Jeff Yestrumskas Jeff Yestrumskas Wed, 21 Apr 2010 17:02:12 +0000 en-US hourly 1 Cross Site Scripting Anonymous Browser Defcon 17 Video Tue, 20 Apr 2010 10:51:48 +0000 Last year, Matt Flick and I presented at both Blackhat DC and Defcon 17 about our Cross Site Scripting Anonymous Browser (XAB for short). XAB allows for anonymous browsing fueled by sites vulnerable to XSS. The tool/framework really had no other purpose than to finish the statement of “wouldn’t it be neat if…”.

All in all, it was a fun research project to expand and extend unintended functionality present in web browsers in an interesting way.

Here’s a link to the video of our presentation at Defcon 17: XAB Defcon presentation video

XAB can be downloaded at


]]> 0
3m Privacy Guard Filter Review Wed, 03 Mar 2010 23:01:06 +0000 A while back, I reviewed the 3m Privacy Filter. I’ve re-posted it here primarily because I’m still very surprised it’s use is not nearly as widespread as it should be. This review shows photos of the 3m Privacy Filter from all angles so you can truly judge it’s efficacy.


Every telecommuter needs to leave the house sometime. Maybe to get some fresh air – maybe even get a little work done at a local coffee shop. While at the local coffee shop, sipping a latte, crunching numbers or authoring a book, you may get that uneasy feeling that you might not be the only one crunching your numbers. Do you prefer to refrain from putting your sensitive data on display for passersby and nosy onlookers? Have you seen the silly 3M commercials during the CNN morning news and are curious if the 3M Privacy Guard actually works?

If you answered “yes” to either of these questions, read on. The 3M Privacy Filter may be useful for you.

The 3M Privacy Filter is marketed towards those whose work may require using a laptop in public places. This includes telecommuters who prefer to work in a public wireless hotspot (era Bread) as
well as frequent business travelers who often work on sensitive information in airplanes and trains.

3M’s marketing literature makes many claims of its performance. In this review, I will attempt to verify or deny those claims. Additionally, I will offer input based on my usage of the 3m Privacy Filter over the past few months on a 15.4″ widescreen Macbook Pro.

The 3M Privacy Filter promises the following:

  • Narrowing of the viewing area so the screen data is visible only to those directly in front of the monitor
  • Performs without distortion
  • Reduces screen glare
  • Guards against scratches
  • Unobtrusive design does not interfere with speakers or monitor controls
  • Easy to attach and remove – can be left in place when laptop is closed

Overall design

The 3M Privacy filter mounts to the laptop screen with clear plastic mounting tabs with – you guessed it; 3m adhesive. There are a total of 3 tabs used during this installation. As suggested by the included mounting instructions, two were placed on each side of the screen and one at the bottom. After several months of use, the mounting tabs are still firmly attached and have not degraded in performance or aesthetic appeal. There is a small round cutout at the top of the Privacy Filter. This is to facilitate easy removal. While it is quite apparent in the photos, it is not a distraction. The largest issue with these mounting tabs is that the privacy filter bows inward when closing the laptop. This may be less of an issue with a smaller screen, however the behemoth 15.4″ Macbook Pro screen causes bowing in the filter upon closure. This bowing of the filter does not affect performance, but only presents its self as an annoyance when closing the laptop.

Item Performance

The pictures in this review were taken without a flash, as the screen was nearly 100% unreadable with a flash. In a full flash setting, glare is not reduced. In the real world, in actual sunlight, the screen also appears to increase glare – for both you and the snooping onlooker. For the targeted viewing angles, the screen data was nearly 100% invisible, but with only a slight increase in glare for the legitimate user. As demonstrated in the photos, the glare is extremely apparent for a snooping onlooker. This helps with the privacy effect.

In normal light settings with an individual sitting directly next to the laptop with the Privacy Filter applied, an extremely large percentage of the screen is invisible to the onlooker adjacent to the user. The filter does an excellent job of concealing the screen data. However, do not expect the Privacy Filter to work with individuals directly behind you! This drawback is most likely to occur when sitting in an aisle seat on an airplane. It is still possible to view some degree of screen data in this situation.

