About me
Hello! I'm Jann and I'm interested in computer security and C programming. Here's some stuff that others might find useful.
written stuff
Want to use my wifi?
DEF CON 2014 Quals CTF: SFTP challenge writeup
Offline Logfile Forward Integrity Protection
Safe Short Hash Scheme
Notes on the use of OpenPGP
OpenSSH <=6.8 X11 SECURITY bug
Reduce bandwidth usage of PNG transfers over HTTP with this one weird trick
Misc stuff
Two cross-protocol XSS attacks on browsers using FTP
Why copy-pasting from a website straight into your terminal is a bad idea
Use the mighty powers of Unicode to underline text everywhere.
Use rtmpsrv and iptables to download rtmp streams
Fiddling with Ajax requests without installing anything special
Chromium's measures against cross-origin drag-drop have some problems
PoC for the issue with X-Frame-Options: SAMEORIGIN
PoC: End-to-end correlation for Tor connections using an active timing attack
some random bookmarklets
Firefox: ALSR leak and cross-frame oracle via pointer scrambling in Map/Set
Parks and Recreation on use-after-free vulnerabilities and reference counts
🇩🇪 Abstimmungsverhalten im deutschen Bundestag, mit Fokus auf Differenzen zur Partei
A TLS experiment: True Keyless Content Distribution Network
When I stumble over interesting issues, I sometimes write mailing list posts about them. Here are some more long-term issues I wrote mails about:
Flash: Local SWF files can leak arbitrary local files to the internet
PoC: End-to-end correlation for Tor connections using an active timing attack
Code
Some of the code I have written is on github, but my newer projects are here:
gitweb
Mastodon