2425 Channing Way PMB# 587 Berkeley CA 94704-2209 +1 510-849-2230 (HOME)
I specialize in Unix host and network security (long before security was considered important) TCP/IP Network design and implementation site security security architecture and design, and in the past I have done WWW/CGI design X11 windowing system programming (Widget writing and GUI design) but that was a long long time ago.
Most of my writing (including Lectures & Slides) can be found at http://www.dis.org/filez/#shipley .
These daysI most of my days working on random programming projects, work, taking care of the kids, and sorta fixing up the house, I also attend technical computer conferences (such as USENIX and DEFCON/Blackhat). and occationaly Sci-fi cons.
In the past:
I conceived and wrote the very first automated network security scanner (NetSweep)
way back in 1986 (years before ISS and other copycats).
This was long before people believed in network based security, almost everyone
back then felt that security was a "host based" problem,
the scanner was meant as a proof of concept to show there was a problem from
the network prospective.
Also back then (late 80's) I was one of the first to create and maintain a significant bug & exploit database. When CERT was later founded they used this collection a seed resource for their security knowledge database, as per their request.
Founded the UC Berkeley's OCF (Open Computing Facility) in (1988). The OCF is UC Berkeley's first all-volunteer, student-run, service group dedicated to free computing for all University of California at Berkeley.
In '92 I helped founded one of the premier ISP in the Bay Area (DNAI.COM). I ended up getting screwed out of my stock when one of the other founders forged and back-dated the stock certificates then waited till the statute of limitations expired before selling the company to RCN. I learned a lot about business from that experance.
in '93 I participated in the cypherpunks as a founding member hosting one of the first remailers and helping distribute PGP before anyone really heard of it.
Around the same time I was one of the original supporters/sponsors of tpc.int the original Free Internet Fax Server. I also designed and hosted their WWW services before web servers were known or popular.
Around '93 or '94 I started thinking about network "auto-defense"
and "reactive firewalls",
I first filed a patent on these ideas in '96.
Now I have a couple patents on what has become one of a fundamental in IDS #6,119,236 and #6,304,975.
Since then I have various amounts of independent security research.
One of which was proving that wardialing is still a significant security
When I proposed the idea in '97 most people in the security community
called it "old news" and told me it was "not a problem anymore".
After publishing results showing that
companies were as vulnerable to dialup attack as
they are to internet attacks
three companies released a phone auditing products, while
every security auditor added it to their list of deliverables.
Now if each of these companies would grant me some stock for making
their business possible....
Slides from a talk I did on is available on my writings page.
Around 1999-2000 I invented Wardriving, while I am not the first person to go out and search for open wireless LANS (a few before me ventured around with in a with a laptop, pencil & paper manualy scribbling notes). I was first to automate it all with dedicated software and a GPS. When I started this project the usage or WEP was around 15%, after going public with my findings, a year later WEP usage is now 33%. Thus is good to know people are getting the message. Some (outdated) maps I generated from these exercises can be found at http://www.dis.org/wl/maps/. This research was featured in the Wall Street Journal and the Newseek.
From 2002-2005 I took a lot of time off and traveled a bit mostly in London, Amsterdam, and parts of Germany. I had a kids in 2007 and 2009 and they have kept me busy since.