Month: August 2006

  • Rare case where being unprofessional is justified?

    [This was originally published on the OSVDB blog.] I think I may have found it. Claus Assmann (no no, too easy) of sendmail.org recently said some words to the CVE team regarding a recent Sendmail DoS. Look at the words and think about it: BTW: it would be nice if your process of creating a…

  • Vulnerability Research In Numbers

    [This was originally published on the OSVDB blog.] I’m so far behind in my daily routine and missed Thomas Ptacek’s post on Vuln Research In Numbers. Fortunately, Dave Aitel referenced the blog entry which prompted me to check it out. I so desperately want Ptacek to run his numbers against a complete OSVDB data set,…

  • Wanna Date?

    [This was originally published on the OSVDB blog.] No, this isn’t some odd contest with a disappointing reward. Date an OSVDB moderator! *shudder* Think of dates in the context of vulnerability disclosure. Think of how many dates we don’t know, even in the more formal advisories (some with time lines even). OSVDB currently tracks three…

  • Vulnerability Research Food Chain

    [This was originally published on the OSVDB blog.] I’ve mentioned the sociology aspect of the hacker, vuln researcher and security companies before, specifically how they interact, how one will influence another and more. The list of fun ideas I have on these topics is great, and maybe some day i’ll find the time to write…

  • No Exception for Symantec

    [This was originally published on the OSVDB blog.] Symantec posted a message to Bugtraq earlier this month announcing the availability of a new advisory. The advisory presumably covers a vulnerability or issue in Symantec On-Demand Protection. If you are reading this blog entry a year from now, that is all you may find on it.…

  • Oldest Vulnerability Contest – Winner

    [This was originally published on the OSVDB blog.] On December 20, 2005, I posted a contest looking for the oldest documented vulnerability. This generated a lot of interest and was posted to the FunSec Mail List which generated even more interest and information. It also lead to me spending more time digging through my own…

  • DEF CON/BlackHat Thoughts

    [This was originally published on the OSVDB blog.] I keep telling myself, “keep it short!” since writing about a week in Las Vegas tends to be wordy. No promises! Some 3000 people apparently showed for BlackHat briefings and it showed. Despite that much money coming in and the amount of warning Caesars/BH had before the…