Month: August 2017

I wanted to support the Red Cross during Harvey… (but I can’t, so I need alternatives…)

File this under “blogs I didn’t expect to, or want to write tonight”. With hurricane Harvey causing incredible damage and distress to Texas, many of us are looking for ways to help. I’d love to be down there in a boat rescuing animals or humans, bringing free bottled water (as opposed to the horrible alternative),…

August 29, 2017
Researchers Find One Million Vulnerabilities?!

[This was originally published on RiskBasedSecurity.com.] No researcher has yet claimed to find one million vulnerabilities, but we are sure to see that headline in the future. Every so often we see news articles touting a security researcher who found an incredible number of vulnerabilities in one product or vendor. Given that most disclosures involve…

August 15, 2017
That Vulnerability is “Theoretical”!

[This was originally published on the OSVDB blog.] A few days ago, while writing a draft of a different blog, I made reference to and said “we’re well aware of the pitfalls around calling a vulnerability ‘theoretical’“! I wanted to link off to what I was referencing, a case where security researchers found a vulnerability…

August 13, 2017
20 Seconds to Comply; 17+ Years to Get It Wrong. From “Roboguard” to “Steve”!

Recently, news broke of a robot security guard lovingly nicknamed “Steve” who drowned in a fountain in the lobby of the building he was sworn to protect. The various Tweets and news articles jumped all over it, with articles anthropomorphizing Steve and headlines such as “Security guard robot ends it all by throwing itself into…

August 8, 2017