Tuesday, July 8, 2014

Using Punycode and Special Characters as Protection from Automated Systems: drunycode

1. Its been a while since I have posted anything on here, so I figured I would give some details on my latest projects that I posted on Github. You can see it here:

So, in essence what it is is a method to protect content delivery networks, code libraries, and image files from ddos software and penetration testing software (vulnerability scanners). Basically software written in a shell script or in C will have a hard time understanding unicode characters... especially software designed to work with or use valid urls. So basically, by using punycode (Internationalized Domain Names) to make your code libraries (all your external scritps, files, etc) in a IDN subdomain, you make it so that these scanners can't understand that they are real urls.

I have taken it a step further by adding special characters into the file names. This gets tricky, because some systems don't recognize certain characters in filenames, but many characters are pretty universally acceptable... for example all~my_java^script-code.js should work pretty universally, but also help encrypt the urls against potential automated attacking systems.

Altogether I call the method of encoding the urls and files: Drunycode

2. Since I realize I haven't posted much about my github projects on here I'll go ahead and talk about some of my shell scripts:

The one above is a heroku toolbelt installer for fedora. Basically, I was having trouble installing heroku's toolbelt on fedora, so I rewrote the bash installer for it. Mainly the problem was because fedora uses "yum install" instead of the "apt-get install" that debian-ubuntu uses. Another issue was with the ssh key. But for all purposes, the installer works if you are using fedora, red hat, opensuse, or centos.

In closing, here is a thought for the day: Why can the US government seize websites, ISP's shut down internet service for traffic is doesn't approve of, and domain providers shut down a site because it doesn't meet their expectations - BUT when a group of individuals shut down a site in protest (a constitutional right) it becomes illegal?

Wednesday, June 4, 2014

Check out my article on huffington post

I was recently published on Huffington Post about how we need new ways to encrypt and protect our data. Here is the article:
http://www.huffingtonpost.com/andrew-edwards/the-cyber-cold-war_b_5440791.html

I personally am working on drunycode, which is mostly for protecting code libraries, external scripts, and content delivery networks... So pretty much everything important. I believe that if we can have encryption algorithms that can even be shorter, but include not latin characters it makes encryption SOOOOOO much harder to crack. Check it out.

Wednesday, May 14, 2014

Coding in Spanish and other languages: Diseño Web en Español

With a growing international marketplace and the spread of computers to everyone throughout the world, coding and web design has to start making moves towards internationalization, which can take place in multiple different ways... Not to mention some of the methods ICANN has implemented can be used in different ways.

The Drunycode Method- ICANN recently implemented Internationalized Domain Names (IDNs) using punycode, which allows non-latin unicode characters to be used in URLs (such as in my resume). In my research, I have found that by using this as well as special characters in filenames (which doesn't require punycode) you can block ddos software or vulnerability scanners, since they cannot interpret them as valid sites or files. It is basically way of encrypting URLs and filenames. Below are some screenshots of tests:
Lexington Ky Web Design and Web Security

IDN and Punycode encryption of URL - drunycode

Coding in Spanish- While domain names can now use special characters, coding does not, because all the tags are all in english. I personally believe it is important to add what you can to span class tags, input name (and $ php values), and other tags. While it doesn't do a whole lot, it does help spanish speaking html, php, or css coders to understand what each tag means. Other things to keep in mind are the lang='es' tag and the special character codes for text. I have posted the code for an example of a spanish language html page below:

<html lang='es'>
<head>
<title>Dise&#241;o Web en Espa&#241;ol</title>
<style type="text/css">
.estilo {color:blue;
font-weight:bold;
text-align:center;}
</style>
</head>
<body>
<span class="estilo">Este es un ejemplo de la codificaci&#243;n en espa&#241;ol.</span>
<br>
<form action="correo.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="action" value="submit"/> Tu Nobre:<br />
<input name="nombre" type="text" value="" size="30"/> <br /> Tu direccion:<br />
<input name="direccion" type="text" value="" size="30"/> <br /> Mesaje:<br />
<textarea name="correo" rows="7" cols="30"> </textarea> <br />
<input type="submit" value="Enviar"/>
</form>
</body>
</html>