As mentioned before, the notch in the top left portion of the screen is to facilitate easy removal of the privacy filter for when it is not required.

3M states screen data is not distorted when viewed beneath the Privacy Filter. This claim is true, to a point. Screen data is not “warped”, however the screen is noticeably darker. Most documents have a white background, in which case this is not too negative of a factor. However if watching a darker movie, expect a decrease in brightness. Even in direct sunlight, the screen is still usable but this likely varies based on the quality of your laptop’s backlight.

The decrease in brightness is quite noticeable, but as with everything else, the trade-off between security and usability is omnipresent, like an overseeing deity of sorts.


While not perfect, the 3M Privacy Filter does live up to the majority of its claims. Due to its easily removable nature, it is best used when entering a public area in which the privacy and security of your screen data is at the largest risk. When privacy is not required, the screen is easily removed and stored in the provided packaging.

The 3M Privacy Filter was purchased at a retailer with a fairly liberal return policy. It has been several months, and I have no intention of returning the product for performance reasons. For the money (roughly $50), the 3M Privacy Filter is worth the security of knowing your screen data is viewable to only those within a certain radius.


  • Significantly reduces ease of snooping
  • Price


  • Screen can still be seen directly behind user
  • Slightly reduces brightness
  • Introduces a small amount of glare
  • Somewhat flimsy

Screen size availability:

Notebooks, Netbooks and Desktop LCDs: 10″ through 20″

Bottom Line

At $50 the 3M Privacy Filter it’s still a no-brainer for those who require confidentiality of their screen data in public. The 3M Privacy Filter is the only product in this price range in this space that performs this effectively.

Purchase the 3M Privacy Filter at

This is posted at the blog of Jeff Yestrumskas

]]> 0
Extreme Air Travel – Tips for the new Frequent Flier Mon, 02 Feb 2009 08:11:23 +0000 Spend less time getting there and more time there.

Over the past half-decade, I’ve logged hundreds of trips to various places throughout the country and internationally.  Averaging over 60 trips per year for 5 years, that’s at least 300 distinct flights.  For each trip, take the recommended 90 minutes to arrive prior to the flight and multiply that by 300 and thats got 27000 minutes or 450 hours or 18.75 days of _recommended_ waiting to do.  These numbers are also very conservative.  They don’t even take into account airport delays or sitting on the tarmac.  You really don’t have much control over sitting on the tarmac, but you can be productive.  Therefore, let’s tackle what we have some measure of control over and specifically the time that kills our productivity.  Remember, when it comes down to it, if you’re standing in a line, you’re probably wasting valuable time.

These tips are my personal collection of what I like to call “Extreme Air Travel”.  Note that some of these tips may make a timid individual uncomfortable or come across as anti-social and some of these do present a measure of risk to the traveler, but I assure you that these have all paid off at one point or another.

Starting off, there are some very obvious points to get out of the way.

  • Travel light – roll-aboard suitcase, briefcase and a coat are the maximum you should ever carry by yourself.
  • Wear shoes in which if it is necessary to run, you can do it.  However, a brisk pace may be all you ever need.
  • Do not check a bag unless absolutely necessary – this introduces too many variables.  Speed of bag check agents, number of bag check agents, number of open kiosks (assuming kiosks are working!).  Additionally, the “bag drop-off” areas are not necessarily quicker than a traditional check-in.  Their lines can be worse than check-in.  I have been burned there before.

Keep in mind, every second counts.  Think of every second you saved as time in the bank which can be used more productively.

Now, lets get into the good stuff.

Arriving 30 minutes prior to boarding can be more than enough time. 

