Month: February 2006

  • State of vulnerability research?

    [This was originally published on the OSVDB blog.] Steve Christey of CVE has posted to several lists asking What is the state of vulnerability research? Before you dismiss the question, give it serious thought for a few minutes. Have any ideas, opinions or concerns about where vuln research is heading? Where it should be? Drop…

  • The Rise of the Fuzzers

    [This was originally published on the OSVDB blog.] Fuzzers are by no means new. They have been used fairly extensively the last half decade to find a number of vulnerabilities. Back in July 2001 we saw an LDAP protocol fuzzer find issues in a variety of products. February 2003 saw SIP fuzzed, January 2004 was…

  • Why VDBs > AV Industry

    [This was originally published on the OSVDB blog.] Remember the recent Microsoft Windows WMF vulnerability that made news? You know, the “Shimgvw.dll SETABORTPROC function crafted WMF arbitrary code execution” issue? This was assigned OSVDB 21987, CVE 2005-4560, CERT VU 181038, BID 16074, FRSIRT ADV-2005-3086, OVAL 1433, SECTRACK 1015416, and Secunia 18255. While the vulnerability has…

  • Music Review: Juliette and the Licks (Speaking My Language)

    [This was originally published on attrition.org.] Hey Juliette, You may be too young to remember Y Kan’t Tori Read, but the album flopped. Why? Because Tori Amos didn’t utilize her real vocal talent, rather she tried to make an album that the masses might accept. It didn’t work and the album was a disaster. A decade…

  • Music Review: Free Dominguez (Freedoming)

    [This was originally published on attrition.org.] I’m so slack. In March of 2004, Free Dominguez of Kidney Thieves mailed me thanking me for my review of Trickster. She also informed me that she was branching out on a solo project under her own name and offered to send me a promo copy. Of course I said yes, then…