Month: October 2013
-
OSVDB – We’re offering a bounty… of sorts!
[This was originally published on the OSVDB blog.] In our pursuit of a more complete historical record of vulnerabilities, we’re offering a bounty! We don’t want your 0-day really. OK sure we do, but we know you are stingy with that, so we’ll settle on your ~ 12,775 day exploits! First, the bounty. This is…
-
An Open Letter to @InduSoft
[This was originally published on the OSVDB blog.] InduSoft, When referencing vulnerabilities in your products, you have a habit of only using an internal tracking number that is kept confidential between the reporter (e.g. ICS-CERT, ZDI) and you. For example, from your HotFix page (that requires registration): WI2815: Directory Traversal Buffer overflow. Provided and/or discovered…
-
Quit volunteering my time.
Every week someone, or several people, think their 140 characters is worth me spending an hour+ writing an article for them. They noticed some plagiarized text or think someone is a fraud, and they turn around and expect me to research and document it. For years now, I get mail to Errata with a single…
-
Any wonder why people use images without attribution?
Found the perfect image for my @BSidesDE talk. Noticed in the corner a tiny ‘GettyImages’ watermark, so I went to their site to see how much it would cost to license. Because I happen to know they require a license… which I imagine 99.9% of the modern Internet world does not. The auto-pricing options did…
-
Seeing those EULAs in a different context.
Many years ago I realized that the End User License Agreements (EULA) that we are forced to endure for web sites and software was out of hand. There have been a lot of good points made in the past about them and how they are rarely read. I had written notes about an article but…
-
We’re Doing the Unthinkable
[This was originally published on the OSVDB blog.] Anyone who knows me in the context of vulnerability databases will find this post a tad shocking, even if they have endured my rants about it before. For the first time ever, I am making it policy that we will no longer put any priority on Vulnerability…