  • Know the average wait times at the airport.  Do a little digging at and you will find a very nice matrix of airport wait times depending on the time and day.  Intelligence is key for extreme air travel.
  • Does the airport use a shuttle?  Take this into consideration.  Is it a huge airport you’re flying into?  Keep this in mind and plan accordingly.  Dallas-Fort Worth is large and may require a few more minutes than most.  Most terminals in Washington Dulles will force you to use the slow-moving people movers, though these are being phased out.
  • Since you’re rocking the carry-on, this means all liquids must be in a 3oz or less container.  However, you must realize the screeners are human and humans do occasionally make mistakes.  A 4.6oz plastic tube of toothpaste may make it through the x-ray machines without complaint every single time.  Whether or not this is truly a security violation is debatable.  You’re a business traveler and are probably do not possess the malicious intent the screeners are trying to detect anyway.
  • Always print your boarding pass.  Sometimes the lines to the kiosks are out of control depending on the airport and the time you arrive.

You can never wait a significant amount of time in a security line, ever.  Here are some things to do to avoid the sometimes inevitable line.

  • Apply for the program and use the clear-lines.  A pay service with fairly decent airport coverage.
  • Know the location of airport “expert lanes”.  Many major airports have these and they are often empty!  The lanes are designed primarily for business and seasoned travelers without children.  Check the airport website for information on these.
  • Know the location of “hidden” checkpoints.  Checkpoints off the beaten path are often empty – most infrequent fliers follow the crowd and create a bigger crowd.
  • Obtain airline status and use the Premium/Elite security lines.  You should be flying one airline program unless absolutely necessary.  Remember, 5 years of frequent flying can easily equal over 18 days of waiting in line.  Is that a good use of your time?  Your call.  Pay a little more if necessary and stick with one airline alliance program.  You will rack up elite status quickly and enjoy extremely short security lines at many airports.
  • Are you in the military?  If so, some airports will let you in the premium security lines.  ATL is one good example and you definitely want to be in the premium line there.
  • Another option is to pay for first or business class – that will work for the premium lines at nearly all airports.  However, it’s obviously costly and as mentioned above, there are cheaper ways to get into these lines.

Note that a premium/elite line may not exist at smaller regional airports.   The types of airports I’m talking about are those that utilize the same agent for check-in, gate management and directing the plane on the tarmac – no joke.  Fly United at GRB and you’ll see what I mean!

Managing delays effectively

Remember, you want to spend the least amount of time as possible at the airport.  Delay management is key, particularly when weather is in play.  Ground stops can be a frustrating experience, but why be frustrated at the airport?

  • Check flight tracking websites for delays or directly with the airline.  Remember that delays are not always estimated accurately.  With a little bit of information, you can make an informed decision on your game-plan.
  • Sign up for delay alert services with your airline.  Email on a smartphone is often times sufficient, but an SMS message may be quicker.  Some airlines also offer an option to call you.  All for free!  The more intel, the better.

If the flight is delayed, find out what the cause of the delay is.

  • Call the airline and speak to an agent.
  • Find out if the delay is because the plane is not there yet.  If the plane is not there yet, ask the agent where the flight is coming from and obtain that flight number.  Now you can track the incoming plane and plan accordingly.  This is one of my favorites, particularly when departing on the first leg of the trip.

Connection Management

Here are ways of dealing with connection issues, from least risky to riskiest.  There are often no security checkpoints to negotiate when connecting, but there sure is a good 5 plus minutes of time that can be lost while waiting for other passengers to deplane.

  • If you’ve got a tight connection or the first leg is delayed, ask the gate agent nicely if you can move to the front of the plane and in an aisle seat.
  • If it’s a packed plane and you weren’t able to obtain a seat in the front of the plane, now is not the time to be passive.  For those of you who are timid, be politely assertive and ask other passengers to let you by.  

The Vacation Saver

I hesitated to post this tip because of the risk and potential legality of the maneuver, but I’m not a lawyer and everyone’s individual risk appetite differs.  This is an absolutely last resort move that requires timing and quite a bit of luck to execute properly.  I call this the “vacation saver”.

