-
Abert’s Squirrels and Wonderful Variations
After moving from Denver to the nearby mountains, I was quite happy to learn that I had four different kinds of squirrels in the area. The Golden Mantle Ground Squirrel, Least Chipmunk, Douglas Pine Squirrel, and the Abert’s Squirrel. The last is also known as the tassel-eared squirrel. Native to the southern Rockies, they can…
-
Random Movie/TV Thoughts and Reviews (February 2026)
Reviews One Battle After Another (2025) is the kind of movie, to me, that seems to have everything right; good acting, interesting plot, good character development. And yet somehow it just doesn’t click for me. I understand why it would win an award for any given acting role, but overall as a movie I think…
-
Bob’s “CVE Quality-by-Design Manifesto” – The Hit and Misses
Almost every time Bob Lord blogs, I feel the need to write a rebuttal to what is arguably abject stupidity and shortsightedness. One he published a couple days ago, titled “CVE Quality-by-Design Manifesto“, is missing several core concepts in the realm of vulnerability intelligence. While his overall point is certainly valid, the order in which…
-
Shadow, Ghost, and Phantasmawhatever Vulnerabilities – The Reality
Back in September of 2024, I took some notes on a blog I wanted to write about “Shadow” vulnerabilities, based on a corporate blog with a poor concept and misunderstanding of CVE. The title was to be “Shadow Vulnerabilities – Rebuttal” and pretty straight-forward. Vulnerability life is crazy when you help manage a true vulnerability…
-
Random Movie/TV Thoughts and Reviews (January 2026)
Reviews I finished Trigger (2025), a Korean cop/crime/action series that was pretty good. The most interesting aspect was the entire premise that is “what if guns flooded into South Korea?” So it basically becomes a gun epidemic that the police are fighting which is obviously a stark contrast to the United States. It’s simple, yet…
-
Vulnerability Disclosure Forensics: /cgi-bin/upload.cgi
Yesterday, Chris Sullo of Nikto fame, asked me a simple question; in so many words, what was the “first web vuln”. To be clear, he is asking about the first vulnerability in a web server / service / program. Seems relatively straight-forward but I challenge anyone to answer it with their own data set, especially…
-
Random Movie/TV Thoughts and Reviews (December 2025)
Reviews Bad Words (2013) – I somehow missed this movie from a good while ago, but it is hysterical!. Full of over-the-top adult humor yet it delivers not just in comedy, but with a fun story. It’s always amusing, to me at least, when you have an adult / kid duo that involves corrupting the…
-
Rest In Peace IBM X-Force Vulnerability Database
Within the vulnerability ecosystem, the CVE project / vulnerability database is certainly the most well-known. Over the past 30 years many others have come and gone, and others are still around. Some of you will recognize SecurityFocus BID, Open Sourced Vulnerability Database (OSVDB), Secunia, VulnDB, OSV, and others. Started in 1997, there is another that…
-
Squirrel Goes Down the Rabbit Hole … Podcast
On November 17, I joined the three hosts of the Down the Security Rabbithole (DtSR) podcast to talk about CVSS, CVE, and how they play into risk and defending networks. My time followed Robert “RSnake” Hansen’s podcast where he had a pretty controversial take on risk management. One of the hosts, Rafal Los, asked my…
-
Random Movie/TV Thoughts and Reviews (November 2025)
Reviews Obliterated, a TV series on Netflix made me wonder early on as the presentation image used on the platform to represent the show has several people walking forward confidently, but several of them ultimately have nothing to do with the actual show? Why is that, what is going on? Anyway, as far as the…