- Find the encrypted password on PGP Disk: Been wanting to do this for about 5 years w/ PointSec and Joanna's work on Evil Maid prompted me again. I got PGP for Mac and an external drive. Now I just need to play :-)
- Get a passive demux for modem signals: My gas company CenterPoint Energy uses my phone line to communicate information back to the mothership. I'm not only interested in what is communicated, but what security controls, if any, are present. For example, can I spoof my number or recover credentials to spoof as my neighbor? There are programs and devices out there that do this, but they are released to federal or state law enforcement agencies or are insanely expensive. UPDATE: found this, seems plausible!
- Bayesian Logging: This would be similar to profiling an application, but using the call frequency and patterns to determine unusual issues. The idea is to log when a function is being called within an application by inserting logging statements within each function. Intuitively, when I say log into OpenSSH, there are a set of common sequence of functions that run within some time frame. If an attacker finds a pre-auth issue in OpenSSH and exploits it, this sequence and/or time frame will be disrupted. A Bayesian-style analysis daemon on the back-end would hopefully notice this condition and alert as needed. False-positives could be reclassified, training the Bayesian filter
- John the Ripper running in Amazon EC2: Pretty basic. Install John the Ripper in the cloud and crack passwords. Maybe would do a pay model to cover costs. Any extra would be donated back to Openwall, if possible, or if not, some .org.
Monday, November 09, 2009
Security Side Projects
Here's a list of side projects / cool ideas I want to spend some time on:
Subscribe to:
Post Comments (Atom)
1 comments:
The password cracking thing has been done...or at least started.
http://it.slashdot.org/story/09/11/03/0053230/Cracking-PGP-In-the-Cloud?from=rss
Post a Comment