DOCSLIB.ORG

MAUI Inventory: Vulnerability Discovery and CNE Development SEPTEMBER 01, 2009 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
MAUI Inventory: Vulnerability Discovery and CNE Development SEPTEMBER 01, 2009 2 MAUI Inventory: Vulnerability Discovery and CNE Development SEPTEMBER 01, 2009 2 TABLE OF CONTENTS Executive Summary………………………………………………………. 3 About MAUI…………………………………………………………………. 4 About CORSICA……………………………………………………………. 5 MAUI Inventory.……………………………………………………………. 6 PROPRIETARY AND CONFIDENTIAL 3 Executive Summary This document provides information on the MAUI and CORSICA products and the vulnerability discovery and exploit development produced from these offerings. In addition, the current MAUI inventory is described at a high level on each capability. Product demonstrations are available upon request. Endgame Systems leverages its world-class capabilities in the fields of computer vulnerability research and global network awareness to enhance the overall Network Warfare capability of United States intelligence and military organizations. PROPRIETARY AND CONFIDENTIAL 4 About MAUI Maui is a program that produces software deliverables for high-value, reliable and non- public (zero-day) NetA and CNE software packages. These deliverables provide access vectors via software vulnerabilities in Web applications, client-side applications, server-side applications, and embedded systems. The Endgame Systems’ Vulnerability Development Lifecycle (VDL) drives the process used for discovery of software vulnerabilities leading to robust CNE capabilities. The VDL provides a framework for processing discovered vulnerabilities through to completed products. The stages of the VDL are as follows: STAGE 0 POTENTIAL: TARGET APPLICATION CRASHING RELIABLY STAGE1 PROBABLE: RELIABLE MEMORY CORRUPTION STAGE 2 CONFIRMED: RELIABLE CODE EXECUTION STAGE 3 STABLE: RELIABLE EXPLOITATION STAGE 4 ROBUST: 100% RELIABLE ON ALL SUPPORTED PLATFORMS PROPRIETARY AND CONFIDENTIAL 5 About CORSICA Corsica is an active reconnaissance project enabling the discovery and identification of vulnerable web applications and web enabled devices in use on the Internet. A web application may be defined as a computer software application written in a browser- supported language (such as HTML, Javascript, Java, etc…) that is access on a web server and rendered executable by the web browser. Web applications are typically softer targets from a vulnerability research and discovery perspective than the underlying web server (Apache, IIS, etc.) and are a pragmatic way of gaining access via exploitation than targeting the underlying web server software itself. One of the focuses of MAUI has been web applications based on the discovery of indigenous web applications via Corsica. The web applications identified by Corsica are applied in two ways: • Seeding MAUI vulnerability discovery and analysis into indigenous web applications deployed around the world as well as those products that have high levels of deployment based on Corsica web crawls. • Correlated against publicly disclosed vulnerabilities The resulting Corsica deliverables are a data feed of intelligence gleaned from correlating known and unknown vulnerabilities to fingerprinted web applications currently in use around the world. Discovery Management Framework Crawl Data Seeding Crawling Collecon Web Port Central Storage Web Spidering Scanning for Analysis SSL Cerficate Signature BaseD Link Analysis ExaminaGon Analysis Passive DNS Correlaon PROPRIETARY AND CONFIDENTIAL 6 MAUI Inventory Current as of September 01, 2009 Application Type Current Inventory Count Client Side Applications 07 Embedded Systems (Not all proDucts displayed) 04* Webmail / Mail Servers (Web Applications) 06 Social Networking / Online Blogs anD Forums (Web Applications) 12 Content Management Systems (CMS) (Web Applications) 20 AdDitional Web Applications 05 TOTAL Count 54 Client Side Applications Application Product VDL Stage Description Type Conficker Worm Malware 3 - Stable The Conficker/Downadup worm rapidly spread to millions of systems throughout 2009 and continues to spread. The malware left behind (Variants A/B) is vulnerable to a stack based buffer overflow. http://www.microsoft.com/security/worms/conficker. aspx Internet Web 3 - Stable Internet Explorer is the