Month: March 2016

  • The Problem with Facebook…

    The Problem with Facebook…

    Maybe that was a bit of a ‘clickbait’ title, since the list of problems with Facebook is epic, tragic, and depressing. So let’s go with, “tonight’s example of an ongoing problem with Facebook”. One of my biggest gripes about the social media platform is that after all this time, they still do not give us…

  • Badlock: The Day After [Update #2]

    Badlock: The Day After [Update #2]

    Late last night, Steve Ragan published an article on the CSO Salted Hash blog titled “Company behind the Badlock disclosure says pre-patch hype is good for business“, immediately taking SerNet to task over their handling of the disclosure so far. One of the more telling parts of his article came during a conversation between Sean…

  • Bad Luck Over The Upcoming Badlock Vulnerability?

    Bad Luck Over The Upcoming Badlock Vulnerability?

    It has only been twenty-one days after the last named vulnerability (DROWN), and now we have the next one! Early on March 22nd, the security industry started hearing rumors of ‘Badlock’ and then the site announcing it began making the rounds. The domain was registered by Johannes Loxen out of Germany on March 11, 2016, to…

  • MITRE’s Horrible New CVE ID Scheme and Spindoctoring

    MITRE’s Horrible New CVE ID Scheme and Spindoctoring

    [This was originally published on the OSVDB blog.] Today, The Register wrote an article on MITRE’s announcement of a new CVE ID scheme, and got many things wrong about the situation. As I began to write out the errata in an email, someone asked that I make it public so they could learn from the…