Month: May 2014

The Five High-level Types of Vulnerability Reports

[This was originally published on the OSVDB blog.] Based on a Twitter thread started by Aaron Portnoy that was replied to by @4Dgifts asking why people would debunk vulnerability reports, I offer this quick high-level summary of what we see, and how we handle it. Note that OSVDB uses an extensive classification system (that is…

May 28, 2014
Crossing the line on ‘appropriate’ response to a breach…

You have likely seen the news that eBay was compromised and disclosed on Wednesday the 21st, resulting in as many as 145 million customers being affected. eBay was quick to state that the criminals did not gain access to financial information, trying to allay customer concerns. Despite that, there are many aspects of the aftermath…

May 25, 2014
Surprise! Guinea pigs… (the end of an era)

Almost 7 years ago (August 18, 2007), I returned from a business trip to find a guinea pig in my living room. My significant other at the time, Kay, had wanted to rescue a guinea pig or three. We had talked about it and I was willing, but wanted to talk about it more. She…

May 10, 2014
The Scraping Problem and Ethics

[This was originally published on the OSVDB blog.] [2014-05-09 Update: We’d like to thank both McAfee and S21sec for promptly reaching out to work with us and to inform us that they are both investigating the incident, and taking steps to ensure that future access and data use complies with our license.] Every day we…

May 7, 2014
Unsung Hero

Not fond of sharing commercials, but this one is powerful.

May 4, 2014