world's most popular web Explorer Browser browser with nearly 70% global market share. It is an integral part of the Windows Operating System shipping as the default browser. It contains a vulnerability that is exploitable on the Stack or the Heap allowing for reliable exploitation. http://www.microsoft.com/windows/internet- explorer/default.aspx Mozilla Firefox Web 4 - Robust RUBICON is an Endgame Systems developed browser (RUBICON Browser exploitation technique that allows for Internet Technique) Explorer MSIE vulnerabilities to be exploitable via Mozilla Firefox on WinDows based systems. http://www.mozilla.com/firefox Maxthon Web 3 - Stable Maxthon is a China-baseD, closeD source freeware Browser Browser alternative browser to Internet Explorer that runs on Microsoft Windows. It is popular in China boasting approximately 30% of the browser market share in China. It is vulnerable to a stack based buffer overflow allowing reliable exploitation. http://www.maxthon.com/ Adobe Reader 8 PDF Reader 1 - Probable Early stage potential memory corruption http://www.adobe.com/ Adobe Reader 9 PDF Reader 1 - Probable Early stage potential memory corruption PROPRIETARY AND CONFIDENTIAL 7 http://www.adobe.com/ Adobe Reader / PDF Reader 3 - Stable ADobe ReaDer anD Acrobat Pro 7, 8, anD 9 are Pro 7, 8, 9 vulnerable to a heap overflow that exists in a default component that cannot be disabled through any normal means. It can be exploited in a very targeted way ranging from Windows XP to Windows 7. The shell code currently handles restoration of the heap post exploitation. http://www.adobe.com/ Embedded Systems (Not all products displayed) Application Product VDL Stage Description Type Huawei Router 2 - Huawei Quidway routers are produced by Huawei Quidway ConfirmeD Technologies Co. Ltd. which is the largest supplier of network and telecommunications equipment in China. These routers are vulnerable to a heap based buffer overflow allowing for a reliable denial of service (DoS) and potential remote code execution. http://www.huawei.com Webmail / Mail Servers (Web Applications) Application Product Type VDL Stage Description NJStar Communicator Multilingual 2 - ConfirmeD NJStar Communicator contains a stack Viewer, EDitor, based buffer overflow allowing for remote includes SMTP compromise. Server http://www.njstar.com Winmail Server Enterprise Mail 4 - Robust Winmail Server is an enterprise class mail Server server used extensively in China. It offers the flexiblity of webmail access anD boasts of robust features and extensive security measures. It is vulnerable to an unsafe variable evaluation via the webmail interface that allows for reliable exploitation requiring no authentication. http://www.magicwinmail.net SocketMail Webmail 3 - Stable SocketMail is vulnerable to a SQL Injection Application issue that allows arbitrary database access resulting in complete access to all email in the database. http://www.socketmail.com PROPRIETARY AND CONFIDENTIAL 8 OpenWebmail Webmail 3 - Stable OpenWebmail contains a number of Application vulnerabilities that used together allow access to authenticated user's email account. The primary attack vector is via static cross-site scripting embedded in the body of an email. http://openwebmail.org/ BlueMamba Webmail 3 - Stable BlueMamba is a webmail application and Application is vulnerable to a local file inclusion vulnerability that allows for remote exploitation. http://www.ohloh.net/p/bluemamba iGENUS Webmail 3 - Stable iGENUS is a webmail systems that is Application vulnerable to SQL Injection leading to database arbitrary and file system access. http://www.igenus.org/en/index.html Social Networking / Online Blogs and Forums (Web Applications) Application Product Type VDL Stage Description Serendipity Extensible Web Blog 4 - Robust Serendipity is a web blog product that is vulnerable to a design flaw that allows for reliable exploitation. http://www.s9y.org FlatPress Extensible Web Blog 3 - Stable FlatPress is a web blog system that is vulnerable to a file inclusion vulnerability that allows for access to server resources or allow for arbitrary PHP code execution. http://www.flatpress.org/home LoudBlog Extensible Web Blog 3 - Stable LoudBlog is vulnerable to a design error allowing for authentication bypass. http://www.loudblog.com WordPress