Welcome to the aforementioned slinky and sultry Web 2.0 crap.
Navigation
Tags
attrition: advisory errata archive vendor_fail news charlatan lazlo security_comp_fail going_postal rant box_of_shit movie_review book_review music_review contest buy_shit
twitter: technical_difficulties unsolicited_updates foursquare wefollow musings imdb dmfail
hobbies: critter_of_the_day squirrel guinea_pig stalking
related: osf datalossdb conference osvdb
type: quote screenshot photo video tweet audio question chat link
Links
Tools
-
Speaking Ill of the Dead?
Folks in the Information Security (InfoSec) circles are getting old. It is evident from the last few years and seeing those we know, in some capacity, passing on. For many of us still here, we find ourselves battling a world of conditions ranging from the relatively simple high blood pressure, to the more complicated like diabetes. That doesn’t even speak to the separate issues like so many in…
Notes: 1 / 2 weeks ago -
That Vulnerability is “Trending” … a Redux
A couple weeks ago I published a blog titled “That Vulnerability is ‘Trending’ … So What?“. I didn’t think I would be publishing another on this topic, especially this fast. But I ran into another absurd case of a vulnerability “trending” and figured out why, which is even more ridiculous. I caused this…
A CVE came across one of our feeds that monitors Twitter for mentions of a CVE ID that isn’t…
Notes: 5 / 4 months ago -
That Vulnerability is “Trending” … So What?
Yesterday, more than one organization reached out to my company asking why a particular vulnerability wasn’t in VulnDB yet. First, it had been less than 24 hours since publication in CVE/NVD, NVD hasn’t analyzed it as of the time of this blog, and it is in software no significant business would use. It’s part of a pattern of vulnerabilities being disclosed in low-end personal PHP projects, most…
5 months ago -
2022 #MakeHimHurt Challenge - The Results
7 months ago -
Rebuttal? Not really… Comments on Curphey’s Latest Blog
Rebuttal? Not really… Comments on Curphey’s Latest Blog
I went into a LinkedIn post expecting to have to buy a new box of red sharpies to be honest, but I am pleasantly surprised at the conclusions regarding CVE / NVD, which I think are largely accurate. As grim a picture as is painted, they are still a bit too generous. I say that as someone who reads, quite literally, every new CVE published and have for coming up on 20 years. Pretty sure no one at…
8 months ago -
Will the Real 300,000 Stand Up?
Will the Real 300,000 Stand Up?
On September 27, 2022, Flashpoint’s VulnDB hit the 300,000th entry added to the database. Think about that and .. wow. I started the adventure of collecting vulnerabilities around 1993, back when it was all flat text files, and my hacker group used a FILES.BBS file as an index, pointing to many hundreds of other text files, each with one vulnerability. At the time our collection was impressive;…
8 months ago -
security@ Is a Two-way Street
security@ Is a Two-way Street
More and more companies are embracing the benefits of maintaining a dedicated security team to not only help manage internal processes such as a systems development life cycle (SDLC) that may focus on security, but to also manage vulnerability reports from external parties. Some companies choose to implement bug bounty programs, and some do not. The manner in which they implement such programs,…
Notes: 1 / 11 months ago -
Let’s Talk About 0-days
Let’s Talk About 0-days
[This was a first draft of an article to be published on the Flashpoint Threat Intel blog. Ultimately, parts of it were adopted for a different blog but the original remains considerably different. Curtis Kang contributed significantly to the finished blog below.]
Zero-days (0-days and other variations) are exploitable vulnerabilities that the general public is unaware of—often being known by…
11 months ago -
Titan 1 Missile Silo Exploration
1 year ago -
Netflix: Why People Are Leaving You… (The Unspoken Reason?)
Netflix: Why People Are Leaving You… (The Unspoken Reason?)
I can be long-winded in my blogs, I know, and there is a lot to unpack here. I’ll try to keep it brief. Famous last words =) Any Netflix engineers reading, it will be worth your time even if you skim fast.
In the last month there has been global news coverage about Netflix losing subscribers (TechCrunch, BBC, More…). There are a lot of reasons this is happening, and MakeUseOf (MOU) gives six…
1 year ago -
2022 #MakeHimHurt Challenge
On the back of my Cross-country Drive blog, Part 5 specifically, the fine folks at Sonflower have decided to put me to the test and try to “make me hurt“. This came in the form of a Give Lively fundraiser and two donations to kick it off. The ringleader in this effort, Alicia, not only donated but created it so she could keep throwing it in my face. What a jerk, but I also approve. For donations…
1 year ago -
2022 Cross-country Drive (Part 5: Crisis of Confidence)
2022 Cross-country Drive (Part 5: Crisis of Confidence)
While this is part 5, and final, in my series covering my recent cross-country road trip, this one will be considerably different in topic. It will also be somewhat depressing to animal lovers at the start but hopefully swing back to a happier tone by the end. This one will not cover aspects of a normal trip. Stop here if that is what you are expecting. But there are a few pictures of cute…
1 year ago -
2022 Cross-country Drive (Part 4: Food)
1 year ago -
2022 Cross-country Drive (Part 3: Lodging)
1 year ago -
2022 Cross-country Drive (Part 2: The Road)
Notes: 1 / 1 year ago
