About me

Hello! I'm Jann and I'm interested in computer security and C programming. Here's some stuff that others might find useful.

written stuff

• Want to use my wifi?
• DEF CON 2014 Quals CTF: SFTP challenge writeup
• Offline Logfile Forward Integrity Protection
• Safe Short Hash Scheme
• Notes on the use of OpenPGP
• OpenSSH <=6.8 X11 SECURITY bug
• Reduce bandwidth usage of PNG transfers over HTTP with this one weird trick

Misc stuff

• Two cross-protocol XSS attacks on browsers using FTP
• Why copy-pasting from a website straight into your terminal is a bad idea
• Use the mighty powers of Unicode to underline text everywhere.
• Use rtmpsrv and iptables to download rtmp streams
• Fiddling with Ajax requests without installing anything special
• Chromium's measures against cross-origin drag-drop have some problems
• PoC for the issue with X-Frame-Options: SAMEORIGIN
• PoC: End-to-end correlation for Tor connections using an active timing attack
• some random bookmarklets
• Firefox: ALSR leak and cross-frame oracle via pointer scrambling in Map/Set
• Parks and Recreation on use-after-free vulnerabilities and reference counts
• 🇩🇪 Abstimmungsverhalten im deutschen Bundestag, mit Fokus auf Differenzen zur Partei
• A TLS experiment: True Keyless Content Distribution Network

When I stumble over interesting issues, I sometimes write mailing list posts about them. Here are some more long-term issues I wrote mails about:

• Flash: Local SWF files can leak arbitrary local files to the internet
• PoC: End-to-end correlation for Tor connections using an active timing attack

Code

Some of the code I have written is on github, but my newer projects are here: gitweb

Mastodon