Image this scenario.  Your travel itinerary is Washington DC to San Francisco (with a one hour layover) to Honolulu.  The plane leaving Washington DC is delayed 45 minutes and the captain is unable to make up any time in the air.  You know that the doors from your San Francisco to Honolulu flight will close 10 minutes prior to departure and that plane is on time.  That gives you exactly 5 minutes to make the connection.  Crucial time, especially if the plane is a large 767 and you’re sitting in the exit row in economy (that’s about 2/3rds towards the back of the plane).  Lots of plane in front of you, lots of passengers to get past.  Oh, and since this is a two-week vacation, you checked your bag (yes, that ignores the no-check rule, but hey, it’s hard to fit two weeks of Hawaiian shirts in a carry-on).

When a plane is rolling up to the jetway, there is often a very short lag time between when the plane stops completely and the captain turns off the fasten seatbelt sign, notifying passengers it is safe to get up and remove ones belongings from the overhead bins.  The very short window of a few seconds is enough time to get to the front of a plane before the passengers stand.  With your connecting boarding pass in hand, a brisk walk to the front of the plane during this window will save you valuable minutes, and potentially a night of enjoyment in the fine SF  airport if you missed the connection to paradise.

How does the story end?  After execution of the Vacation Saver, we were standing at the front of the plane and were greeted by the SF ground staff.  They asked folks in first class if anyone was going to Honolulu – since we were now standing up front with the first class folks, we heard this and understood the urgency.  The greeting agent said “It’s gate 82, you better run, they’re not holding the plane”.  If we hadn’t pulled the Vacation Saver, we may have been spending that night in SF and not in Hawaii.  Be warned, the Vacation Saver tool is labeled “Use only in case of emergency”, but alas, it is indeed a tool in the extreme air travel toolkit.

Rental Car Woes

  • Ask yourself if you really need to fill up before returning.  Once again, intelligence is your friend.  Know the cost for the rental company to fill up the rental car if you return it with an empty or partially empty tank.  Knowing this will allow you to make an informed decision if you are in a rush and really need to fill it up.  If they’re gouging you, maybe taking the time to fill it up is worth potentially missing a flight, or spending a few extra minutes at a gas station.  Risk vs. reward, make the call, and make it informed.
  • Is your flight the last of the day and you’re in a rush?  Seems like a pretty easy decision to me.  Leave slightly earlier… or don’t fill it up.
  • Rental car shuttle delays can be a pain, particularly in less busy times during off-hours.  If the shuttle to return to the airport is running on a 15 minute schedule and there are a few workers hanging around not doing anything, start a conversation with a worker.  It may turn out they are willing to take a car off the premises and drop you off at the terminal.


The most important and required aspect of Extreme Air Travel is the initial intelligence of not only the airport layout and procedures, but your individual flights and a large helping of common courtesy.  Being courteous to airport and airline employees, TSA screeners and fellow passengers goes a long way to your success.  With these three attributes and a generous helping of luck, your individual air travel experiences and particularly the time saved as a result will result in greater productivity and many hours saved in the long run.

]]> 0
2008 Penn State Football Schedule in iCal Format Mon, 25 Aug 2008 02:13:44 +0000 The Internet is great. When a need to fill a personal information vacancy exists, it is often times filled and then shared.

Since nobody has created an iCal calendar for the 2008 Penn State football season, I put one together. While some of the kickoff times and television stations for the games are not known yet, those will be updated as information becomes available.

To download the 2008 Penn State football season schedule in iCal format, click here. You may need to right-click and save the document instead.


]]> 0
Groundbreaking ANSI Art Show – January 12th – San Fran, CA Fri, 04 Jan 2008 04:44:27 +0000 Allow me to present some background of the history of ANSI art and why it may be interesting. Back before we had Facebook, MySpace, Google; before the dot com boom and bust, before DSL and cable modems, even before Yahoo, before Internet access was readily available, there were still many diehard nerds communicating online with dial-up modems. Instead of calling NetZero, Netcom or Earthlink, we were connecting and communicating through hobbyist-run Bulletin Board Services (BBS). BBS’s existed as early as the 1970s, but gained popularity in the 1980s and peaked in the early 1990s.

