security

Linda and Doris rule the ‘net

 ipmi, security, tech, Uncategorized, web  Comments Off on Linda and Doris rule the ‘net
Jul 032013
 

Some misc ramblin’ notes/data on IPMI & SSL Certificates. So I used the SSL observatory software (oddly written, but still cool) to scan for certificates on a bit over 300K systems suspected of running IPMI (which in turn were had from HD Moore of Rapid 7 – thanks HD!) and who were on the net.  In case anyone else was interested in using the SSL Observatory stuff, it’s pretty simple once […]

ITAR

 audit, code, DARPA, data, fast track, ipmi, python, security, tech  Comments Off on ITAR
Feb 262013
 

Well, not really.  Actually I.tar.gz.  In the gzip’d tar there are 3 files; little IPMI/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program’s output. Because… well, no good reason, actually, one is in python3 and the other in python2. I guess I’m testing your readiness. The programs are pretty heavily commented, especially ipmifreely.py, so […]

The infamous Daryl, er, Cipher Zero

 embedded, ipmi, security  Comments Off on The infamous Daryl, er, Cipher Zero
Feb 222013
 
The infamous Daryl, er, Cipher Zero

Now, a few words on looking for things. When you go looking for something specific, your chances of finding it are very bad. Because of all the things in the world, you’re only looking for one of them. When you go looking for anything at all, your chances of finding it are very good. Because of all the things in the world, you’re sure to find some of them. […]

In logs we trust

 cars, data, embedded, forensics, government, science, security, tech  Comments Off on In logs we trust
Feb 152013
 
In logs we trust

It’s a mess. The NYT wrote a fairly scathing review of the new Tesla roadster, and Tesla fires back (summary here).  Both sides have – or feel that they have – a lot at stake here.  It would appear that there’s simply no way of telling who is telling the truth, since the system that generates the Tesla data is proprietary and who in the hell knows how it […]

Darpa, redux, redux, reduxxx

 DARPA, embedded, fast track, government, ipmi, security, tech, work  Comments Off on Darpa, redux, redux, reduxxx
Feb 122013
 

I’d been asked about my 2nd CFT proposal… here it is, in all it’s wordy glory: darpa-reduxxx.   Thanks as always to the DARPAnians and Mudge for the opportunity. Thanks to my IPMI paper sucking my life away I’m behind schedule, but it was always an excuse to play with and understand the tech, not make money.  Well, it’s not like I’m a monk, I like money, but there […]

 Older Entries  Newer Entries