Corey Ogburn

We often think of computers as working with numbers, and in the purest sense we are, but those numbers are simply 1s and 0s. Normally these bits can be grouped together to represent much larger numbers but as a developer, you'll often times need to use them as bits and you forego addition and division for "bitwise" (sometimes referred to as Logical) operations. Bitwise simply means that you're dealing with individual bits and not the number as a whole, the representation of the bits working together to make a larger number.

More...

C#, Computer Security, Design Pattern, Development, Misc

In case you don't know, I've been developing a new encryption for six years now. Timeshift has been my pride and joy. It has outlived friendships, high school, even an engagement. It's my brain child, along with my buddy Karl. As development for it progressed, it became clear that I either need a lot of time to expand my knowledge, or aid from those who have. Over the 6 years, I've found both. Early on, I discovered Bruce Schneier's site. He seemed to be a big man in the industry so I was surprised his email was listed on the site, even more surprised when I received a response. I sent him an email saying that I was having problems explaining an aspect of my cipher and I was wondering if I could have some of his insight. I received the shortest email ever as a response:

More...

Computer Security, Misc timeshift, bruce schneier

Over the Summer, I noticed a peculiarity on a section of a website that many people frequently visit that contains a lot of personal information about me as well as all its other users. Upon further inspection, it was a weakness in the site's authentication. For the record, I would not be posting this if the site had not already fixed these problems. This lead me to investigate what of my information is made available through these exploits. I was driven to find out because MY information was available and you always assume that if you can exploit it, anybody can.

More...

Case Study, Computer Security security, research, example, internet

Problem solving is needed for any branch of software development. Looking at a problem and being able to find a fast, efficient way to solve it is what software development is ultimately about. It takes a whole new level of problem solving skills to design secure systems. Systems that can keep out the most dedicated of intruders and yet be a hassle-free experience for those who truly belong there. Computer Security is a fascinating field with unique challenges but for those of you interested in entering the field, you'll probably need a change in mindset.

First, some terminology. It's not unusual for developers to take on several different positions in a project, such as database admin and programmer for a website or some other project. This means that the developer wears several "hats." As hacking eased itself into existence, "hackers" unknowingly formed two different groups: white-hatters and black-hatters. A black-hatter is what most people erroneously think of when they hear the term "hacker." Black-hatters infiltrate, penetrate and generally abuse a system for their own personal gain, for another person's lose, or sometimes simply because they can. A white-hatter uses all the same tricks and exploits that a black-hatter does except that they do no damage. Sometimes a white-hatter is hired to evaluate the security of a system by attempting to break it and reporting their findings back to whoever hired them. Not all white-hatters make a career out of it though. To some, its about the expansion of knowledge and facing the challenges that hacking presents.

More...

Computer Security, Misc security, white hat, black hat

Timeshift, an encryption I've been working on with my friend Karl for over 5 years now, finally has a page of it's own. As it nears completion, Karl and I begin to gear up for starting a business around this algorithm, other algorithms we may develop, and potentially branching out to other concepts outside of computer security. The possibilities are endless and we're not closing any doors. Anyway, this algorithm has developed from a 256 bit encryption on up to 512, 1024, and finally graduating to 4096 bit. In addition to adding strength throughout the years, we've also decreased time. Timing how long it takes to do 100 MB\s, we started at a shameful 60+ seconds down to less than a second! That's about 150 MB\s! With the algorithm 99% done, we're approaching the point where we begin porting to other languages. Currently developed in C# .Net, plans are to rewrite the algorithm in unmanaged C++, Java, PHP, Objective-C and x86 Assembly (for the possibility of a hardware implementation). These languages ought to cover the majority of the market and allow almost any company to have this level of security in their own systems. We know there are many open source alternatives, but our goal has been to blow them out of the water and I believe we've succeeded so far. Over the next year this project is really going to take off, keep an eye out for updates.

Computer Security, Development timeshift security