When I first started [I was about 13 & 1/2] working with computers I was really interested in figuring out how the ‘did what they did’. So much so that I was tinkering with assembler within 6 months of getting a computer, not that I accomplished much at that time. I didn’t have internet access so my only ‘escape’ from the real world was delving deeper into the machine. I quickly developed programming skills and was becoming trapped by the limits imposed in QuickBasic (hey we all learn somehwere :D). I went back to looking at assembler since I knew I could encode byte code into the basic programs. After that I made some great mode 13 games and demos.
I innadvertantly became the owner of a copy of a HUGE list of email addresses used by spammers. The list includes about 23 1/2 million addresses.
This is quite and interesting Conundrum. Ethically Do I alert the spammers of their mistake, which allowed one of our customers to download these files (open directory browsing). Do I do nothing? Should I write an email that states “I represent the following people attatched to this email, and they demand they are removed from your list at once”
I find the latter part quite amusing. Although I don’t truly represent them, and it would be a lie. I doubt a single soul on that list would really argue. but 1 out of 23 million is actually quite possible 😉
Interestingly a little more than half of those people on the list are refered to as ‘adult’ customers.
What would you do? Or rather should I do with this list? I cringe at the thought of what a friend had told me. “Start a torrent and post it to mininova” – I’m glad he didn’t end up with the list!
I dissasembled the code snippet that came with the VML buffer overflow, and was interested in making it more ‘mundane’ like a hello world example exploit – I know kinda lame, but I was doing this to understand more on how a random piece of code can ‘figure’ out its address space and do malicious things..
While pondering good material to actually write about, I was going through a PHP library I had written a while back. Some simple possibly overkill variable validation routines to verify what I was passing was truly intended.
Since I’m new to Securiteam I feel that an introduction is required, so you may understand who I am and what I stand for. This post will not discuss security directly, but more of where I feel computers are going and, as a person interested in security, where I wish computers to go.