Month: October 2005

  • Mail List Archives 101 (or Why SF Hates VDBs)

    [This was originally published to the OSVDB blog.] Running a mail list archive is a straight forward task. Collect, organize and make mail list posts available via the web. You can see such archives at seclists.org or the Neohapsis arhive. Most folks that use archives like this have their favorites for various reasons. Speed, the…

  • Vulnerability Purchasing

    [This was originally published on the OSVDB blog.] Several years ago, iDefense started purchasing vulnerabilities from freelance researchers, and created its Vulnerability Contributor Program. Find a vulnerability, disclose it to iDefense under mutual NDA, and they would act as a mediator between you and the vendor for disclosure. After a patch was available, iDefense releases…

  • Vendors Hate VDBs

    [This was originally published on the OSVDB blog.] I’ve spent the last few hours working on the OSVDB database, specifically working on making sure that we had entries that correspond with two vendors and their security issues. After an hour or two of digging through the Hitachi advisories, I questioned why we only had ~…

  • Vendor Protection Rackets

    [This was originally published on the OSVDB blog.] I had planned on writing about this weeks ago but got swamped with that pesky day job along with the steady stream of new vulnerabilities released daily. That steady stream that absolutely will not get better with vendors taking a new approach to dealing with them. Fortunately…

  • Disclosure: Apache Tomcat 4.0.3 MS-DOS Device Request Handling Remote Path Disclosure

    [This was originally sent to CVE and Nikto and then published on OSVDB, now gone. It was discovered in an old version of Apache Tomcat and the solution had existed for several years. VulnDB 20033] From: security curmudgeonTo: Steven Christey , Sullo of NiktoDate: Thu, 13 Oct 2005 14:21:33 -0400 (EDT)Subject: Apache Tomcat 4.0.3 MS-DOS…

  • National Cyber Security Awareness Month

    [This was originally published on the OSVDB blog.] October has been named “National Cyber Security Awareness Month” by some. From a news article about this: New York State, the University of North Carolina and the city of Charlotte, N.C., are joining the Department of Homeland Security, the National Cyber Security Alliance and numerous companies from…