Happy New Year from Chicago!
Aimject 1.0 Released
November 24th, 2006Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger’s OSCAR protocol via a simple GTK interface. This 1.0 release brings Aimject functionality to the masses, being available for Linux, BSD, OS X, and Win32 platforms.
Google Safe Browsing
November 13th, 2006While Google’s Safe Browsing service has been available for some time via the Google Toolbar, this feature will see wide deployment with the release of Mozilla Corp’s Firefox 2. In this analysis, we will delve into the workings of Google’s Safe Browsing service and its integration with Firefox.
Halloween 2.0
November 1st, 2006Happy Halloween! A quick glance at my uber-geeky Halloween costumes.
pybgpdump 0.1 Released
September 22nd, 2006I’m happy to announce the availability of pybgpdump 0.1, a tool to assist in the rapid analysis of BGP routing datasets. It combines the functionality of libbgpdump and the ease of python to parse BGP messages from MRT dumps.
Mozilla Auto-Update Vulnerability
September 15th, 2006Mozilla’s auto-update system is a feature recently added to Firefox and Thunderbird that promises to bring prompt security updates to users without manual interaction. Unfortunately, this feature contains a vulnerability allowing attackers to hijack the update process and deliver malicious updates, resulting in the victim’s host being compromised.
mPrint Privacy Violations
August 31st, 2006mPrint is a useful service provided by ITCS of the University of Michigan to allow web-uploaded documents to be printed on campus printers. Unfortunately, the designers of mPrint included several “features” that violate the privacy of its users without their knowledge.
Copyright
Unless stated otherwise, all material on this site is available under a Creative Commons Share-Alike license. Layout design compliments of Wouter Bolsterlee.