• Box of Shit: The U.K. @w1bble Variety
    Box of Shit: The U.K. @w1bble Variety

    It’s been a while since I wrote up a ‘Box of Shit‘ but felt it was time after receiving one from Jamie (@w1bble). He sent it from that far away place trying to find an exit or something; U.K. politics are so weird, not like the U.S. They talk funny too. Speaking of weird, this…

  • A Small Ask of @JerseyMikes For the Greater Good
    A Small Ask of @JerseyMikes For the Greater Good

    A proposal for Jersey Mike’s to cut as many as 31 billion calories from consumer diets a year.

  • “The History of CVE” and A Couple of Objections

    I just read “The History of Common Vulnerabilities and Exposures (CVE)” by Ary Widdes from Tripwire and found it to be a great summary of the 20+ years of the program. I say that as an outspoken CVE and MITRE critic even! I do have a couple of objections however, with the conclusion, and then…

  • A String of Charity Auctions…

    Auction #1: Attrition.org 2020 Custom Swag Pack (limited edition)Auction #2: Attrition.org Six Acrylic Coins w/ Pouch (quantity: 15)Auction #3: 270 Unique Stickers (Miscellaneous, InfoSec, Pop Culture, More!) Starting this week, I will post the first of several charity auctions to eBay. I don’t know how many there will be exactly, but these will be bigger…

  • Hunter Ceiling Fans and Hidden Functionality
    Hunter Ceiling Fans and Hidden Functionality

    Nothing exciting, just documenting two things about Hunter ceiling fans, at least one of which is not documented in their manual. My electrician had to call and sit on hold for almost two hours to get the information and be told that no, it wasn’t in the documenation. These apply to the Hunter Dempsey model…

  • Why Anaconda INC Doesn’t Fully Understand CVEs
    Why Anaconda INC Doesn’t Fully Understand CVEs

    It’s worrisome that in 2020 we still have people in influential technical roles that don’t understand CVE. A friend told me earlier this year he was in a meeting where someone said that CVE IDs are assigned in order, so CVE-2020-9500 meant there were 9500 vulns in 2020 so far. Of course that is not…

  • Disclosure Repair Timelines?
    Disclosure Repair Timelines?

    For those in InfoSec, you have probably seen a vulnerability disclosure timeline. Part of that often includes the researcher’s interaction with the vendor including the vulnerability being fixed. After the issue is disclosed, the story typically ends there. Every so often, work needs to be done after that to ‘repair’ part of the disclosure. For…

  • Electronic Voting Machines; That Old Redux…
    Electronic Voting Machines; That Old Redux…

    [This was originally published on RiskBasedSecurity.com in the 2019 End-of-year Vulnerability Report.] Integrity is one of the cornerstones to both the concept and the practice of Information Security. We want to make sure that the integrity of the systems we use remains intact. It doesn’t matter if it is your smart watch, smart IoT device,…

  • Making the Vulnerability Disclosure ‘Nice’ List: Cisco
    Making the Vulnerability Disclosure ‘Nice’ List: Cisco

    This was originally published on the Risk Based Security blog. 10/4/2025: Please note, an important update at the end of this blog. Risk Based Security® has always made it a point to praise organizations that operate in good faith and Cisco’s PSIRT team definitely knocked it out of the park this month. It is vital…

  • Cyber Security Interview Podcast w/ Douglas Brush – The Hacker Mindset
    Cyber Security Interview Podcast w/ Douglas Brush – The Hacker Mindset

    On September 23, 2019, I was a guest on the Cyber Security Interview Podcast hosted by Douglas Brush. The topic was ‘The Hacker Mindset‘. The show summary: In this episode, we discuss starting as a phreak and phone systems, BBS hacking forums, sharing knowledge, calling people out, cybersecurity skill shortages, understanding the adversaries mindset, PCI…