Anecdotal story about myself, worm writing and Emergent behavior in Worms

When I first started [I was about 13 & 1/2] working with computers I was really interested in figuring out how the ‘did what they did’. So much so that I was tinkering with assembler within 6 months of getting a computer, not that I accomplished much at that time. I didn’t have internet access so my only ‘escape’ from the real world was delving deeper into the machine. I quickly developed programming skills and was becoming trapped by the limits imposed in QuickBasic (hey we all learn somehwere :D ). I went back to looking at assembler since I knew I could encode byte code into the basic programs. After that I made some great mode 13 games and demos. (more…)

Share

Very big spam list

I innadvertantly became the owner of a copy of a HUGE list of email addresses used by spammers. The list includes about 23 1/2 million addresses.

This is quite and interesting Conundrum. Ethically Do I alert the spammers of their mistake, which allowed one of our customers to download these files (open directory browsing). Do I do nothing? Should I write an email that states “I represent the following people attatched to this email, and they demand they are removed from your list at once”

I find the latter part quite amusing. Although I don’t truly represent them, and it would be a lie. I doubt a single soul on that list would really argue. but 1 out of 23 million is actually quite possible ;)

Interestingly a little more than half of those people on the list are refered to as ‘adult’ customers.
What would you do? Or rather should I do with this list? I cringe at the thought of what a friend had told me. “Start a torrent and post it to mininova” – I’m glad he didn’t end up with the list!

Share

Windows assembler buffer overflow code questions

I dissasembled the code snippet that came with the VML buffer overflow, and was interested in making it more ‘mundane’ like a hello world example exploit – I know kinda lame, but I was doing this to understand more on how a random piece of code can ‘figure’ out its address space and do malicious things..

(more…)

Share

PHP & Militarizing input variables ..

While pondering good material to actually write about, I was going through a PHP library I had written a while back. Some simple possibly overkill variable validation routines to verify what I was passing was truly intended.

(more…)

Share

Cthulhu fhtagn

Since I’m new to Securiteam I feel that an introduction is required, so you may understand who I am and what I stand for. This post will not discuss security directly, but more of where I feel computers are going and, as a person interested in security, where I wish computers to go.

“Cthulhu fhtagn” – When refering to computer security no one phrase can honestly say more than this for me. Inside each and every machine a monster lurks, this monster is nothing more than bits and bytes, with execution on its mind. Execution of what is the next question. It has no feelings, and its above morality, all it really wants to do is push the next set of instructions down its pipelines. Whatever instructions it gets it runs. For this reason and this reason alone we as users need to understand what we want and desire from our machines. (more…)

Share