Extensible Web Blog 3 - Stable WordPress is a web blog system that is vulnerable to SQL Injection on systems with multi-byte character sets. Due to the nature of WordPress the execution of arbitrary PHP code is possible. http://wordpress.org IPBoard Extensible Web Forum 4 - Robust IPBoard is a web forum proDuct that is vulnerable to input filtering issues that may allow for the remote execution of arbitrary PHP code. http://www.invisionpower.com PROPRIETARY AND CONFIDENTIAL 9 MolyX Extensible Web Forum 3 - Stable MolyX is an indigenous Chinese web forum proDuct that is vulnerable to SQL Injection allowing arbitrary database access. http://www.molyx.com PHPizabi Social Networking 4 - Robust PHPizabi is a Social Networking Platform Platform that is vulnerable to a high risk SQL Injection issue that allows for arbitrary PHP coDe execution. Open source Social Network platforms are popular in regions of the world where the primary western Social Network sites are blocked. http://www.phpizabi.com Pligg Social Networking 3 - Stable Pligg is vulnerable to SQL Injection that Platform may be escalated into PHP code execution. http://www.pligg.com
Load more

Recommended publications
  • SEO Footprints
    SEO Footprints Brought to you by: Jason Rushton Copyright 2013 Online - M a r k e t i n g - T o o l s . c o m Page 1 Use these “Footprints” with your niche specific keywords to find Backlink sources. Some of the footprints below have already been formed into ready made search queries. TIP* If you find a footprint that returns the results you are looking for, there is no need to use the rest in that section. For example if I am looking for wordpress sites that allow comments and the search query “powered by wordpress” “YOUR YOUR KEYWORDS” returns lots of results there is no need to use all of the others that target wordpress sites as a lot of them will produce similar results. I would use one or two from each section. You can try them out and when you find one you like add it to your own list of favourites. Blogs “article directory powered by wordpress” “YOUR YOUR KEYWORDS” “blog powered by wordpress” “YOUR YOUR KEYWORDS” “blogs powered by typepad” “YOUR YOUR KEYWORDS” “YOURYOUR KEYWORDS” inurl:”trackback powered by wordpress” “powered by blogengine net 1.5.0.7” “YOUR YOUR KEYWORDS” “powered by blogengine.net” “YOUR YOUR KEYWORDS” “powered by blogengine.net add comment” “YOUR YOUR KEYWORDS” “powered by typepad” “YOUR YOUR KEYWORDS” “powered by wordpress” “YOUR YOUR KEYWORDS” “powered by wordpress review theme” “YOUR YOUR KEYWORDS” “proudly powered by wordpress” “YOUR YOUR KEYWORDS” “remove powered by wordpress” “YOUR YOUR KEYWORDS” Copyright 2013 Online - M a r k e t i n g - T o o l s .
    [Show full text]
  • Phpbb to Vbulletin Converter Download
    phpbb to vbulletin converter download phpbb or vBulletin? When I started up my site, I obviously installed a phpBB2 forum, which I then saw as a very powerful solution compared to the other free forums. I was happy with the installation for a good while, installing more MODifications and styles as I went: you wouldn't believe how much time I spent on it. Suddenly, at the beginning of this month, my site saw a pretty big jump in traffic. Forum user count went from 33 to 177 in just 3 weeks! Many of these users acually post frequently, and since I put up some google ads on one of my other sites, I decided to try out vBulletin, thinking it had some better moderation and profile features in excange for speed, style, and easy of use. Well, I finally decided to buy it one day: a perpetual license for $160, and I can say I am a bit more more than very pleased :lol:! The backend is huge, yes, but everything is nicely organized and virtually any aspect of the board can be modified. There are endless options compared to phpBB2, and I am very happy with my switch. vB is also pretty fast and easy to use regardless of the features. So basically, I find vBulletin to be the best forum solution, far better than IPB as well. Also, the conversion went very smoothly, and you can see my wonderful new forum at http://themotec.com/Forum. The phpBB team is currently working on phpBB3, which will be a much more easy-to-use version of, basically, vBulletin, with some of the very detailed features not available, and with a completely different style.