A BBS is a text-based piece of software often run on a PC with one or more modems that allows users to dial-in and participate in message forums, play games and transfer software. Wow, it sure sounds like the Internet, but with text only. Most BBS’s operating solely with ASCII and ANSI character sets on DOS-based VGA (16 colors!) terminals, which meant scrolling, blocky text. This was not pixelated, this is what we had to work with. The words drab, boring, void of anything aesthetically pleasing may come to mind.. Not so fast. Aspiring and inspiring artists were able to transform this seemingly eternally bleak text-based environment into something magical. Using the 16 available colors, some amazing art was integrated into the BBS environments.

This art, known as ANSI art is something that grew solely out of necessity, something that could only have existed within the medium created by the personal computer boom of the late 1980s and early 1990s.

This art was viewed during the BBS experience in the homes. Many ANSI artists part of the BBS communities were of the same demographic and settings – teenagers addicted to computers at a very young age; myself included. The ANSI art scene grew rapidly and soon “groups” had formed, and released ANSI art packs under pseudonyms on a regular basis.

The ANSI art scene nearly faded into oblivion as the BBS era was almost in it’s grave due to the Internet explosion in the mid 1990s and beyond. To this day, ANSI art packs are still released, and great archives of these artifacts exist.

A friend of mine, Kevin Olson is holding an ANSI art show at 20 goto 10 gallery in San Francisco. Kevin will be featuring ANSI art by some of the most famous artists, Lordjazz and Somms. Kevin really went all-out with this show. He will be using terminals which scroll ANSI art to ensure the art is displayed as originally intended. This is going to be a great event, and I already know many folks who are traveling from all over the country to attend.

For now, to get your ANSI art fix in, take a look at some of the packs found on

For further reading on BBS’s and the culture, their history and a great archive of works produced take a look at Jason Scott’s Jason has also produced a wonderful BBS Documentary DVD set which documents the many niches and subcultures (hacking, phreaking, anarchy, virii, ANSI art) found in the BBS scene of the past.

]]> 0
Similarities between cryptography and censoring non-text Wed, 14 Nov 2007 03:46:14 +0000 One of the intrinsic values of the internet is the ability to easily distribute information on a wide scale with little effort. Perhaps paramount is the contributers ability to modify, alter and control this information; to be selective and pick and choose the information distributed. This holds not only true for works of text, but visual works, such as video and the most pervasive format, still images. In this posting, I will attempt, in laymen terms, to compare cryptography of textual messages with censoring still visual data (images, documents). I will present real world examples used to remove encoding or censorship of visual data to support this comparison.

Often times when an individual choses to distribute an image on a wide-scale in a public forum, or even distribution to a more focused and trusted group, there may be aspects of an image that the creator may wish to remove or sanitize. Examples include checks with account numbers, receipts with credit card numbers, faces, people, places, etc. This is typically accomplished by blurring, or otherwise applying a filter, technique or method to the sensitive information within the image. However, time and time again, these methods are not nearly as successful as the creator of the work likely intended.

The (over)use of parenthesis and multiple similar words strung together by “or” and “and” is to reach a wider audience without confusing a reader that is unfamiliar with cryptography. The intent is also to keep the interest of a more technical user familiar with cryptography concepts by presenting an interesting parallel. A reader possessing knowledge of cryptography that is greater than that of the average bear will likely appreciate the elegance between an automated approach to obfuscating portions of non-text visual data and plain-text cryptography. Those that do not have a strong crypto background will hopefully gain an appreciation for cryptography and it’s similarities in image manipulation.

The goal of the next paragraph is to make an extremely simple and understandable comparison between cryptography of text and filtering of portions of an image deemed sensitive.

Simply put, cryptography with a key known by both the transmitting and receiving parties is likened to a mathematical formula – think German Enigma machine. If the receiving party understands which modifying function (or secret key) was used to make the original data unreadable, then the receiving party can view or access the original data. Now, let’s apply this to an image filter. If the receiving party knows the modifying function/method (or secret key) used to make the portion of the image unreadable (from blurring, swirling, or pixelation), then the receiving party can view or access the original data.

Decrypting cryptography is accomplished by three methods.

