Category: Gripes
-
Speaking Ill of the Dead?
Folks in the Information Security (InfoSec) circles are getting old. It is evident from the last few years and seeing those we know, in some capacity, passing on. For many of us still here, we find ourselves battling a world of conditions ranging from the relatively simple high blood pressure, to the more complicated like…
-
security@ Is a Two-way Street
More and more companies are embracing the benefits of maintaining a dedicated security team to not only help manage internal processes such as a systems development life cycle (SDLC) that may focus on security, but to also manage vulnerability reports from external parties. Some companies choose to implement bug bounty programs, and some do not.…
-
Netflix: Why People Are Leaving You… (The Unspoken Reason?)
I can be long-winded in my blogs, I know, and there is a lot to unpack here. I’ll try to keep it brief. Famous last words =) Any Netflix engineers reading, it will be worth your time even if you skim fast. In the last month there has been global news coverage about Netflix losing…
-
2022 Cross-country Drive (Part 3: Lodging)
For those who travel a lot, myself included a long while back, talking about lodging is not very interesting. Unless the room is spectacular or perhaps a grim experience, most of us have experienced average hotel rooms. The biggest fail here, in the context of my trip, is not taking pictures of the single worst…
-
CVE ID Created Date != Much of Anything
Yesterday, SanSec published a blog post discussing the recent Adobe Commerce / Magento Open Source vulnerability that was discovered being exploited in the wild. In the blog, they said: Adobe has been aware of the issue since at least January 27th but decided to issue a patch on Sunday, which is highly unusual. They draw…
-
An 83 Word Excuse Instead of a 1 Character Fix (NCSC.nl)
The National Cyber Security Center of the Netherlands (NCSC.nl) has a curious take on sharing security information. On October 25, 2021 I contacted them to inform them of a simple typo in one of their advisories. I send mails or Tweets like this several times a week to researchers, vendors, and news outlets as CVE…
-
Redscan’s Curious Comments About Vulnerabilities
As a connoisseur of vulnerability disclosures and avid vulnerability collector, I am always interested in analysis of the disclosure landscape. That typically comes in the form of reports that analyze a data set (e.g. CVE/NVD) and draw conclusions. This seems straight-forward but it isn’t. I have written about the varied problems with such analysis many…
-
Search Speak for Automaton
Alternate titles for this blog could be “Doodle Transition for Machina” perhaps! For at least a decade I have thought about just such an application and today I have Google Translate for Android. Load, aim, and it will process the text and translate on screen for you. Given the state of technology you would think…
-
Twitter, Companies, and your Complaints
The rise of social media has been interesting to say the least. Many on twitter have found it to give them a type of power as they can voice their complaints directly to a company that has wronged them. Everything from bad customer service, bad prices, minor inconvenience, or even perceived slights that likely never…
-
How Many Trees Are You Celebrating @arborday?
The Arbor Day Foundation is a 501c(3) nonprofit organization founded in 1972 that seeks to “inspire people to plant, nurture, and celebrate trees“. I received a “Colorado Tree Survey” from them today, part of what is a never-ending stream of snail-mail spam that I have written about before. For this envelope, the thing that caught…