    [Show full text]
  • Evaluation Metric Boardsearch Metrics: Recall - C/N, Precision C/E
    Overview • Forums provide a wealth of information • Semi structured data not taken advantage of by popular search software Board Search • Despite being crawled, many An Internet Forum Index information rich posts are lost in low page rank Forum Examples vBulletin •vBulletin • phpBB •UBB • Invision •YaBB • Phorum • WWWBoard phpBB UBB 1 gentoo evolutionM bayareaprelude warcraft Paw talk Current Solutions • Search engines • Forum’s internal search 2 Google lycos internal boardsearch Evaluation Metric boardsearch Metrics: Recall - C/N, Precision C/E Rival system: • Rival system is the search engine / forum internal search combination • Rival system lacks precision Evaluations: • How good our system is at finding forums • How good our system is at finding relevant posts/threads Problems: • Relevance is in the eye of the beholder • How many correct extractions exist? 3 Implementation • Lucene Improving Software Package • Mysql • Ted Grenager’s Crawler Source Search Quality • Jakarta HTTPClient Dan Fingal and Jamie Nicolson The Problem Sourceforge.org • Search engines for softare packages typically perform poorly • Tend to search project name an blurb only • For example… Gentoo.org Freshmeat.net 4 How can we improve this? Better Sources of Information • Better keyword matching • Every package is associated with a • Better ranking of the results website that contains much more detailed • Better source of information about the information about it package • Spidering these sites should give us a • Pulling in nearest neighbors of top richer representation
    [Show full text]
  • Appendix a the Ten Commandments for Websites
    Appendix A The Ten Commandments for Websites Welcome to the appendixes! At this stage in your learning, you should have all the basic skills you require to build a high-quality website with insightful consideration given to aspects such as accessibility, search engine optimization, usability, and all the other concepts that web designers and developers think about on a daily basis. Hopefully with all the different elements covered in this book, you now have a solid understanding as to what goes into building a website (much more than code!). The main thing you should take from this book is that you don’t need to be an expert at everything but ensuring that you take the time to notice what’s out there and deciding what will best help your site are among the most important elements of the process. As you leave this book and go on to updating your website over time and perhaps learning new skills, always remember to be brave, take risks (through trial and error), and never feel that things are getting too hard. If you choose to learn skills that were only briefly mentioned in this book, like scripting, or to get involved in using content management systems and web software, go at a pace that you feel comfortable with. With that in mind, let’s go over the 10 most important messages I would personally recommend. After that, I’ll give you some useful resources like important websites for people learning to create for the Internet and handy software. Advice is something many professional designers and developers give out in spades after learning some harsh lessons from what their own bitter experiences.
    [Show full text]
  • Locating Exploits and Finding Targets
    452_Google_2e_06.qxd 10/5/07 12:52 PM Page 223 Chapter 6 Locating Exploits and Finding Targets Solutions in this chapter: ■ Locating Exploit Code ■ Locating Vulnerable Targets ■ Links to Sites Summary Solutions Fast Track Frequently Asked Questions 223 452_Google_2e_06.qxd 10/5/07 12:52 PM Page 224 224 Chapter 6 • Locating Exploits and Finding Targets Introduction Exploits, are tools of the hacker trade. Designed to penetrate a target, most hackers have many different exploits at their disposal. Some exploits, termed zero day or 0day, remain underground for some period of time, eventually becoming public, posted to newsgroups or Web sites for the world to share. With so many Web sites dedicated to the distribution of exploit code, it’s fairly simple to harness the power of Google to locate these tools. It can be a slightly more difficult exercise to locate potential targets, even though many modern Web application security advisories include a Google search designed to locate potential targets. In this chapter we’ll explore methods of locating exploit code and potentially vulnerable targets.These are not strictly “dark side” exercises, since security professionals often use public exploit code during a vulnerability assessment. However, only black hats use those tools against systems without prior consent. Locating Exploit Code Untold hundreds and thousands of Web sites are dedicated to providing exploits to the gen- eral public. Black hats generally provide exploits to aid fellow black hats in the hacking community.White hats provide exploits as a way of eliminating false positives from auto- mated tools during an assessment. Simple searches such as remote exploit and vulnerable exploit locate exploit sites by focusing on common lingo used by the security community.
