-
Random Movie/TV Thoughts and Reviews (April 2021)
[A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.] Bad Trip (2021)Medium: Movie (Netflix)Rating: 4.5/5 fingercuffs what?!Reviewer: jerichoReference(s): IMDB Listing || NetflixIf pranks aren’t your thing, move on now. If pranks are your thing, then this is your new jam. Eric André brings his physical…
-
The Rundown: CVE IDs & RESERVED Status
During the process of assigning a CVE ID, there is a time period between the assignment and the disclosure, and again between the disclosure and it becoming available on MITRE’s CVE site or NIST’s National Vulnerability Database (NVD). During this period, the ID will be shown as RESERVED. First, it is important to note that…
-
The Rundown: CVE IDs & REJECT Status
For analysts and practitioners that digest CVE regularly, you will likely be familiar with CVEs that are in REJECT status. If you are new to CVE or not familiar with some of the more gritty details, a CVE assignment may be rejected for various reasons. When that happens, it will receive a capitalized REJECT status:…
-
The Rundown: CVE IDs, Meanings, & Assumptions
For almost two decades, CVE has been considered an industry standard for vulnerability tracking. A CVE ID can be affiliated with many vulnerabilities, in a format like CVE-2014-54321. Note my choice in ID, from 2014 with a consecutive set of numbers. That is because I specifically chose a ‘sample’ CVE that was set aside as…
-
Down The Vulnerability Rabbit Hole
[This was originally published on RiskBasedSecurity.com.] In a recent article, The Importance of a Living Database, we detailed why it is important to revisit entries as new information comes to light. Like the times, vulnerabilities are a-changin’. We’ve been known to revisit a vulnerability record over 1,200 times, which may seem excessive, and some may…
-
SolarWinds: Sitting on Undisclosed Vulnerabilities
[This was originally published on RiskBasedSecurity.com.] SolarWinds was in the news last year, as the victim of an attack that compromised its Orion Platform software by inserting a backdoor into it, allowing for remote code execution. This attack has had an incredible impact on the security industry and recently, interest in the SolarWinds breach has…
-
Saving Bugtraq
In July of 2019, many noticed that the Bugtraq mail list stopped having posts approved, including Art Manion at CERT. Since there are many other outlets for vulnerability disclosure, such as the Full-Disclosure mail list, Packetstorm, Exploit Database, and increasingly on GitHub, it didn’t receive much attention. It wasn’t like the days when the list…
-
Random Movie/TV Thoughts and Reviews (March 2021)
[A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.] Coming 2 America (2021)Medium: Movie (Amazon)Rating: 4/5 Zamunda Ministry of Propaganda approvesReviewer: jerichoReference(s): IMDB Listing || AmazonThirty years later, a sequel that was never supposed to happen according to Arsenio Hall. I’m glad they changed their mind!…
-
Perlroth & The First (Zero-Day) Broker
I am currently reading “This Is How They Tell Me The World Ends” by Nicole Perlroth, only on page 60 in Chapter 5, so a long ways to go before completing the 471 page tome. I hit chapter 4, titled “The First Broker” and it was of specific interest to me for sure, prompting this…
-
Zero-days: Two Questions from Perlroth
I am currently reading “This Is How They Tell Me The World Ends” by Nicole Perlroth, only on page 17 in Chapter 2, so a long ways to go before completing the 471 page tome. While only 17 pages in, there are already some annoyances to be sure, but the tone, scope, and feel of…