Month: April 2008

  • Reflection on Rescue

    i own guinea pigs. seven of them now, mostly rescues. they come from all types of places, but mostly from places where they were in bad shape or had no future. a year ago i barely knew anything about them but Kay got me into them. before long i had one. two. three. four. five.…

  • Stand Your Ground

    The night started with a loud voice from outside, echoing between the buildings. Couldn’t see anyone from any window but it was definitely very close. Since it couldn’t be from the balcony or parking lot, and wasn’t the courtyard in the next building or mine, it had to be someone between the buildings but near…

  • Dr. Jekyll and Mr. Hide (Sun & Disclosure)

    [This was originally published on the OSVDB blog.] Today just happened to be the right day where I saw the Jekyll and “Hide” of Sun though. A few days ago, |)ruid posted about a Solaris ypupdated vulnerability in which he says it corresponds to CVE-1999-0208 / OSVDB 11517. Given the original vulnerability was published in…

  • Disclosure: Multiple Software Remote File Inclusion

    [This was originally disclosed on the VIM mail list. VulnDB IDs 90794, 90795, 90796. This was the result of watching Apache logs on attrition.org and observing a wide variety of RFI attacks. I started comparing some of the scripts being attempted with OSVDB and noticed some were not found. That means these were essentially 0days…

  • Vulnerability Counts and OSVDB Advocacy

    [This was originally published on the OSVDB blog.] CVE just announced reaching 30,000 identifiers which is a pretty scary thing. CVE staff have a good eye for catching vulnerabilities from sources away from the mainstream (e.g. bugtraq) and they have the advantage of being a very widely accepted standard for tracking vulnerabilities. As companies and…