Codificación en Español- Mientras que los nombres de dominio ahora pueden usar caracteres especiales, la codificación no es así, ya que todas las etiquetas están en Inglés. Personalmente, creo que es importante añadir lo que pueda para abarcar las "span class", "input name" (y "$" valores en php), y otras etiquetas. Si bien no hace mucho, sí ayuda HTML, php, o css codificadores de entender el significado de cada etiqueta. Otras cosas a tener en cuenta son las etiquetas lang = 'es' y los códigos de letras especiales para el texto. He publicado el código de un ejemplo de una página HTML idioma español anteriormente.

In closing, as always, if you are going to post a job listing or trying to find a web designer, search engine optimization/social marketing, or someone to do web security- look not more. You can hire me, as I am currently looking for something new. Especially if you are looking for someone to code in spanish (or crudely in another language).

Friday, May 9, 2014

PaleOnion and Other Recent Projects

As far as search engine optimization goes, I need to keep adding information to this blog, so I'll update it with some of the projects I've been working on recently.

First and foremost is a new open-source software project I've been working on called PaleOnion, which is a Tor browser based on the optimized firefox browser called Palemoon. The version I just released on sourceforge and github is a Linux/BSD/Unix version written as a bash shell script. My hope was that it would have somewhat faster load times than the original Tor browser. If you are not familiar with TOR, it stands for "The Onion Router" and it is the best tool to keep your anonymity by not only encrypting your web traffic but routing you through several "nodes" to keep your browsing completly anonymous and secure from snooping and surveillance. Anyone wanting to help work on the project is more than welcome! Here are some screenshots:

Palemoon optimized tor browser

Paleonion

The second project I've been working on is playing around with the OpenCatamount operating system built by Sandia National Laboratory for their supercomputers. I was trying to build the Catamount Lightweight Kernel on Lubuntu (a lightweight linux) which didn't turn out too well... so I'll keep working on that one. Here's a screenshot of that project:

Open Catamount Operating System

So, that's about it for now. Of course if anyone in Lexington, Frankfort, Georgetown, Richmond, or just anywhere in the Central Kentucky area needs webpage design, web security, or SEO feel free to get in contact and we'll see how I can help.

Thursday, April 24, 2014

In need of web security or front end development?

Hi! I'm Drew Edwards!
I do freelance web security (owasp standards) and front end web development in Lexington, Ky.
You may be wondering why, if I am a web developer, am I using blogger instead of making an awesome site to promote myself? The answer is simple: Google often puts blogspot in the top of the rankings on a google search (I do seo as well... but it seems EVERYONE does seo).

So lets get down to what I can do for you.
First and foremost, I do web security. You want your website to to be secure from hackers or other predatory beings. The first thing I do is a full evaluation of your website by owasp standards (xss, sql-injections, privilege escalation, etc) then check it for more simple but overlooked vulnerabilities such as exposed internal directories, vulnerability to well crafted social engineering attacks, heartbleed, and other bad "stuff". Then I help fix anything I do find, plus help you with solutions for common problems such as protecting from ddos, setting up ssl, and more.

Protecting your company's security often means the following:

  • A firewall on your systems
  • SSL on all websites
  • Buffer overflow protection
  • pgp or other secure email system for internal email
  • Vulnerability assessment
  • Potection from DDOS attacks


I have proven results through security bug bounties at:
Cisco Meraki
Mozilla Corp.
Barracuda Networks
The Gallery Project

As well as having my own research into the use of punycode/Unicode/special characters in defense against Denial-of-Service software and and Vulnerability Scanners:
http://xn--d1alf.tk/

And for those interested in web design and development services I code html, css, php, javascript (including jquery and json). As well as use and knowledge of linux (ubuntu and apache) and windows systems. See more on this at:
www.xn--5dbdcf0e.tk
(this has an htpasswd file, so use username "login" and password "password" to see my resume)

If you are interested, feel free to contact me at drew[at]xn--5dbdcf0e[dot]tk