Posts tagged security


I was fortunate enough to attend ShmooCon with some coworkers this last weekend. This was my first ever cybersecurity conference, so I wasn’t really there with a purpose, mostly just to see what these things are like. One thing I immediately noticed was everyone’s attitude toward the challenges. It seemed that everyone was overwhelmed by how many different challenges there were and how you could really only pick one to complete successfully due to the short duration of the conference.

Some challenges were technical, others were not. One challenge in particular was hosted by Polarity. Essentially, each conference attendee was handed a card when they arrived. The card had a “hash” (really just a long random-looking hex string) and a message saying that seven cards with your hash exist. If you find someone else with a matching hash (hash collision), you can go to the Polarity booth to each claim a prize.

Read more ...

My Unsolicited Opinions on Tidy Git Repositories

Today, I will attempt to list some of the key components of a “good” public git repository that make me feel warm and fuzzy when I see them.

When you publish open source projects to the internet, you are contributing your ideas, expressed in code, to the world. However, that code should not be anything more than that. It is so easy to accidentally release information about yourself by simply adding everything by default in a directory to your repository or by including the wrong configuration files. I recommend using git add . sparingly. You can easily leak to the world the type of operating system you use, the type of deployment solution you use and its configuration, and much more.

Read more ...

DDoS as an Altcoin

As part of my CS 401R (Blockchain) class at BYU, I researched an interesting idea called DDoSCoin. I found the idea here.

DDoSCoin is an instance of “useful proof of work”. Essentially, someone can set a bounty on a TLS-enabled server, and workers must prove they have made the specified number of connections to the target server by producing a digital signature prefixed with n zeros.

Read more ...

AI Malware Detection Literature Review

One required course in BYU’s computer science program is WRTG 316 - Technical Writing. The course consists of numerous short writing assignments, and one literature review due at the end of the semester. I researched the intersection between AI and malware detection for my review.

To view my literature review, look here.

Read more ...