Category: Gripes

  • security@ Is a Two-way Street

    security@ Is a Two-way Street

    More and more companies are embracing the benefits of maintaining a dedicated security team to not only help manage internal processes such as a systems development life cycle (SDLC) that may focus on security, but to also manage vulnerability reports from external parties. Some companies choose to implement bug bounty programs, and some do not.…

  • Netflix: Why People Are Leaving You… (The Unspoken Reason?)

    Netflix: Why People Are Leaving You… (The Unspoken Reason?)

    I can be long-winded in my blogs, I know, and there is a lot to unpack here. I’ll try to keep it brief. Famous last words =) Any Netflix engineers reading, it will be worth your time even if you skim fast. In the last month there has been global news coverage about Netflix losing…

  • 2022 Cross-country Drive (Part 3: Lodging)

    2022 Cross-country Drive (Part 3: Lodging)

    For those who travel a lot, myself included a long while back, talking about lodging is not very interesting. Unless the room is spectacular or perhaps a grim experience, most of us have experienced average hotel rooms. The biggest fail here, in the context of my trip, is not taking pictures of the single worst…

  • CVE ID Created Date != Much of Anything

    CVE ID Created Date != Much of Anything

    Yesterday, SanSec published a blog post discussing the recent Adobe Commerce / Magento Open Source vulnerability that was discovered being exploited in the wild. In the blog, they said: Adobe has been aware of the issue since at least January 27th but decided to issue a patch on Sunday, which is highly unusual. They draw…

  • An 83 Word Excuse Instead of a 1 Character Fix (NCSC.nl)

    The National Cyber Security Center of the Netherlands (NCSC.nl) has a curious take on sharing security information. On October 25, 2021 I contacted them to inform them of a simple typo in one of their advisories. I send mails or Tweets like this several times a week to researchers, vendors, and news outlets as CVE…

  • Redscan’s Curious Comments About Vulnerabilities

    As a connoisseur of vulnerability disclosures and avid vulnerability collector, I am always interested in analysis of the disclosure landscape. That typically comes in the form of reports that analyze a data set (e.g. CVE/NVD) and draw conclusions. This seems straight-forward but it isn’t. I have written about the varied problems with such analysis many…

  • Search Speak for Automaton

    Search Speak for Automaton

    Alternate titles for this blog could be “Doodle Transition for Machina” perhaps! For at least a decade I have thought about just such an application and today I have Google Translate for Android. Load, aim, and it will process the text and translate on screen for you. Given the state of technology you would think…

  • Twitter, Companies, and your Complaints

    The rise of social media has been interesting to say the least. Many on twitter have found it to give them a type of power as they can voice their complaints directly to a company that has wronged them. Everything from bad customer service, bad prices, minor inconvenience, or even perceived slights that likely never…

  • How Many Trees Are You Celebrating @arborday?

    The Arbor Day Foundation is a 501c(3) nonprofit organization founded in 1972 that seeks to “inspire people to plant, nurture, and celebrate trees“. I received a “Colorado Tree Survey” from them today, part of what is a never-ending stream of snail-mail spam that I have written about before. For this envelope, the thing that caught…

  • “The History of CVE” and A Couple of Objections

    I just read “The History of Common Vulnerabilities and Exposures (CVE)” by Ary Widdes from Tripwire and found it to be a great summary of the 20+ years of the program. I say that as an outspoken CVE and MITRE critic even! I do have a couple of objections however, with the conclusion, and then…