    [Show full text]
  • GSA SER Supported Engines
    GSA SER Supported Engines 1. AltoCMS-LiveStreet 2. Article Beach 3. Article Dashboard 4. Article Friendly Ultimate 5. php Link Article 6. php Link Article-Login 7. Press Release Script 8. SupeSite 9. YAD 10. Article Directory Pro 11. Article Friendly 12. Article Script 13. ArticleMS 14. BuddyPress 15. Catalyst Web CMS 16. Drupal - Blog 17. esoTalk 18. Joomla - Blog 19. Joomla K2 20. Moodle 21. Open-Reality 22. OSQA 23. PHPMotion 24. Question2Answer 25. UCenter 26. vBulletin - Blog 27. Wordpress Article 28. XpressEngine 29. Zendesk 30. Blogspot 31. Blogspot.es 32. Drupal - Comment 33. General Blogs 34. JComments 35. KeywordLuv 36. Lokomedia CMS 37. OrdaSoft Review 38. PrismoTube 39. ShowNews 40. Storytlr 41. Textcube 42. BlogEngine 43. Bravenet Comment 44. PHP Fusion Comment 45. Rocketeer CMS 46. SPIP 47. Aardvark Topsites 48. Astanda Directory Project 49. AxsLinks 50. cpDynaLinks 51. Directory97 PRO 52. DirectoryScript 53. EasyLink 54. FFA 55. Fractalum 56. HubDir 57. IndexScript 58. JV-LinkDirectory 59. Link Machine 60. LINKER 61. LinkEX 62. Mikomedi 63. Moje 64. MyPHPAnnuaire 65. Particle Links 66. php Link Directory-Login 67. PHP Link manager 68. phpLinks 69. Scanerlink PRO 70. SEOKatalog 71. Site Sift 72. Unesourisetmoi 73. Unknown Directory 2 74. Unknown Directory 3 75. Unknown Directory 4 76. Unknown German Directory 77. Unknown Polish Directory 78. VLinks 79. WebMini 80. XZero Classified 81. eSyndiCat 82. Freeglobes 83. indexU 84. jobberBase 85. kohany 86. Link Bid Script 87. MyEngines 88. Open Classifieds 89. Open Link Directory 90. Otwarty.pl Mini 91. php Link Directory 92. PHP Weby 93. qlWebDS Pro 94.
    [Show full text]
  • Our Exploit Acquisition Program
    (https://zerodium.com) Home (https://zerodium.com) For Researchers (https://zerodium.com/program.html) For Clients (https://zerodium.com/solutions.html) Careers (https://zerodium.com/careers.html) About Us (https://zerodium.com/about.html) Our Exploit Acquisition Program ZERODIUM ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market. Eligible Research ZERODIUM is currently acquiring zero-day exploits affecting the following products: Operating Systems Remote code execution or local privilege escalation: - Microsoft Windows 10 / 8.1 - Apple macOS 10.x - Linux (CentOS, Ubuntu, Tails) - VM Escape (VMware WS / ESXi) Web Browsers Remote code execution, or sandbox bypass/escape (if any), or both: - Google Chrome - Microsoft Edge - Mozilla Firefox / Tor - Apple Safari Clients / Readers Remote code execution, or sandbox bypass/escape (if any), or both: - MS Office (Outlook/Word/Excel) - Mozilla Thunderbird - PDF Readers (Adobe / Foxit) - Adobe Flash Player Mobiles / Phones Remote code execution, or privilege escalation, or other vulnerabilities: - Apple iOS 11.x/10.x - Android 8.x/7.x/6.x - BlackBerry 10 - Windows 10 Mobile Web Servers & Related
    [Show full text]
  • Adam Romig [email protected] • Romig.Dev • Linkedin.Com/In/Adamromig
    Full-Stack Developer Adam Romig [email protected] • romig.dev • linkedin.com/in/adamromig Skills Education Programming Associate Degree in Applied Business HTML, CSS, Sass, JavaScript, PHP, C#, Bash, PowerShell Programming & Software Development University of Toledo • 2009 Frameworks ASP.Net, WebForms, WebAPI, Vue.js Certificate in Web Design University of Toledo • 2010 Databases & APIs T-SQL, mySQL, GraphQL, SSIS, Entity, LINQ Certifications ITIL v3 Foundations • 2009 Tools Visual Studio, VS Code, Git, Photoshop Work Experience Tech Support Speciaist II & Web Developer Projects RELX Group, June 2001 to Present • RECreate - PowerShell, Active Directory • Developed & maintain team’s asset management (PAM) web application, stream-lining • iSpark - CSS, Liquid Template Engine hardware-related processes from acquisition to retirement - providing accurate equipment tracking & reporting. App is also used by support teams in Raleigh, NC & the UK. • RETS Virtual Agent ChatBot - Sass • Created a RESTful web service to facilitate PAM’s integration with workflows in ServiceNow. • PAM REST Service - ASP.Net, WebAPI, C# • Mocked & built templates for an innovation feedback tool run on the UserVoice platform. • Provided styling changes using Sass/SCSS to reflect branding for Service Desk’s ChatBot. • PC Asset Management - ASP.Net, C#, T-SQL • Developed a small web app to route software requests to proper support teams, allowing • Customer Survey Tool - ASP.Net, C#, T-SQL managers to approve & track their progress. • Redesigned a survey application that tracks customer satisfaction for support teams and allows teams & individuals to view results for continuous improvement. • Drove process improvement through web applications & automation scripts written in PowerShell and Bash. • Designed & maintain relation SQL databases for web apps, occasionally writing custom queries for management reports.
    [Show full text]
  • Contract Summary Sheet
    CONTRACT SUMMARY SHEET TO: THE OFFICE OF THE CITY CLERK, COUNCIL/PUBLIC SERVICES DIVISION DATE: August 13, 2014 ROOM 395, CITY HALL FROM (DEPARTMENT): LAFD June Gibson CONTACT PERSON: PHONE: 213-978-3731 CONTRACT NO.: a— LAOS COUNCIL FILE NO.: 1111 NEW CONTRACT ADOPTED BY COUNCIL: El AMENDMENT NO, DATE El ADDENDUM NO. APPROVED BY BPW: El SUPPLEMENTAL NO. DATE El CHANGE ORDER NO. CONTRACTOR NAME: Acquia Inc. TERM OF CONTRACT: DOE THROUGH: 3 years TOTAL AMOUNT: Not to exceed $165,471 PURPOSE OF CONTRACT: To provide external web hosting services for LAFD. NOTE; CONTRACTS ARE PUBLIC RECORDS - SCANNED AND UPLOADED TO THE INTERNET '-1 L o 5 CONTRACT BETWEEN CITY OF LOS ANGELES AND ACQUIA INC. THIS CONTRACT, is made and entered into by and between the CITY of Los Angeles, a municipal corporation (hereinafter referred to as "CITY"), acting by and through the Los Angeles Fire Department (hereinafter referred to as "LAFD"), and Acquia Inc., a Delaware corporation (hereinafter referred to as the "CONTRACTOR"). WITNESSETH WHEREAS, the Los Angeles Fire Department (LAFD) wishes to implement Drupal Web Content Management software to develop LAFD's social publishing websites; and WHEREAS, the Los Angeles Fire Department wishes the CITY's critical external websites to be externally-hosted; and WHEREAS, The CONTRACTOR has unique and specialized knowledge with implementation and support of Drupal software; and WHEREAS, pursuant to Los Angeles City Charter Section 1022, it was determined that CITY employees do not possess the necessary expertise to perform
    [Show full text]
  • Alex Beuscher [email protected] 1702 Paru St
    Alex Beuscher [email protected] 1702 Paru St. #C Alameda, CA 94501 c: 617 359 - 6971 Overview I have more than twenty years of experience on the web. I augment my development, and management skills with an ability to clearly communicate complex concepts to a wide audience in writing and in speech. I am thoughtful about my work and have made valuable contributions and improvements in every department I have managed or been a part of. Computer Skills Languages PHP, JavaScript, jQuery, HTML, CSS, AJAX, MySQL, ASP Applications Marketo, Wordpress, ZenDesk, Apache, Linux, AWS Services, Git, Adobe Design Suite, Final Cut Pro, vBulletin, Drupal, Expression Engine, and others. Experience 2020 –present Senior Web Developer & Team Lead, Contentstack, San Diego, CA I currently manage the engineering team for the marketing department at Contentstack. In this role I contribute code, meeting with stakeholders, and managing and mentoring a team in India to develop the documentation and marketing websites for the company. This site is built using the company’s headless CMS product along with Gatsby, a React framework. This position is fully remote. 2017 –2020 Senior Web Developer, Dynamic Signal, San Bruno, CA I continue to manage this site part time after 3 years of full time employment. This is a remote position, working with Wordpress, ZenDesk, Marketo, on the company’s web properties including their marketing and support sites. 2013 –2017 Senior Web Developer, 2K Games, Novato, CA My role at 2K involved front and back end development on sites supporting our various game titles and other web properties. Security, localization, and usability were a primary focus.
