Bram Matthys - VULNSCAN

VULNSCAN

Bram Matthys

Back and available for hire

I still plan to talk about IRC, Security and Linux, all those topics I love and still have plenty to say about. I had good intentions when I started this blog but sadly haven't been posting for quite a while. Life went on as usual but I just haven't been

Data of hundreds of thousands of Dutch students sent unencrypted for years

Magister, the most widely used school administration software in The Netherlands, has been sending exam results and personal messages of students unencrypted over the internet for many years. They were informed repeatedly past 18 months about this issue but it was only fixed two weeks ago. UPDATE: After publishing this

Why do some major websites still not use SSL/TLS?

There seems to be misconception out there: If a site never requires user input then there is no reason to use SSL/TLS. This is wrong. SSL/TLS is not only for securing logins or forms! A practical attack on a major news site 1. User visits an insecure news

Improving IRC security step by step

I've been working at UnrealIRCd since 2001 to make IRC more secure. Below I would like to share the journey that IRC has taken so far with regards to deploying SSL/TLS and the way ahead. Step 1: Make IRC software support SSL Fortunately this step was completed long ago.

Buffer overflow issue in UnrealIRCd, despite use of strncat

Today I had to release UnrealIRCd 4.0.11 due to a buffer overflow issue. In this article I give more information on the bug and exploitability. To UnrealIRCd users: You can upgrade the IRCd without a restart The bug First, the actual issue. This code is present in a

YubiKey and 4096 bit RSA support

Yesterday I received my YubiKey 4. I ordered it so I could safely store my 4096 bit code signing certificate. Turns out this is not possible. Despite YubiKey telling "YubiKey 4 now supports RSA keys up to 4096 bits!" in a blog post and in their product comparisson. What!? Turns

Moving on

I'm the head coder of UnrealIRCd, an Open Source IRC server written in C. I've been involved with this project since 2001 and maintainer of the stable branch since 2005. TL;DR quick links: My free modules have been moved and Note to commercial users. About IRC If you don't