Month: November 2021

  • Privasec’s Ridiculous Claim of a “World Record” in Vulnerability Disclosure

    Privasec’s Ridiculous Claim of a “World Record” in Vulnerability Disclosure

    On May 9, 2019, Privasec published an odd press release with a URL slug of “privasec-queensland-telstra-acquisition” but a title of “Privasec Red’s Consultant Breaks World Record By Disclosing Most Number Of Open-Source CVEs.” This claim is simply wrong. To believe it requires either a complete understanding of the vulnerability disclosure landscape or intent to deceive.…

  • The Charity Challenge for Banshee

    The Charity Challenge for Banshee

    Unfortunately for them, the fax machine was invented in 1843. Banshee admitted defeat, so Durian it is! But I wanted to give some encouragement and started a charity pledge drive. Of course, me being me, I created a tracking sheet for this and as of this blog, there is already $1945 in pledges to help…

  • CISA’s BOD 22-01: How to Prioritize 100 Vulnerabilities in Two Weeks

    [This was originally published on riskbasedsecurity.com, and had considerable edits/enhancements done by Curtis Kang.] CISA BOD 22-01 introduces the directive for government vendors to mitigate 292 CVE IDs, or 301 vulnerabilities, 100 of them within a short timeframe. It is well-meaning and brings potentially valuable focus, but it will put pressure on teams working with…

  • Forbes: Lazy Vulnerability Reporting & A Bit of Bias

    It may have been almost two decades ago, I joked with colleagues that many Information Security news articles could just be done via Mad Libs. We later joked that breach notifications often appeared to be done via Mad Libs, using the same phrases with different organization names and the number of affected customers. Over the…

  • An 83 Word Excuse Instead of a 1 Character Fix (NCSC.nl)

    The National Cyber Security Center of the Netherlands (NCSC.nl) has a curious take on sharing security information. On October 25, 2021 I contacted them to inform them of a simple typo in one of their advisories. I send mails or Tweets like this several times a week to researchers, vendors, and news outlets as CVE…

  • November 2021 Reviews (many)

    November 2021 Reviews (many)

    Finch (2021) Medium: Movie (Apple) Rating: 2 / 5 Tried too hard to bring a tear to the eye Reference(s): IMDB Listing || Trailer Post-apocalypse, robots, and Tom Hanks, sounds like a great recipe! Unfortunately they tried too hard to make it sweet. The feel-good movie they wanted is technically there, but I think they missed the mark.…