redpig.dataspill.org
thoughts code findings
»

It’s been almost a year since I moved back into a generalist role away from nearly a decade looking at software and hardware security for consumer electronics (Chromebook, Pixel). As I look back,... … »

»

On Monday, I presented Flayer: Exposing Application Internals at the First USENIX Workshop on Offensive Technologies (WOOT’07). Flayer is a tool that I wrote for use in my everyday work. It allows me... … »

»

This my crack at a (quick!) safe integer library for C. The routines are based off of the recommendations at CERT’s secure coding site, but I’m trying to add interfaces that are more appealing to... … »

»

I was recently looking for (free, open) reverse engineering tools for Linux. On the open source front, there’s virtually nothing left that works on modern Linux systems. Fenris, linice, and numerous others are all extinct.... … »

»

I’ve been looking for a useful tool to aid note taking, but that I could also keep on a USB stick safely. I didn’t want to have to toy with encrypted filesystems or specialized programs... … »

»

Ruby/ActiveLdap is a project I started when I first found Ruby. I’d been tortured by poor LDAP tool suites and LDAP’s increasing ubiquity. It provides an ORM mapping from LDAP data to objects in Ruby... … »

»

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger... … »

»

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly... … »

»

Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a... … »

»

I used to spend a lot of time writing helpful tools for myself in Ruby. I haven’t done much in a while. I’ve dumped the old skeletons of work in a directory. Feel free... … »

»

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Temporarily just giving the CVE... … »

» A while back I sent a patch upstream to [tcpdump](http://www.tcpdump.org) which adds support for timed rotation of saved packet data files … »
»

Ruby/ActiveLDAP parses LDAP schemas provided by the server in order to determine what attributes are available for a particular object and how they should be treated. This is being done primarily with the regular... … »

» An old stab at a POSIX-compatible, user-level threading library. … »

this page does not necessarily reflect the views of my employer or anyone i'm associated with.
redpig@dataspill.org