Strange Research

tag:blogger.com,1999:blog-42143495514933297642009-11-09T01:26:59.669-07:00Strange ResearchEenie Meenie Jelly Beenie, the spirits are about to speak!!! <br> <br> Security, networking, development, and a measure of practical magic. <br> by Jason MeltzerJason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-4214349551493329764.post-38348968670801606962007-10-03T11:52:00.000-06:002007-10-03T13:20:58.271-06:00Development Multiverse

Jeff Atwood just put up a post, complete with a catchy analogy, that provides a good pedagogic overview of branching and merging. Many aspects of these concepts were discussed in the comments, most providing support for the perspective that Branching Is Hard(TM). My own perspective is that one of the chief reasons this is 'all very difficult' is because individual developers only have exposure to

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-52057897304622149752007-07-06T14:10:00.000-06:002007-07-06T16:11:05.968-06:00Taxonomy Work

Flipping through a slide deck of Steve Christey and Robert Martin's, Mitre CWE Being Explicit Slides (ppt) made me think of Dave Aitel's quip from a few days ago "Taxonomy = wrong" or put less, or more, banally by our man Mulder:"We fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities we may find ourselves at the mercy of anyone or anything that

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com1tag:blogger.com,1999:blog-4214349551493329764.post-89181958290647491452007-06-25T12:39:00.000-06:002007-06-25T13:00:46.950-06:00dmesg and OpenSSL speed pr0n

I installed a Soekris vpn1401 in my net4801 a couple weeks ago to improve the performance of the OpenVPN (SSL) and IPSec VPNs I have running over the wireless. This morning I decided to run 'openssl speed' to see what the raw performance is like in rough comparison to what I remember from running the test without the card installed. Generally speaking, these results represent 3x+ speed increases

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-91679333070736928182007-03-09T10:55:00.000-07:002007-03-14T17:26:52.693-06:00Wireless Channel Listing

...because there never seems to be one around when you need it most:Channel 1 : 2412 Mhz 11bg Channel 36 : 5180 Mhz 11aChannel 2 : 2417 Mhz 11bg Channel 40 : 5200 Mhz 11aChannel 3 : 2422 Mhz 11bg Channel 44 : 5220 Mhz 11aChannel 4 : 2427 Mhz 11bg Channel 48 : 5240 Mhz 11aChannel 5 : 2432 Mhz 11bg Channel 52 : 5260 Mhz 11aChannel 6 : 2437 Mhz

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-3522061202097230662007-02-01T16:15:00.000-07:002007-02-01T16:25:03.242-07:00Gone Indie

At the end of December I left my position with KPMG to concentrate on technical security consulting and my masters degree. This all leads me to announce the creation of a new corporate entity, and my security company:Strange Research CorporationThere isn't much content up on the site yet as I'm still playing with the layout, but check it out!

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com1tag:blogger.com,1999:blog-4214349551493329764.post-92011200533367400482006-10-27T11:40:00.000-06:002006-12-19T22:16:02.653-07:00Strange Assortments

Ah, the obligatory "it has been too long since I've posted anything" post... I try to approach posting by following the advise of my friend ex-P.F.C. Wintergreen, who usually detests blogs but has relented on this position as of late, and at least keep my posts somewhat oriented towards novel ideas. Sometimes it simply helps to keep writing. I see that FX is posting at the SABRE Lablog, always

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-64286211805074434192006-09-24T16:07:00.000-06:002007-02-08T14:40:36.697-07:00Porting PDB to OpenBSD Act I Scene II

The need to run Matlab necessitated bringing my PowerBook back from the land of music and sound design... So, with a fresh install of Tiger I now have a box running an OS that implements divert sockets... Getting PDB up and running while my physical layer class works on examples of free space loss (and their arithmetic skills) seems like a great way to make use of the day.Quick and dirty process

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-4612998838521532942006-09-13T14:02:00.000-06:002006-09-13T14:10:02.056-06:00It's all in the implementation

It all starts with Daniel Bleichenbacher's novel attack on RSA signature implementation. Here is the run down...Start with Fun with exponents (Ben Laurie of OpenSSL)The Tom Ptacek/Nate Lawson dynamic duo:Many RSA signatures may be forgeable in OpenSSL and elsewhere RSA signature forgery explained: Part I, Part II. Update! Part III and Part IV bonus! Part V and Part VIMozilla falls to RSA

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-86490487228449121072006-09-13T12:47:00.000-06:002006-09-13T12:52:29.805-06:00Reused Rants on Consultant Presentations

A perhaps hypothetical security consultant asks for suggestions concerning emerginging threats to 'Corporate Data & Privacy' along the lines of 'rootkits, trojans, et cetera'. She/He wanted ideas detailing 'interesting' tactics/malware, especially those that are particularly insidious, legitimate and hard to defend against.I understand that these types of presentations are meant to motivate

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-51020505195835072462006-09-01T09:44:00.000-06:002006-09-01T10:00:45.882-06:00Positively Orwellian

A comment to a post on Eric Rescorla's blog reminded me about an important essay by George Orwell, Politics and the English Language, that is as appropriate now as when it was first written, maybe more.I'm writing up a report for a client (right after I post this okay!), so I want to remember this:A scrupulous writer, in every sentence that he writes, will ask himself at least four questions,

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-77716687257053765022006-08-28T09:04:00.000-06:002006-08-28T09:07:44.293-06:00Porting PDB to OpenBSD Act I

Originally published on Sunday 13 August 2006:So Jeremy Rauch of Matasano has released a wicked cool piece of kit for network protocol (and vuln dev) geeks like myself called PDB. Follow that link and you can also find the pdf of his blackhat talk. I was quite chuffed to have a tarball in my hands after eager anticipation at the announcement of the talk... I ran into a little problem.We always

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0tag:blogger.com,1999:blog-4214349551493329764.post-21422871244021094252006-08-16T13:20:00.000-06:002006-08-16T13:21:53.621-06:00New Digs

I'm moving everything over from Dotclear to make life easier...

Jason Meltzerhttp://www.blogger.com/profile/05689158632756750517noreply@blogger.com0