    [Show full text]
  • Releasing Tools for International Disease Surveillance As Open-Source Software: a Case Study
    Releasing Tools for International Disease Surveillance as Open-Source Software: A Case Study Raj J. Ashar ince the development of tools for the Suite for Automated Global Electronic bioSurveillance (SAGES) began in 2008, the SAGES team and sponsor have envisioned the eventual release of these tools as open-source software to the global public health and technology communities. Open- source software allows members of the public to study, customize, and operate their own local copies of the software and source code, often without monetary fees. As such, releasing SAGES as open-source software assures prospective users that they retain complete control over the health data collected by SAGES-based systems, and aligns well with the model of self-sustainability intended for the operation of SAGES systems in resource-limited settings. Preparing two SAGES tools, OpenESSENCE and SAGES Mobile, for release as open-source software projects entailed a multifaceted, months-long effort that spanned policy, technical, and community considerations. This article describes the issues, trade-offs, and decisions that were addressed leading up to the successful open-source release of OpenESSENCE and SAGES Mobile in June 2013. The aim of this case study is to inform future Johns Hopkins University Applied Physics Laboratory (APL) and external efforts to release open-source software. INTRODUCTION Open-source software follows a design methodology ered a trade secret and is often unavailable to the public. that makes software source code available to members The transparency afforded by open-source software can of the public for usage, modification, reproduction, and empower end users in several ways.
    [Show full text]
  • Xenforo MSJ Darby Decl
    Case 2:10-cv-08209-R -JEM Document 80-1 Filed 10/09/11 Page 1 of 38 Page ID #:1215 1 MICHAEL K. GRACE (SBN 126737) [email protected] 2 PAMELA D. DEITCHLE (SBN 222649) 3 [email protected] 4 GRACE+GRACE LLP 444 South Flower Street, Suite 1650 5 Los Angeles, California 90071 6 Telephone: (213) 452-1220 7 Facsimile: (213) 452-1222 8 Attorneys for Defendants XenForo Limited 9 and Kier Darby 10 UNITED STATES DISTRICT COURT 11 FOR THE CENTRAL DISTRICT OF CALIFORNIA 12 WESTERN DIVISION 13 Grace LLP Grace 14 + vBULLETIN SOLUTIONS, INC., a ) Case No.: CV 10-8209-R (JEMx) Intellectual Property Intellectual 15 California corporation, ) Grace Los Angeles, CA 90071 CA Angeles, Los ) DECLARATION OF KIER DARBY IN 16 444 South444 Flower Suite Street, 1650 Plaintiff, ) SUPPORT OF DEFENDANTS’ 17 ) MOTION FOR SUMMARY 18 v. ) JUDGMENT ) 19 XENFORO LIMITED, an English ) 20 private limited company; and KIER ) 21 DARBY, a British citizen; and DOES 1- ) 10, inclusive, ) 22 ) 23 Defendants. ) 24 ) 25 26 27 28 DECLARATION OF KIER DARBY Case 2:10-cv-08209-R -JEM Document 80-1 Filed 10/09/11 Page 2 of 38 Page ID #:1216 1 DECLARATION OF KIER DARBY 2 I, Kier Darby, declare as follows: 3 1. I have personal knowledge of the facts set forth in this declaration and, 4 if called upon to do so, I could and would testify competently from personal 5 knowledge as follows: 6 2. In 1998, I graduated with a B.A. Honors degree from the National 7 Centre of Computer Animation at Bournemouth University in the United 8 Kingdom.
    [Show full text]