This is a continuing short run series of blogs summarizing old drafts and either declaring them dead, while listing them here, or keeping them as they are still relevant.
Part 1 – The Jericho Blog Graveyard (2010 – 2013)
Part 2 – The Jericho Blog Graveyard (2014 – 2015)
Part 3 – The Jericho Blog Graveyard (2016 – 2020)
Part 4 – The Jericho Blog Graveyard (2001 – 2013)
- 2021 – CVE; You’re Doing it Wrong – Not many notes but I have covered a lot of this since, with even more coming in the future via other drafts.
- Windows 10 Fails – almost all raw notes, but quite a few as well as screenshots. So I disclaimed and published.
And at this point, I run into a problem with my methodology! Like Part 4 of the blog, I run into blog drafts prefaced by year starting at 2017, yet added to this blogging platform in 2021. So again I have to go out of order which pokes tiny daggers into my OCD eyes.
- 2017 – End-of-year Reports Based on CVE Data. I did some minor touch-ups and posted this one with a disclaimer at the top.
- 2014 – car vulns, the latest rage! why do they matter again? – Notes arguing about while, at the time, automotive vulns sounded serious, in reality they simply weren’t exploited. More hype about the vulns, than regular wear-and-tear issues, designs, or bugs.
- 2014 – CVSS Failures – Pointing out how Oracle’s CVSS scores are often flat wrong, and we know that when researchers publish their advisories for contrast.
- 2014 – MS Stats – The beginning of notes pointing out some things that may not have been considered in a Microsoft blog with exploitation statistics
- 2015 – “google projects and lack of standards re: security announcements” – A colleague pointing out how various Google projects aren’t uniform and me proposing how to catalog and blog it.
- 2015 – “Congressional Caucus on the Internet of Things?” Great… – Notes for a rebuttal to several news articles on this, as well as quotes from Congresscritters.
- 2014 – FOIA Todo – the price of a vulnerability summary – Ten years later, I actually did this one!
- 2015 – “FireEye / Terrorism” – I was going to call out some oddities of FireEye’s claims about a “certification” that seemed suspect, and other potential Errata.
- 2015 – Symantec ISTR, or why you should steer clear of their Vulnerability “Intelligence”. The name speaks for itself =) This was going to be yet another vuln report teardown. Symantec’s BID is gone now.
- 2014 – IBM Has Failed Its Customers – extensive notes about problems with their advisories. I posted this as-is.
- 2015 – Mozilla and Trasnparency. This too still had good info to document publicly, so it got published as-is.
- 2018 – “Gordon Ramsay – Great Chef, Horrible Entertainer”, I still firmly believe this just less so. He has changed enough in more shows to be more even-tempered and focus on the show’s real purpose. With the exception of Hell’s Kitchen of course. If you want to see Ramsay at his best, watch Kitchen Nightmares (UK version, not US), Season 10 of Masterchef AU where he is a guest for 3 or 4 episodes, and Ramsay Goes to Prison. A short series that is powerful and him at his best.
- 2016 – Predictions – I captured links to 30 articles / companies making predictions in the InfoSec area. I had wanted to wait a year to see who was right and wrong. I want to do this every year but they are time-consuming.
- 2016 – “i want all of your data for my ‘thesis’” – Describing examples and frequently of how often an academic wanted all of my/our hard-earned data, for free, for their thesis. The pattern of academics not understanding the value of data.
- 2014 – “new generation of bounty seekers are what’s wrong with vuln disclosure” – Several examples of why many new “vulnerability researchers” don’t understand how the ecosystem works, especially around disclosure.
- 2016 – “the library problem” Using an example where seven pieces of software introduced 1,418 vulnerabilities in an appliance, and that doesn’t speak to third-party libraries and how they easily go overlooked.
Leave a Reply