Month: February 2014

  • On the origins of the term ‘Hacktivism’…

    This blog is not about debating the definition of Hacktivism; I will leave that to the academics and self-described hacktivists. This article is to clear up confusion on the origin of the term, and point out that Wikipedia’s handling of factual information is sketchy. Further, it will point out that the Cult of the Dead…

  • I could do this all day… (Poor vuln stats from @GFISoftware)

    [This was originally published on the OSVDB blog.] Despite the talk given at BlackHat 2013 by Steve Christey and myself, companies continue to produce pedestrian and inaccurate statistics. This batch comes from Cristian Florian at GFI Software and offers little more than confusing and misleading statistics. Florian falls into many of the traps and pitfalls…

  • OSVDB -How bad is the scraping problem?

    [This was originally published on the OSVDB blog.] Via Twitter, blogs, or talking with our people, you may have heard us mention the ‘scraping’ problem we have. In short, individuals and companies are using automated methods to harvest (or ‘scrape’) our data. They do it via a wide variety of methods but most boil down…

  • An Open Letter to Ashley Carman, @SCMagazine, and @SkyboxSecurity

    [This was originally published on the OSVDB blog.] [Sent to Ashley directly via email. Posting for the rest of the world as yet another example of how vulnerability statistics are typically done poorly. In this case, a company that does not aggregate vulnerabilities themselves, and has no particular expertise in vulnerability metrics weighs in on…

  • CNN, the TSA, and the ‘Theatre’ of Terrorism

    News flash from CNN a few minutes ago: Terrorists may try to hide explosives in toothpaste or cosmetics tubes, U.S. warns airlines flying into Russia. A law enforcement source said the warning is based on new information and added that there is no known threat to the United States. Wait a minute! For ten years…