Month: April 2016
-
A Note on the Verizon DBIR 2016 Vulnerabilities Claims
[This was originally published on the OSVDB blog.] [Updated 4/28/2016] Verizon released their yearly Data Breach Investigations Report (DBIR) and it wasn’t too long before I started getting asked about their “Vulnerabilities” section (page 13). After bringing up some highly questionable points about last year’s report regarding vulnerabilities, several people felt that the report did…
-
Electronic Voting; an Old but Looming Threat
[This was originally published on RiskBasedSecurity.com.] As everyone on the planet knows, U.S. politics are in full swing with primaries almost every week and an upcoming presidential election in November of this year. At Risk Based Security we find it curious that one of the most dangerous topics seems to evade the 24-hour a day…
-
Badlock: The Day of Reckoning [Update #4]
![Badlock: The Day of Reckoning [Update #4]](https://jericho.blog/wp-content/uploads/2025/11/badlock.png)
[This was originally published on the RBS Blog.]. Word circulated earlier today that Badlock would be revealed at 1PM EST, which is curious given that Microsoft’s “Patch Tuesday” releases are not always public by that time. Almost ten minutes before 1PM, word of the patches being public were making the rounds. The three patches and associated…
-
OSVDB: FIN
[This was originally published on the OSVDB blog.] As of today, a decision has been made to shut down the Open Sourced Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form. This was not an…
-
Badlock: All Quiet on the Disclosure Front [Update #3]
[This was originally posted on the RBS blog.] With a week to go before the hyped Badlock vulnerability gets disclosed (with patches finalyl!), it has been mostly quiet as far as any further detail or insight. In the fourteen days since it was first announced, MITRE has still not seen fit to issue a CVE identifier for…