Category: Law

  • The Database That Shouldn’t Have Been Continues To Fail The Community

    The Database That Shouldn’t Have Been Continues To Fail The Community

    [This article was originally published on Dark Reading, titled “Hand CVE Over to the Private Sector“. Note that it underwent editing by the staff there. Below is my original version and this copy is titled the way I had proposed.] Created in 1999, the Common Vulnerability Enumeration (CVE), now dubbed Common Vulnerabilities and Exposures, was…

  • Miggo Security’s AI Slop & Potential Trademark Infringement

    Miggo Security’s AI Slop & Potential Trademark Infringement

    On July 14, 2025, a relatively new security company named Miggo Security announced a new offering called VulnDB. Even for my casual readers you may have done a double-take thinking I just made a glaring error. No, not this time, it seems that Miggo made the glaring error. Apparently, rather than do a simple Google…

  • EFF Lock Screen Graphics – FYI and a Minor Touch-up to One

    For those who haven’t seen, the Electronic Frontier Foundation (EFF) has created several lock-screen / wallpaper images related to protecting your rights. I wanted to use the first one on my Galaxy S8 Active, but the image interferes with seeing the clock, date, and notification icons. So I moved the text of the image down…

  • NTIA, Bug Bounty Programs, and Good Intentions

    [This was originally published on the OSVDB blog.] [Note: This blog had been sitting as a 99% completed draft since early September. I lost track of time and forgot to finish it off then. Since this is still a relevant topic, I am publishing now despite it not being quite as timely in the context…

  • A quick, factual reminder on the value and reality of a “EULA”… (aka MADness)

    [This was originally published on the OSVDB blog.] This post is in response to the drama the last few days, where Mary Ann Davidson posted an inflammatory blog about security researchers that send Oracle vulnerabilities while violating their End-user License Agreement (EULA… that thing you click without reading for every piece of software you install).…

  • The Scraping Problem and Ethics

    [This was originally published on the OSVDB blog.] [2014-05-09 Update: We’d like to thank both McAfee and S21sec for promptly reaching out to work with us and to inform us that they are both investigating the incident, and taking steps to ensure that future access and data use complies with our license.] Every day we…

  • The Death and Re-birth of the Full-Disclosure Mail List

    [This was originally published on the OSVDB blog.] After John Cartwright abruptly announced the closure of the Full Disclosure mail list, there was a lot of speculation as to why. I mailed John Cartwright the day after and asked some general questions. In so many words he indicated it was essentially the emotional wear and…

  • Seeing those EULAs in a different context.

    Many years ago I realized that the End User License Agreements (EULA) that we are forced to endure for web sites and software was out of hand. There have been a lot of good points made in the past about them and how they are rarely read. I had written notes about an article but…

  • Seriously RIM? Call it the HackBerry from now on…

    [This was originally posted on the OSVDB blog.] Our sponsor Risk Based Security (RBS) posted an interesting blog this morning about Research In Motion (RIM), creator of the BlackBerry device. The behavior outlined in the blog, and from the original blog by Frank Rieger is shocking to say the least. In addition to the vulnerability…

  • The Lesser of Two Weevs

    Yesterday, Andrew Auernheimer (aka Weev), was sentenced for his 2012-08-16 indictment on one count of “fraud and related activity in connection with computers” (18 U.S.C. § 1030) and one count of “conspiracy to commit offense or to defraud” (18 U.S.C. § 371). This was the result of Auernheimer’s activities in 2010, where he manipulated a…