about me

Summary

A passion for puzzles. Driven to solve problems. Thinks like the bad guys, works for the good guys. Applies substantial technological and psychological background to the art of information security.

I’ve been working with technology for not just my entire career, but my entire life. My first formal computer education was in FORTRAN, Pascal, and BASIC, while I was teaching myself 6502 assembly. I’ve always had a fascination with computer security, and that fascination has carried over into my career. Designing and deploying perimeter security. Implementing defense-in-depth. Token management. Postmaster. IDS and firewall management. Log correlation and analysis. Application security. Threat hunting. Computer network defense. Incident response. Forensics. Wireless surveys. Writing policy, penetration testing, algorithm development – with the exception of malware analysis and reverse engineering, I’ve done it all.

Throughout, my passion has been studying the border areas where technology and psychology meet. Where humans and machines interact, there are fascinating lands full of chaos and mystery, waiting to be explored and exploited.

Please note: I'm in the progress of migrating a few of my websites, and until I'm done, the links below won't work. If you really want access to the information in the meantime, please contact me. I hope to have the migration finished before October 1.

A sampling of my projects

sob (a.k.a. Serial Obfuscator)

Serial Obfuscator is a covert communications tool I wrote as a proof-of-concept. It hides messages in UDP traffic between a receiver that is listening for packets sent to a particular IP address (not necessarily its own) and a sender sending packets from a spoofed IP address. To do this, it takes advantage of various unused or under-used fields in the IP header.

It should compile cleanly on modern Linux systems (tested on Kali Linux 1.0.9a) with a simple, make sob.

The GOSSiP Project

GOSSiP (Gossip Optimization for Selective Spam Prevention) is a massively distributed, peer-to-peer reputation management system. It tracks the behavior of e-mail senders and shares senders’ reputations among participating mail servers. These reputations may then be used by mail servers as part of a comprehensive program to combat unwanted e-mail.

Several years ago, I had an idea to use Stanley Milgram’s ideas on social distance (see his Small World Experiment for an example) to help fight spam.

The idea is a simple one: Spam is a relative term. One person’s spam is another person’s valid email. Similar groups of people will have similar opinions on spam. And just as you trust your friends’ opinions, and base that trust on their similarity to your own and a basis in fact, you can do the same with spam.

I spent about a year tooling around with the concept on and off in spare moments, and then spent a fair amount of effort getting a proof of concept working, getting the community to notice it, and building momentum behind the idea. Sadly, I took a job that required me to stop development on the project, so stop I did.

Warwalking (a.k.a. Warstrolling)

Back in 2001, Peter Shipley popularized the concept of wardriving: building a mobile platform for detecting and potentially penetrating wireless networks, and then driving around with it, doing just that.

I really enjoyed his work, but I wanted to take it a step further: I wanted to build a wardriving platform small enough to fit in a small backpack, or even to be carried in one’s pockets, around corporate campuses and inside buildings, undetected.

So, in 2001 I coined the terms warwalking and warstrolling to describe this particular behavior, and set about designing and building the equipment and cobbling together the software necessary to do this.