Month: May 2014
-
The Five High-level Types of Vulnerability Reports
[This was originally published on the OSVDB blog.] Based on a Twitter thread started by Aaron Portnoy that was replied to by @4Dgifts asking why people would debunk vulnerability reports, I offer this quick high-level summary of what we see, and how we handle it. Note that OSVDB uses an extensive classification system (that is…
-
Crossing the line on ‘appropriate’ response to a breach…
You have likely seen the news that eBay was compromised and disclosed on Wednesday the 21st, resulting in as many as 145 million customers being affected. eBay was quick to state that the criminals did not gain access to financial information, trying to allay customer concerns. Despite that, there are many aspects of the aftermath…
-
Surprise! Guinea pigs… (the end of an era)
Almost 7 years ago (August 18, 2007), I returned from a business trip to find a guinea pig in my living room. My significant other at the time, Kay, had wanted to rescue a guinea pig or three. We had talked about it and I was willing, but wanted to talk about it more. She…
-
The Scraping Problem and Ethics
[This was originally published on the OSVDB blog.] [2014-05-09 Update: We’d like to thank both McAfee and S21sec for promptly reaching out to work with us and to inform us that they are both investigating the incident, and taking steps to ensure that future access and data use complies with our license.] Every day we…
-
Unsung Hero
Not fond of sharing commercials, but this one is powerful.