  • A flaw within the cryptographic algorithm itself – a mistake within the fundamental methods of cryptography chosen that defeats the difficulty of deciphering cryptography because it was built incorrectly
  • Brute force – trying every possible key combination against the cryptographic algorithm until one works
  • Knowing the key – understanding the appropriate values to correctly decipher the encoded message

Now, let’s associate the three previous methods of decrypting text/data to decoding/deciphering data that is not in a plain text format. Let’s keep in mind that an image is simply a collection of numbers.

  • Break image obfuscation with a flaw in the obfuscation method: Around the click of the new millennium, the New York Times published a secret/classified report they obtained (found here on their website) regarding an attempt by the CIA to overthrow the government of Iran. The New York Times, with the goal and motivation of publicity and increasing circulation in mind (the greater the circulation, the greater the ad revenue), decided to publish this document. In an attempt to protect the families of the agents involved in the operation, the N.Y.T. blacked-out the names of those agents. However, the flaw in the method used to render the data unreadable allowed individuals with a slower computer to view the names of the agents. This was widely publicized by Moral of the story? Don’t censor sensitive data with the digital equivalent of a piece of painters tape. You can see other examples of the PDF document abuse listed here. This method is obviously flawed, and allows individuals to view sanitized data originally thought to be safe.

A flaw in the method chosen for data censoring is akin to a fundamentally flawed encryption algorithm (such as DES).

  • Break the method of obfuscating an image by trying all possible combinations of the techniques used to obfuscate the selected portion of the image. An image is merely an array, matrix, spreadsheet or collection of pixels (dots) that have a numerical value. By applying the same mathematical function to a specific subset of those… dots… (with pauses emphatically added), the hidden or obscured portion of the image can be viewed. Real world examples of this include blurring account numbers on a credit card or scanned document and claiming the scanned image to be safe. By taking values of the pixels (dots), applying all possible sequences of likely mathematical formulas (i.e. the single mathematical formula that occurred during the blurring) to those values and converting the resulting values to an image, you will then have something to visually compare to the original obfuscated image. If there is a visual match between the original image and the modified (blurred) image, then the key or formula that created the end result is the key or formula that was used against the original data. This technique is demonstrated in a visual fashion here.

Attempting all possible keys or blur techniques and comparing the results is equivalent to brute forcing all possible passwords required to decrypt an encrypted document.

  • Possess the knowledge of the key, or method of obfuscation. Consider applying a swirl filter with the intention to obfuscate portions of an image. The most famous real-world example in recent history is that of a notorious serial pedophile who was apprehended due to efforts put forth by Interpol. The criminal wanted to demonstrate to his social circle in an anonymous fashion, that he was legitimately a pedophile (don’t ask why, I’m not a psychologist). As such, he posted pictures of himself with young children, but used a “swirl” filter on his face. The second picture in the photo gallery on the AOL news site demonstrates the “after” and “before” photos. Now let’s think, if one twists the pixels in an image clockwise in an attempt to alter a portion of a photograph unreadable, what is preventing a counter-clockwise rotation of the pixels in an image?

The swirl technique is the key, apply the swirl technique appropriately (in reverse), and you have the original image.

Each of these examples demonstrates a somewhat simple parallel between an action, filter or technique of obfuscating or encoding image-like data and rendering plain text (a la German Enigma machine) unreadable with cryptography. What can we take away from this simple parallel of plain-text encryption and image obfuscation? If one is to reproduce and censor or redact portions of an image or image-like data, ensure that the method chosen is mathematically irreversible or not defeated by a weakness in the method chosen – much like a smart choice of cryptography.

]]> 0
SSL Squid Proxy with PAM Authentication Wed, 31 Oct 2007 22:03:11 +0000 I know plenty of folks who travel frequently, and a common concern for a security conscious frequent flier is the confidentiality of web access. I wrote the SSL Stunnel Squid PAM HOW-TO to address these concerns.

The HOW-TO is written from a general perspective and is considered a living document. Additions and modifications will occur on a regular basis.

]]> 0