Blog Entries

Cosign SSO Vulnerability

April 12th, 2007

During an independent audit, I discovered a critical vulnerability in Cosign, a web-based single sign-on (SSO) platform which is currently in use at numerous large universities.

Read the rest of this entry »

T-Mobile WiFi Hotspots

February 12th, 2007

Some random technical notes on the T-Mobile WiFi Hotspots offered at locations such as Starbucks. Since I spend a fair amount of time at the 24-hour Starbucks on Washtenaw, I often end up playing around with the Cisco WAP instead of actually doing work.

Read the rest of this entry »

RFID on Campus

January 17th, 2007

Given my previous experience with the Mcard identification system at the University of Michigan, I was interested when I heard that RFID technology was being integrated into the Mcards. I will explore the Mcard RFID and other current uses of RFID on campus.

Read the rest of this entry »

Happy New Year 2007

January 3rd, 2007

Happy New Year from Chicago!

Read the rest of this entry »

Aimject 1.0 Released

November 24th, 2006

Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger’s OSCAR protocol via a simple GTK interface. This 1.0 release brings Aimject functionality to the masses, being available for Linux, BSD, OS X, and Win32 platforms.

Read the rest of this entry »

Google Safe Browsing

November 13th, 2006

While Google’s Safe Browsing service has been available for some time via the Google Toolbar, this feature will see wide deployment with the release of Mozilla Corp’s Firefox 2. In this analysis, we will delve into the workings of Google’s Safe Browsing service and its integration with Firefox.

Read the rest of this entry »

Halloween 2.0

November 1st, 2006

Happy Halloween! A quick glance at my uber-geeky Halloween costumes.

Read the rest of this entry »

pybgpdump 0.1 Released

September 22nd, 2006

I’m happy to announce the availability of pybgpdump 0.1, a tool to assist in the rapid analysis of BGP routing datasets. It combines the functionality of libbgpdump and the ease of python to parse BGP messages from MRT dumps.

Read the rest of this entry »

Mozilla Auto-Update Vulnerability

September 15th, 2006

Mozilla’s auto-update system is a feature recently added to Firefox and Thunderbird that promises to bring prompt security updates to users without manual interaction. Unfortunately, this feature contains a vulnerability allowing attackers to hijack the update process and deliver malicious updates, resulting in the victim’s host being compromised.

Read the rest of this entry »

mPrint Privacy Violations

August 31st, 2006

mPrint is a useful service provided by ITCS of the University of Michigan to allow web-uploaded documents to be printed on campus printers. Unfortunately, the designers of mPrint included several “features” that violate the privacy of its users without their knowledge.

Read the rest of this entry »