Month: June 2012

Errata Hits Puberty: 13 Years of Chagrin

I presented on the 13 year history of the Errata project at RVAsec giving a behind-the-scenes look at the nightmare and headaches involved. Both from the project, and from the security industry. This presentation was updated slightly, and given a month later at the Black Hat Briefings 2012 in Las Vegas. The attrition.org Errata project…

June 15, 2012
Rebuttal: Got One Part Right; You Fail

[This was originally posted on attrition.org. This is a rebuttal to Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet (June 1, 2012) by Mikko Hypponen. There are several updates to this article at the end, based on replies from a variety of people including Mikko.] The antivirus market is worth over 4 billion dollars, with a…

June 2, 2012
Fascinating Vulnerability and Glimpse Into 33 Year Old Pen-Testing

[This was originally published on the OSVDB blog.] Today, we pushed OSVDB 82447 which covers a backdoor in the Multics Operating System. For those not familiar with this old OS, there is an entire domain covering the fascinating history behind the development of Multics. OSVDB 82447 is titled “Multics Unspecified Third-party Backdoor” and gives an…

June 1, 2012