AltSci Blog

by Javantea aka. Joel R. Voss
Analysis: Jan 9-Aug 26, 2006
Write-up: Sept 8, 2006
Botnets
Spam Server Analysis 0.6 [sig]
Spam Server Analysis 0.4 [sig]
Spam Server Analysis 0.1 [sig]
50 MB of Test Spam [sig]

Spam servers are generally accepted to be among the worst netizens currently residing on the net. Most are zombie botnets, some are open relays or proxies, but some are legitimate businesses in foreign countries. Since spam is illegal in the US, any server sending spam (with quite a few exceptions) is committing a crime. Of course, legislators have no concept of legitimate enforcement, so the fact that spam is a crime does not affect the level of spam that users receive.

Detection, analysis, and blacklisting of spam servers is the proper method to eradicate spam servers. While certain methods of unblacklisting will be required, blacklisting has no downsides. Occasional spammers will not be blocked until they make themself a nuisance.

Hi,

I thought I'd update this blog with some actual AltSci Cell information. It's been over a month since my last post. But actually, I've only gotten a few days of work done on AltSci Cell, so it hasn't been very long.

by Javantea aka. Joel R. Voss
Nov 9-10, 2006
AI Coder 1 version 0.1 Source [sig]

Scripting languages have become an important part of programming functionality. Often, scripting languages are run in a sandbox with a specific piece of memory available and all code interpreted by a program written to execute only a subset of the computer's functionality. This has allowed a system on the web where client-based code can be run on the clients for quick reaction time and specific features. Most of the actual code (data retrieval, calculation, and storage) needs to be run on the server, so it leaves the client code to be nearly all real-time display. In fact, most webpages need no actual client-side code to be perfectly functional. However, more and more sites are relying on increasingly complex scripting libraries including AJAX, math, and data handling. Running a SHA1 hash on a client-side may be useful for many purposes, but many problems arise with these systems.

Browsers must handle a large amount of useful script as well as a large amount of invalid script without detracting from user experience. Compliance with standards is also an important factor in writing a browser. With these factors in mind, obvious security questions arise. Many of these have been addressed by browser developers, yet many have not. Javascript is obviously headed to be the leading cause of DoS if it is not already. It has also become a major threat to user privacy due to Cross-site scripting (XSS) attacks as well as malicious phishing attacks.

BitTorrent Protocol Attack

jvoss@altsci.com
jvoss@myuw.net
Feb 23-26, 2005

BitTorrent Attack 0.3 Source [sig]
BitTorrent Attack 0.2 Source [sig]

Official BitTorrent Protocol
Official BitTorrent Client
Netmap2 Page

The BitTorrent Attack is a small project to see what we can do with the BitTorrent protocol without sending or receiving legitimate data. It is part of Netmap2 (aka. Protocols and Services Project).