Sometime in the first half of 2018 there was an explosion of "Dockless e-scooters" appearing all over the Bay Area. These devices are electric scooters that anyone can rent for a one-way trip and find/leave then (at the time) anywhere you want. As one could guess this lead to…
This is the blog version of my DEFCON 26 talk Lost and Found Certificates: dealing with residual certificates for pre-owned domains, which I co-presented with Dylan Ayrey. You can learn more about BygoneSSL and see a demo at insecure.design. The Problem A Certificate can outlive the ownership of a…
Certgraph is a tool I've been developing to scan and graph the network of SSL certificate alternative names. It can be used to find other domains that belong to an organization that may be several orders removed and not always obvious. Background The idea for this project came about after…
On most unrooted, stock, Android phones, enabling tethering will run a "Provisioning Check" with your wireless provider to ensure that your data plan allows tethering. This post documents Tethr, a way to bypass the provisioning check on Android devices prior to version 7.1.2. After discovering this…
For those of you not in the know, ambergris is defined as: a wax-like substance that originates as a secretion in the intestines of the sperm whale, found floating in tropical seas and used in perfume manufacture. However, that will not be what this post is about (sorry to disappoint)…
A while ago I came into possession of a few HID iClass readers. After collecting dust in my project drawer for a few months I decided to find a fun use for them, which ended up in the project I call Badgy. Background The back of the HID readers have…
Last week at DerbyCon 5.0 the CircleCityCon folks had a booth with a challenge, the Challenge of Tiamat’s Eye. @CircleCityCon: Can you solve the Puzzle of Tiamat's Eye? Visit our booth at @DerbyCon to take the challenge! pic.twitter.com/yJzPvxOQk9— Circle City Con (@CircleCityCon)…
Sonic (my home ISP) offers an IPv6 tunnel for their customers who have a service plan that does not offer native IPv6 yet. Sonic’s IPv6 tunnel operates much the same way Hurricane Electric’s Tunnel Broker does, however since the endpoint is located inside the ISP you should get…
I gave a presentation at WOOT 2015 demonstrating how network enabled telematic control units (TCUs) can be used to remotely control automobiles from arbitrary distance over SMS or the internet. Abstract Modern automobiles are complex distributed systems in which virtually all functionality—from acceleration and braking to lighting and HVAC…
Recently there has been a lot of buzz about the recent Heartbleed vulnerability found in some versions of OpenSSL. The attack works due to a mistake in the server validating part of the request made by the SSL client. The popular web comic XKCD has made a great simple comic…
