Month: September 2006

  • Under Pressure…

    [This was originally published on the OSVDB blog.] Microsoft is finding themselves under increasing pressure to release fixes for critical vulnerabilities. This week, Microsoft broke from tradition again and opted to release and early fix for a critical Internet Explorer vulnerability. Since we’ve seen other critical vulnerabilities come up before this one, some of which…

  • Full Disclosure Debate Bibliography

    [This was originally published on the OSVDB blog.] Paul Clark, Systems Librarian at the Wilderness Coast Public Libraries, has created an excellent timeline of Full Disclosure related articles. Unfortunately, mail to him is bouncing and it hasn’t been updated since 2004. Would be great to see someone pick this up.

  • Movie Review: Lucky Number Slevin

    [This was originally published on attrition.org.] This movie is either about horrifying the viewer with the worst wallpapers ever conceived, or one of the ultimate tales of revenge. This movie is also hard to properly review without ruining vital parts of it, so bear with me. Slevin Kelevra (Josh Hartnett) is the wrong guy in…

  • Matousec’s Vulnerability Value

    [This was originally published on the OSVDB blog.] Since the debate about pay-for-disclosure started, some folks have wondered what vulnerabilities are worth. We’ve seen companies like Verisign/iDefense and Tipping Point/ZDI offer serious money for vulnerabilities in the past. Adding to the mix, matousec.com has published a purchase page with prices of some of their vulnerability…

  • Vendor Disclosure Process

    [This was originally published on the OSVDB blog.] Ever wondered what some of the bigger vendors do in response to vulnerability Disclosure? Federico Biancuzzi has written an article on his Disclosure survey which may answer the question for you. Apple, Computer Associates, Google, IBM, Microsoft, Novell, Oracle, Red Hat, SAP, Sun Microsystems and Yahoo all…

  • Numb3rs

    [This was originally published on the OSVDB blog.] I’ve been with the OSVDB project for 1000 days. I am responsible for creating 20,667 entries, moderating 7,791 mangler submissions, and mangling 3,480 vulnerabilities myself. The database contains vulnerabilities dating back to 1965, spanning over 40 years. The database contains over 3,800 cross-site scripting, 2,500 SQL injection…