Cody Brocious

About
best known for his work on PyMusique, and reverse engineering hotel locks.

Hosted AMAs


Guest Appearances


Highest Rated Comments


daeken449 karma

Hahahaha. Glad I could uh, be of service.

daeken363 karma

At the end of the day, I know that people will use this for malicious purposes, just like any important vulnerability that's disclosed. However, I have to balance that out with a question that's been on my mind for a long time: How many people used this before I even thought of it? How many people have been robbed or worse, because of these buggy locks?

I'm not happy about any of this, but I think getting the info out there balances out the harm that may come from it being out there in the near future.

daeken278 karma

I work on Boot2Gecko, primarily doing gfx optimizations. Currently working on overscroll animations (what happens when you scroll a page too far).

daeken259 karma

Hm, that's a tough one. Here's something awesome I learned recently, which everyone should know: While flying with a partner and the seats are in groups of three, select your seats such that you're leaving the middle seat open. Unless the flight is packed, it's unlikely anyone will pick the middle seat, and you have the group to yourself. Works great.

daeken230 karma

Just tweeted this -- good enough proof? Could also post on the blog where my paper and such are published. Here's the tweet: https://twitter.com/daeken/status/236602748555116544

daeken210 karma

Depends on my mood. Overall favorite is Clown Shoes Black IPA, but I'm also a huge fan of Anchor Steam.

daeken114 karma

Well, there are a million ways you could go about it, but here's what I'd do:

  1. Learn to program in at least one high-level language (Python, Ruby, JS, whatever), learn to program in at least one low-level language (C is best, C++ is almost as good). If you want to work on the reverse-engineering side of things, learning assembly for at least one ISA (x86 is best) is a very good thing. If you want to work on the web side of things (which you'll likely need, at some point or another) then you have to understand how web development is done, how the web itself works, how JS works, etc.

  2. Start from the top down; first step is the web. OWASP has lots of good information, but use it to just get a feeling for what's out there, then Google around.

  3. Run through some web security challenges, e.g. HackThisSite, and use WebGoat as a test.

  4. Read up on native security a bit -- learn the basics of buffer overflows and all that fun stuff.

  5. Grab old versions of open source software with known vulnerabilities, and rediscover them. This applies equally well to native and web software.

  6. Practice, practice, practice. Every time you encounter a piece of technology or a security process, think about how you could attack it. Take a shot at every piece of software you come across (-NOT- web-based services; that's generally illegal).

  7. Surround yourself with people smarter than you are on every topic you're interested in. This is easy to do in the age of the interwebs.

I'm also writing a book on getting into security; the outline is available at https://gist.github.com/3366052 . The point of it is not to be a complete guide to every detail of every part of security, but rather to expose you to enough different things that when you need to learn something, you're able to. It'll be out... sometime before I die :P

daeken108 karma

Yep! It's the perfect system.

daeken107 karma

Well, I was always around computers -- my parents always had them, and my uncle used to build them. I don't know what sparked me to learn about programming particularly, but I do remember two things:

I discovered a book on BASIC for the Apple ][E in my school library, and started tweaking the code in there, then started writing little text-based games; that was probably kindergarten or first grade. It was short (maybe 30-40 pages?) and IIRC its cover was orange with white lettering, if anyone has a clue. Would love to get a copy again.

The other thing was that I learned about EDIT.COM and opened the game Pilgrim's Quest in it, on my old 386. I was maybe 6 or 7, and I had absolutely no idea what I was doing, but I mashed keys and typed in words and such; it wasn't source, it was a raw binary. I ran the game, and the screen was completely corrupted, but on pressing a key, you'd hear a sound. Each key had a different sound. It was then that I realized that if you understood what these things did, you could be the master of a little universe of your own.

Of course, playing Shadowrun on the Genesis when I was a little bit older helped a lot. I still want to be a decker; hell, I even named my old OS "Renraku".