Category: InfoSec
-
New libssh Vulnerability – No Logo But Plenty Of Attention
[This was originally published on RiskBasedSecurity.com.] Earlier this week, Andreas Schneider announced the release of a new version of libssh, covering “an important security” that addressed “an authentication bypass vulnerability in the server code”. Pretty quickly we saw several news articles published that covered this issue, as well as third-party blogs that added commentary on the technical side of the vulnerability. Since we were following the […]
-
The Attrition DC26 Badge Challenge Post Mortem
This year, which was my final trip to DEF CON, I made up one last round of Attrition DEF CON badges. In prior years they were typically engraved luggage tags a bit more specific to the year: Since #BadgeLife has become a big thing, especially this year as far as I can tell, I decided […]
-
Case Study: Not A Vulnerability (NAV)
[This was originally published on RiskBasedSecurity.com in the 2018 Vulnerability Mid-year Report.] As stated earlier in this report, “incomplete information, constant updates and revisions, misinterpretation, and errors in reporting can all contribute to a level of confusion regarding the impact, severity and risk a vulnerability represents.” One way that this manifest is in vulnerability reports […]
-
Jericho in Vegas Next Week… (for real)
Hi! Given my occasional good-natured trolling on Twitter, and since many have asked me the last few weeks, I want to set the record straight. I will be in Las Vegas next week, for real. I arrive tomorrow evening and leave the following Sunday. This is the first time at BH/DC in several years for […]
-
DC26 Attrition Badge Round-up
This is the first DEF CON I am attending after a long break. For kicks I decided to make up a run of DC26 Attrition badges like prior years and conferences. Depending on who you ask, the badge is a decoration only, or it gets you into fabulous parties and amazing events. Anyone with a […]
-
DEF CON 26 CFP Basic Statistics and Observations
This is the second blog in a series about DEF CON 26 CFP. The first: A Look Into the DEF CON CFP Review Board (we’re actually really boring people) First, this post is not sanctioned by DEF CON in any way. I am a member of the CFP team who decided to keep some rudimentary […]
-
A Look Into the DEF CON CFP Review Board (we’re actually really boring people)
Written by Highwiz with contributions and editing from Jericho Being on the DEF CON CFP Review Board can be as exciting as {something}; as frustrating as {something}; as thought provoking as {something}; and as enriching as {something}. It’s like mad libs, I hope you’ve filled in this section with something good. Each year, myself and […]
-
The Great (belated) Mozilla Firefox CVE Dump
[This was originally published on RiskBasedSecurity.com.] On June 11th, MITRE published descriptions and references for 318 entries, all relating to Mozilla Firefox. Yes; three hundred and eighteen entries. It may be tempting to think Mozilla was holding back on disclosures or there was a flurry of research activity leading to a slew of new vulnerabilities being discovered. […]
-
Efail: What A Disclosure FAIL That Was!
[This was originally published on RiskBasedSecurity.com.] Yesterday, news broke of a “critical” vulnerability in OpenPGP and S/MIME, named ‘Efail’ that could lead to an attacker gaining access to plaintext emails. News broke in the form of a dire warning from the Electronic Frontier Foundation warning people to “immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.” […]
-
CryptoCurrency, Blockchain, & SCADA
[This was originally published on RiskBasedSecurity.com in the 2018 Q1 Vulnerability QuickView Report.] CryptoCurrency and Blockchain: The Latest Rage Blockchain technology, the foundation of CryptoCurrency such as Bitcoin, Ethereum, and countless others is starting to dominate the news. With the wild ride of Bitcoin prices, where one coin was worth around $19,000 in December, 2017 […]