I looked into what was once a mirror and I saw someone who looked nothing like me.

Today I thank you, God, for what you did for me; what you didn’t do for him.

Looks like I’m done Couldn’t answer their question, they basically just wanted me to know stuff about different network protocols – I could explain the protocols but I didn’t know shit about the techncial details

It sucks but what can I do?

Just putting up my notes, in case anyone cares.

Kerberos

An authorization system. There are three players in a Kerberos system; client, server and the trusted 3rd party.

Login

a. User requests access from Authentication server (AS).

b. If user exists, AS sends Client/Ticket Granting Server (TGS) Session Key and Ticket-Granting-Ticket (TGT).

(The Session Key is encrypted using the user’s hashed password; The TGT is encrypted by the TGS secret key)

c. The Session Key is decrypted by the user’s machine.

We are now authenticated with the Authentication Server.

I need service!

a. We send the TGT, service ID and an authenticator (Client ID/Timestamp) to the TGS.

• (TGT is encrypted already; authenticator is encrypted by the Session ID)

b. The TGT is decrypted by the TGS. Using the session key, the TGS decrypts the authenticator.

• The session ID is extracted from the TGT

c. The TGS returns a CST (Client/Server Ticket) & a Client/Server Session Key.

• The CST has the client id, network addy, and length of validity, and the client/server session key. It is encrypted with the service secret key.
• The C/S Session Key is encrypted using the C/TGS Session Key.

d. With these, the client can authenticate himself to the server. The encrypted CST and an Authenticator (with the client ID and timestamp) are sent.

• The Authenticator is encrypted with the client/server session key.

e. Server returns the timestamp + 1, encrypted with the CS Session Key. Client translates and can use the server now.

It’s going to be a long day.

Tonight, I have a job interview with Google, for this position:

http://tokyo.craigslist.jp/sad/910655389.html

I got so many questions for them, yet so little time. I learned about most, if not all, the concepts in school and have been playing with a few during my career. Getting in would be a nice change from the companies I usually work with.

We’ll see how it goes, I guess.

Heard this story from a friend of a friend the other day. Apparently he was working for an anti-virus company at the time and his boss was a little less than technical. One day he got an angry call on the phone.

“Mohammad! We’re getting farmed!” exclaimed Jonathan Gore, his boss. Jon, as everyone called him, was a high school drop-out who had problems understanding the basics of technology. Apparently, he had read about link farms on a website, and was convinced that someone was stealing highly-important sales by spoofing search engine results about his website, or something like that.

Safety Online, as we will call it, was an anti-malware program that was built in a week and was extremely popular. This was not because of any particularly valuable IP or interesting anti-viral technology. Rather, it was selling because it was being sold through a domain name that was coincidentally the same as that of a very popular anti-virus program. Let’s just say that if you went to “mortonantispy.com”, you were putting money in Jon’s pocket, not the Morton Corporation.

Things went great for a while. Sales hit 20000 – 30000 dollars a day. With a minimum wage staff (Mohammad being paid less than 35k for his services), Jon was making out like a bandit. Unfortunately, Jon was never a good long-term thinker. Instead of trying to improve the product, Jon blew the money on cars and new businesses. Instead of adding new technical staff to oversee improvements to the product, he worked with a script writer to create a movie with himself as the main character. Mohammad, a junior programmer fresh out of university, was eventually the technology main for the product – and it showed.

After about 4 or 5 months the Morton Corporation found out about the domain, and they weren’t happy. When it threatened to go to court, Jon folded like a pair of cards. The customers vanished with the domain, but Jon (who expected a lifetime of riches from his “insight”) couldn’t help but spin cockamanie conspiracy theories to explain the loss of revenue.

First it was definitely Rob. Rob, the original programmer for Safety Online, was fired after arguing with Jon about the need for better infrastructure for the company. Jon was convinced that Robert was using his “voodoo hacking” to steal money by hacking the paypal merchant account. When it was clear that this wasn’t possible (as Bob had relocated to Thailand and was pursuing other interests all along), Jon decided that it was Jason, the server admin who was officially fired because of a 2 day server outage (and unofficially because he was an unrepentent homosexual).

Through it all, Mohammad sat and didn’t say a word.

Then the phone call. “I figured it out,” he boomed. “It’s the link farms! People think they are coming to Safety Online, but in reality they are being sent to another website that farms our sales! We are losing millions!” he declared, without the slightest sense of irony. Mohammad realized that the naive man he had worked for was insane. He resigned within the week.

Jon eventually lost his fortune, and lost a race for a local representative for the state of Washington. Not to be deterred, he is now planning a run at the Senate.