-
Redscan’s Curious Comments About Vulnerabilities
As a connoisseur of vulnerability disclosures and avid vulnerability collector, I am always interested in analysis of the disclosure landscape. That typically comes in the form of reports that analyze a data set (e.g. CVE/NVD) and draw conclusions. This seems straight-forward but it isn’t. I have written about the varied problems with such analysis many…
-
Random Movie/TV Thoughts and Reviews (February 2021)
[A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.] Outside the Wire (2021)Medium: Movie (Netflix)Rating: 1 / 5 Keep it outside your watch listReviewer: jerichoReference(s): IMDB Listing || NetflixI wanted to like this movie, I really did. But it just starts out absurd at so many…
-
“Secure” E2E Messaging Apps: More Than Meets the Eye
[This was originally published on RiskBasedSecurity.com.] Secure messaging apps, often touted as having end-to-end (E2E) encryption, have become extremely popular in recent years. This popularity has increased even more in the last two months, likely influenced by increased anxiety over the power wielded by โbig techโ and endorsement by celebrated tech business leaders like Elon…
-
The Value of Backfilling
[This was originally published on RiskBasedSecurity.com.] In every quarterly Vulnerability QuickView Report, we include a chart that shows how many vulnerabilities were disclosed so far that year, along with the most current counts of prior periods to show relative growth and decline. In some cases, like this yearโs Q1, that chart shows a decline compared…
-
Random Movie/TV Thoughts and Reviews (January 2021)
[A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.] Soul (2020)Medium: Movie (Disney)Rating: 5/5 movie and music magicReference(s): IMDB Listing || DisneyDisney knows how to do modern cartoons and this is no exception. The story follows Joe, a school band teacher who seems to have…
-
The Misery (Index) Data
The Misery Index is a game on TBS hosted by Jameela Jamil, starring The Tenderloins, better known as the Impractical Jokers (Joe Gatto, Brian Quinn, James Murray, Sal Vulcano). You can read more about the format and style of the game on its Wikipedia page. They bring humor to the game to augment the humor…
-
A critique of the summary of “Latent Feature Vulnerability Rankings of CVSS Vectors”
Update: Corren McCoy has written a wonderful response to this blog where she goes into more detail about her conclusions as well as citing more portions of the original research that led to her conclusions. As she notes, there are several layers of condensing the original research at play here, which can dilute and distort…
-
Search Speak for Automaton
Alternate titles for this blog could be “Doodle Transition for Machina” perhaps! For at least a decade I have thought about just such an application and today I have Google Translate for Android. Load, aim, and it will process the text and translate on screen for you. Given the state of technology you would think…
-
Commentary on Radware’s Top Web Exploits of 2020
At the close of each year we see at least one article covering the top vulnerabilities / exploits from the prior year. This is usually written on the back of having large detection networks across the Internet that get a comprehensive view of exploitation. It’s a great way to get real intelligence for criminal hacking…
-
Random Movie/TV Thoughts and Reviews (December 2020)
[A summary of my movie and TV reviews from last month, posted to Attrition.org, mixed in with other reviews.] The Queen’s Gambit (2020)Rating: 5/5 check it out mateReference(s): IMDB Listing || NetflixThis miniseries, based on a 1983 book with the same name, is a fictional story about a chess prodigy turned master. It has the…