About Me

I am a web security engineer for Mozilla, where I work on browser security and web application security. You can read about some books and movies that I like, check out some of the articles I've written about programming and security, or just drop me a line.

I'm also married and you can check out our website including our photo gallery which we update frequently.

---

What's New

04/07/09 - I published another set of changes to the Content Security Policy proposal. We are getting very close to the implementation phase now, and I've made a final call for feedback. Sid and I are in the process of moving the documentation to the Mozilla Wiki, where the final specification will live.

04/04/09 - I fixed two bugs in my AES implementation. The first was a padding bug which resulted in the loss of up to a block of data when decrypting certain ciphertexts. The second bug was a more serious security problem caused by the use of a static initialization vector.

09/05/08 - I updated my web security proposal with a fairly large set of changes. I removed Cross Site Request Forgery from the scope of the proposal and instead will focus on the implementation of the Origin header. The syntax has also been expanded to allow policy creation for a larger set of content types, e.g. not just JavaScript.

06/04/08 - I published a proposal for a set of browser security features that I hope to get turned into an open web standard and implemented in a future version of Firefox.

12/14/07 - I wrote a Python script that converts a CIDR Block into a list of individual IP addresses, one-per-line.

12/13/07 - I updated my tutorial on running Dark Castle in Windows to include Beyond Dark Castle.

---