Blog Entries

Friday December 19^th, 2025

Can chatbots craft correct code?

an update to an argument I made in 2017

Monday July 21^st, 2025

Detecting code copying at scale with Vendetect

a new tool that can discover coded copied between repositories

Tuesday July 8^th, 2025

Investigate your dependencies with Deptective

a new tool that can automatically run any command even if its dependencies are missing

Wednesday February 5^th, 2025

Preventing account takeover

on centralized cryptocurrency exchanges

Thursday March 30^th, 2023

How to avoid the aCropalypse

It could have been prevented if only Google and Microsoft used our tools!

Monday August 1^st, 2022

libmagic

The Blathering

Thursday December 16^th, 2021

What does your code use, and is it vulnerable?

It-Depends!

Tuesday February 2^nd, 2021

PDF is Broken: a justCTF Challenge

In which a PDF is a webserver, serving copies of itself

Friday April 5^th, 2019

Breaking into Google Headquarters

In which I tempt the criminal justice system while flaunting the California statute of limitations.

Friday December 8^th, 2017

File Polyglottery

or, This Proof of Concept is Also a Picture of Cats

Monday May 18^th, 2015

Positive Train Control

or, Jet Fuel Can’t Melt Train Tracks

Tuesday April 14^th, 2015

Defending Cyberspace

or: No, I thought you were doing it.

Friday June 27^th, 2014

Lenticrypt: a Provably Plausibly Deniable Cryptosystem

or, This Picture of Cats is Also a Picture of Dogs

Thursday February 6^th, 2014

Physical Security Followup

These Locks are Everywhere!

Friday January 31^st, 2014

Exploiting Password Weaknesses in Physical Security

In which I channel the spirit of my eighth academic cousin thrice removed, Richard Feynman.

Tuesday January 14^th, 2014

Unambiguous Encapsulation

Defending Against "Packet in Packet" Attacks

Friday August 23^rd, 2013

Defending Your E-Mails from Surveillance … Conveniently

via Magiic!