The universal TUN/TAP drivers have been shipping with the Linux kernel for a while now. vtun builds on this to set up point-to-point tunnels that essentially encapsulate Ethernet frames over a TCP connection. Here’s the Ruby code to setup a tap interface so we can start receiving raw Ethernet frames that are being written to this interface.

More »

Take a number and think of all the possible ways you can encode them. Make up some new rules because you feel like it. Oh wait, maybe you should throw in some custom encoding because it feels right. That pretty much sums for the 50 ways you can encode numbers in Packed Encoding Rules.
More »

Every now and then you look back and think about all the time you spent working on something that was so pointlessly convoluted and intentionally perverse, you wonder what’s wrong with the world. You heard me kvetch about ASN. Well, it’s another incarnation of the same beast, except it’s PER. It, BTW, stands for Perverse Encoding Rules. The true 50-ways-to-encode-your-lover.

More »

While developing an implementation of IKE for our platform, I noticed an astonishing behavior in the servers I was testing against: Not a single IKE implementation, which included products from the biggest names in network infrastructure, were validating the Diffie-Hellman public keys that I sent. A consequence of this is that any deployment of these servers will allow the disclosure of secret information when a peer is in collusion with a passive attacker.

More »

The Mu Security Research Team released advisory “MU-200709-02” today. Details: mu-200709-02.txt

The Mu Security Research Team released advisory “MU-200709-01” today. Details: mu-200709-01.txt

The Mu Security Research Team released advisory “MU-200708-01″today. Details:
MU-200708-01.txt

DISCLAIMER: This is not a jab on all the developers out there that are building ASN protocols. I empathize with you. It’s really more about how we’ve taken complexity of software for granted while we really ought to be working towards simplifying things.

I’m mostly writing this as I really need a place to jot down what little I know about ASN. Every time I revisit ASN time to time, I find myself pouring over 10,000 documents trying to remember the subtleties of BER, DER, PER encodings. First of all, ASN is nuts. Second of all it’s seriously retarded b0rken. Did I already mention, it’s nuts? I love the way Richard Feynman provides the absolutely simplest explanation for the most complex problem in hand. When you want talk about soap bubbles, talk about bubbles, not about an enchanting, hollow, spherical translucent thing that has a certain surface tension with rainbows on top for good measure. There’s another simple acronym for this: K.I.S.S.

More »

This started off as an internal thread as to why C++ just downright sucks. There’s been a whole lot of hoopla around the security vulnerabilities while writing C++ code, specifically to do with delete and delete[]. I frankly think C++ for a large scale project is a big mistake.

More »

Yeah, I just watched the movie. Yippie Kah Yay, for sure. Nokia phones are sure handy. :-) As much as I love Matrix, which seemed a little far out with the nmap scan and the SSH CRC32 exploit, this one had a reasonable amount of plausibility. A SCADA device and a printer are not too far apart in terms of the services they offer over IP. These devices have protocols like ARP, IP, TCP, UDP, SNMP, FTP (warez on a voltage regulator anyone?), HTTP, etc. and yes they do have vulnerabilities. It has a lot to do with the Network Effect. While the utility and the value of the connected systems grows (for sure) with the number of systems connected, so does the attack surface, the complexity, the unknowns and the risks. Quoting Bruce Schneier, “Machines break, Systems have bugs“. Once you are on the network, it’s fair game for anyone to reach out to you.
More »