April 19-27, 2008
This program was written in a few days to solve the issue of watching network traffic in realtime. I split packets into groups of IP, TCP, UDP, and non-IP as well as in/out and update the screen every second. It shows packets per second, kilobits per second, and horizontal lines show how much data. The bars switch to yellow when the traffic increases over 1Mbps and to red when it increases over 5 Mbps.
Read more »
jvoss@altsci.com
jvoss@myuw.net
May 15, 2007
Official Asterisk bug report
I am releasing the full Asterisk IAX2 exploit framework / alternative implementation. I am giving a talk at Toorcon Seattle 2008 about my findings. Read more about the handshake (and it's failure) at that page.
Although the Asterisk team described a bugfix and mentioned intention to fix this bug, this bug has not been fixed as of Jan 17, 2008 (Tested against 1.4.17). Since the exploit code is widely available through this website, it would seem prudent to fix this if it were indeed a fixable bug. However, it is my opinion that introducing a handshake requirement to the IAX2 protocol would make the protocol far less likely to work with third-party software and hardware.
I am running a vulnerable version at suzy.altsci.com for test (as well as development and actual use) and I intend to keep it running for the purpose of education and disclosure of this vulnerability.
Read more »New Years is a special holiday for Berlin. Parties are quite numerous and the number of fireworks set off must be incredible. I have 2 videos of the midnight fireworks at Unter den Linden at Videos.
I wrote the last code for my SSH Bruteforce Virus and uploaded it to my site. This was important to me because I cared a lot about the Virus for this trip. I had planned to release it at the 24C3, but I was incredibly ill during the 24C3, so I could barely type a line of code.
It snowed Jan 1st and you can see it was a nice thin layer. That was the start of a cold snap that made it unbearable to go outside for a few days. Though it was 0°ree;C the windchill which pierced even my capeline made it much colder.
Read more »
by Javantea aka. Joel R. Voss
August 16, 2007
Source Code not yet available.
Collisions in hashes are quite bad news for cryptographers. Finding them is quite difficult. The current best attack against SHA1 requires 2**69 operations.
a is an array of plaintexts.
The likeliness of a collision is a function of len(a).
sha1mod1.py sha1 hashes the plaintexts modulus x.
It counts the collisions.
Plotted here is x vs collisions(x).