December 2007: Pole-Position
This is a add-on to Speedway, which provides a nice GUI console for tracking and alerting on Speedway deployments. All Speedway report back to this central server. The server analyzes the reports (or lack of reports) to generate alerts and warnings based on various parameters. You can see a screen-shot here, but as you might guess I blacked out any potentially sensitive information.

November 2007: Multi-platform ACL Generation
Too many platforms... In my job, I need to write ACLs for Cisco, JCLs for Juniper, Iptables for linux hosts, as well as policies for other platforms. To make life easier, what was needed was a single high-level language to describe a security policy and compilers to render that policy into any target platform. I wrote up a design for this and began coding it with a co-worker, Peter Moody. It took us a couple of months, but Peter is a daemon with Python which moved us quickly along. The software now sports the following features:

• Network and service address books
• ACL, JCL, Iptables output
• A standard high-level policy language
• IPv6 support (thanks Peter!)
• Perforce integration
• Numerous other bells and whistles

November 2006: Speedway
Protecting sensitive hosts in a corporate environment can be challenging and expensive. At my current employer, dozens of firewalls have been deployed for this purpose but have created numerous headaches for the sysadmins, who cannot move machines around easily or deploy new hosts without consulting with the Security team. I wrote Speedway to solve this problem by creating a system where we can easily deploy, manage, track and monitor Iptables deployments. After a few more revisions I'd like to open source this.

23 July 2004: The Cygnus Project
About a year ago I began work on a project named Hammersmith. The project has been running for almost a year now and has tracked unusual network traffic within corporate or ISP networks to provide early warning of viruses, worms, incorrectly configured software, and evil-doers. The project was very successful, but lacked a lot of capability that I believe would have made it even more valuable. I have started work on version 2, which is now named Cygnus at the recommendation of my good friend Matt LeMarbre. Cygnus will implement many of the features I now realize were needed in the first version, as well as including improved reporting and trending capabilities. More details will be posted as the project progresses… STAY TUNED!

28 April 2004: Slipping in the Window: TCP Reset Attacks
After much anticipation, I finally presented my research paper “Slipping in the Window: TCP Reset Attacks” at the CanSecWest Security conference. Despite all the media attention, I believe the talk went exceptionally well, and was well received by the audience. I would like to thank all the attendees at the conference for their support and kind words.
On the personal side, I made a lot of great new friends. I also had the great pleasure of sharing some smokes with Christian Slater and Angie Harmon at the Crimelab after the presentation.

1 April 2004: Open Source Vulnerability Database (OSVDB)
A project I have been involved with for over two years is finally going live. The OSVDB project was originally conceived at DefCon X. The project started with a bang, floundered, and then was resurrected by the efforts of some friends by the names Forrest Rae, Zel, Sullo and Jericho. The objectives of the project are to provide comprehensive, free, and unbiased security vulnerability information to the security community. Over the past few months, the project has really picked up steam and is getting some well-deserved attention, such as this article from TheRegister.co.uk. The project is still looking for security professionals to volunteer time to provide a great service to the security community (as well as to help their resume!)

19 February 2004: Web-based Security & Technology News Aggregator (CYN.NET)
I am working on a new project for a security news aggregator site, which is a spin-off from my earlier “news-crawler” project. Since I work in the information security field, I used to spend a substantial amount of time every day checking a large number of security and technology websites for current news and information. To simplify this process and save myself a lot of time, I decided to create a program in PHP and a MySQL backend database. The code goes out every hour and does all the news searching for me. All this news is stuffed into the database, and organized in predefined categories (security, advisories, virus, etc.) as well as allowing users to create customized categories (sql, wireless, linux, etc.), or just perform simple search queries… The website is open for anyone to create an account and use. As of today, there are 4892 news articles, and growing daily. I am currently collecting news from about 40 security and technology sites, and I expect to add more in the near future. I have also started a new category of “world news” that is not security or tech related, but satisfies my non-tech news cravings. I hope others find this project useful.

03 January 2004: Internet Explorer URL Obfuscation Vulnerability
After receiving a SPAM email last night, I went into investigation mode. This particular SPAM email claimed to be from a reputable credit-card company, so I immediately knew it was bogus. What caught my interest was that the URL links appeared to be going to legitimate sites. I traced the email, and examined the source code of the email, as well as the source code of the website it directed me to. In the process of this I found that the scam artists were exploiting an unpatched bug in Microsoft Internet Explorer. I found this bug to be quite interesting, so I have posted a write up of the vulnerability here.

20 December 2003: Return of the News-Crawler
I had some spare time this month, so I re-wrote the code I lost many years back called “news-crawler”. It’s a simple, modular PERL based script that can be easily extended. In a nutshell, it trolls the web for tech-news so I don’t have to. It currently is used to add some dynamic content to the dc2600.com website. You can download it here. If you expand on the code, create any new site parsing routines, or have any comments, please forward them to me (see email address at bottom of page.)

13 November 2003: Call of Duty
“Call of Duty” was just recently release from Activision. The game is simply awesome. You can find me playing online under the name “HoosierDaddy”. I also occasionally run a CoD server (cod.terrorist.net / 68.74.97.98) and everyone is welcome. If you want to see who is online, what map is running, or anything else, I wrote a cgi-bin utility in C called “codwatch.c” that you can access at http://www.terrorist.net/cod (no longer online). Feel free to hack the code for your own server. If you add any nice features, I would appreciate you sending me your changes.

I have also written a spoofer, called “codauthorize.c”, for the Activision CoD authorization server that you can download here. Simply create a hosts file entry on your COD server to point to the IP address of the system where you run the program, and all your friends can connect to your server using any CD-Key they can dig up (or everyone can use the same CD-Key!)

13 August 2003: Web Hacking Contest
A few days ago I discovered the “Web Authentication Game” that NGSec hosts. Although I have seen this sort of thing before, I was fairly impressed. The various hacking “puzzles” all focus on Web Authentication, but cover several areas ranging from simple password guessing and HTTP Headers, to more complex problems such as crypt-analysis, Reverse Engineering, and Buffer Overflows/Code Auditing. I managed to waste an entire vacation day on this (and I still haven’t completed the last one although I think I have a solid handle on it.) Well, the point is, I have kept notes while working my way through this. Don’t follow this link unless you’re completely stumped on a problem and can’t sleep until you know the answer. Find my notes and solutions for game1, and here are notes and solutions for game2 (still in progress)…

24 December 2002: FAQ/HOWTO For the Efficient Networks 5861 DSL Router
SBC Ameritech provides these routers to their “Business class” customers, or to anyone who orders a Static IP address subnet from them with their DSL service. The documentation on the router is horrid, and I have attempted to make a nice quick learning guide as well as provide some clever techniques for redundant and load-balanced solutions. This is a living document and your contributions are always welcome and encouraged... You can find the document here: http://www.terrorist.net/webdocs/5861.

30 December 2002: MAME Arcade Cabinet
As a huge fan of the old arcade classics, I finally built myself a Video Arcade cabinet to provide hours of entertainment for family, friends, and myself. It’s much better than trying to play a 2-player game of Mortal Combat using a convoluted collection of keys on your PC Keyboard. Take a look: http://www.terrorist.net/webdocs/cabinet