Resume/CV for Philip Stoev
Business
card
|
Born:
|
May,
1980
|
|
Status:
|
QA Enginner at MySQL AB |
|
Web:
|
www . stoev . org
|
|
Email:
|
philip @ stoev . org
|
|
Phone:
|
+359 887 589 414 |
|
ICQ:
|
23465869
|
|
Location:
|
Sofia,
Bulgaria |
Employment
|
Currently
|
QA Engineer at MySQL AB
|
|
1999 - 2007 |
Software
Developer at a secretive Los Angeles-based company |
|
1998
1999
|
Customer
support engineer and web designer at EuroIntegra Ltd, Sofia
|
Education
|
1998 2004
|
Sofia
University
Majoring in Archeology and Philosophy
|
|
1993
1998
|
American
College of
Sofia High School
|
Languages
- English
- A lot of Perl and some VisualBasic, C and C++
- SQL
- Some Russian and Spanish
Overview
- Stealthy web spidering of heavily protected sites;
Custom UserAgents for interaction with specific sites;
- Custom proxy servers for content manipulation, advanced cookie and IP address
management;
- Protections against credit card fraud and web site spidering;
- Penetration testing and security audits of web applications and
internet-enabled desktop software;
- Microsoft Access database and interface design geared towards fast data input
on cheap hardware, like
this one
Deployment is expected to reach 100 000 records and
up to 10 remote workstations by the end of 2002.
- Remote Linux administration
Maximum deployment - over 15 servers, peak
aggregate HTTP/HTTPS spidering traffic in the 300 Mbit/sec range;
- Apache/MySQL/Perl servers and applications.
Maximum deployment - over twenty tables in
several databases, a dozen million records on several dozen
hosts;
- Regular expressions, parsers, lexers and yacc grammars
I write native mod_perl handlers, XS glues,
and some C and C++.
I do custom-hacked indexes and on-the-fly
construction of
complex
SQL statements. I also profile my code
heavily.
I am also somewhat active in
hacking the MySQL server, and have some
small bugs and patches.
Selected software
-
DBIx::MyParse - Perl module providing direct access to the MySQL SQL parser.
- DBIx::MyServer - Server-side implementation of the MySQL protocol
- Perl HTTP
client library, featuring, among many other things:
. very low CPU overhead per request - an order of magnitude faster
than libwww-perl (LWP);
. fully non-blocking implementation, including non-blocking SSL; DNS
cache
. single-process, single-thread handling of hundreds of simultaneous
connections
. keep-alive and HTTP compression,
pre-spawned
TCP connections
.
cached SSL
sessions and
peer certificate validation
. partial and headers-only downloads, even if not supported by web server
. completely human-like handling of HTTP forms and branching of requests with
multiple cookie jars
. set of support tools, including Apache proxy modules for SSL decryption
and selection of outgoing interface
. VM-like scheduler that delivers hundreds of thousands of requests at
individual pre-determined times
. automatic structured dumping of requests and responses to a mix of SQL
database and filesystem storage
.
extremely efficient compression for similar HTML files
. packet-level TCP and SSL optimizations
- "The System" low-budget, high-speed
entry and aggregation of archeological data on low-end machines.
- ELZA scripting language and Perl module for automating user interaction and spidering of web sites, including the ability to
brute-force and dictionary-attack cookies, URLs, HTTP headers and other
elements inaccessible to ordinary cracking software.
- Radio recording of FM radio
broadcasts from the air and converting them into downloadable MP3 files.
-
StudyWizard
Freeware SAT & TOEFL vocabulary preparation package. Over 10 000 downloads
in 1999 alone.
-
Custom
spiders for the Wall Street Journal, South China Morning Post, Yahoo! Launch, MSN Music, Hotmail, Yahoo!
Mail, Lycos Mail, MusicMatch Radio, RealNetworks Listen.com Rhapsody and others.
Conferences
-
MySQL Developer Meeting 2007
- Heidelberg
-
YAPC Europe
2007 - Vienna, hopefully as a speaker
-
MySQL Conference And Expo - California
-
YAPC Europe 2005 - Portugal
Vulnerable sites
and web-enabled applications
RealNetworks Live Rhapsody - client can be completely compromised up to
the point where it will download, play, and burn to CD any full-length song from
the service in any order without active subscription and without paying the
per-track CD burning fee.
MSN Music and Yahoo!
Launch - vulnerable to arbitrary free downloading of full-length music albums
from a service that only offers paid pre-defined playlists.
MusicMatch JukeBox -
a fake client for the radio service can be
built that will go over the playlist and download and store the MP3 files being
offered for playback.
Lycos (http://www.lycos.com) -- improper handling of
attachments in Lycos' Web Mail allowed attackers to read other people's
attachments, as well as some files from the web server.
Netaddress.com/usa.net
-- improper handling of attachments allowed attackers to steal files from the
server and flood other people at usa.net's expense.
eGroups (http://www.egroups.com)
- anyone had the ability to moderate discussion groups by sending emails with
specially formatted recipients;
MSN Hotmail (http://www.hotmail.com) -- improper handling
of attachments allowed attackers to flood other people, using Hotmail as
traffic amplifier;
eGroups (http://www.egroups.com) - never-changing
cookie used for authenticating customers which enables the cookie to be
brute-forced over a long period of time, even if password is changed during or
after the attack;
MSN Hotmail (http://www.hotmail.com) - Hotmail does not do
strict referrer checking, which enables malicious web sites to freely provide
functionality to log in into a Hotmail account, while intercepting credentials
and resulting cookies;
ValueClick (http://www.valueclick.com) -
username/password pairs were stored in the URLs that resulted in them appearing
in the referrer field of web server logs.
Hypermart (http://www.hypermart.net) - Hypermart
members can suppress the display of Hypermart banner advertisements on their
web pages;
Vulnerable software
MySQL - if the federated table handler engine is enabled, a special SQL
query can render the server irresponsive or crash it.
The Complete New Yorker DVD Set - client can be completely compromised,
allowing every issue to be converted to PDF without the presence of the original
DVDs. Custom clients and web interfaces can be built.
Netscape Communicator 4
simple JavaScript causes opening a mail compose window with a big amount of
recipients, thus causing Netscape 4.6 for Windows to crash;
Microsoft Outlook Express
5 specially formatted .VCF v-card attachment causes Outlook to crash,
consuming CPU resources at 100%;
ICQ ICQ with web server
functionality enabled crashes when receiving a specially formatted URL;
Microinvest TimeShield (http://www.microinvest.net/)
Functionality for restricting access to computers in public environments could
be completely bypassed in several unrelated ways.
Ultimate Bulletin Board
(http://www.infopop.com)
Anyone can overwrite local files and gain administrator and moderator
privileges.
Публикации
BG: Linux v/s Microsoft,
Култура, брой 24, 13
юни 2003 г.
За Буш,
неговата
война и
нашите
протести, Култура,
брой 16, 18 април 2003
г.
Империализмът
отвръща на
удара, Литературен
вестник,
брой 13, 2003 г.
Моторни
песни, Литературен
вестник,
брой 29, 18
септември 2002 г.
Дневник,
Литературен
вестник, брой
3, 23 януари 2002 г.
По
клубовете, Литературен
вестник, брой
12, 27 февруари 2002 г.
